Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Invisible Spyware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Invisible Spyware

Unread postby faosto » August 5th, 2018, 5:36 am

My problem starts with heavy lags during gaming, so i formatted my windows partition and reinstalled fresh one, but the heavy lags persisted and new problem appeared i cant connect to the internet, i still can through safe mode, then half an hour later the internet through safe mode shut down as well, reformatted again with new windows intallation, i could access the internet for about 10 min then it shut down again, reformatted again, to find a new problem a sound lag whilst playing videos or games, also something else happened whenever i tried to disable then enable my network connection adapter my computer freezes, reformatted for the last time but i didnt try to setup my network driver software, so i noticed the gaming lags still there, but the sound lag gone, then i tried to setup my network driver and my computer froze indefinitely during the setup, when i restarted my computer it was stuck on windows loading screen and wont go any further, same thing for safe mode, no matter what how many times i restarted it is just stuck on loading screen, then i had to a system restore in order to access windows, only to find the sound lags are back, i have kaspersky total security, tried scanning with malwarebytes, avast, rogue killer, adwcleaner, superantispyware but nothing showed up, i can access internet through my cell phone, nothing is wrong with my connection

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by HisJudgmntComthSoon (administrator) on HISJUDGMENTCOMT (05-08-2018 11:07:42)
Running from C:\Users\HisJudgmntComthSoon\Desktop
Loaded Profiles: HisJudgmntComthSoon (Available Profiles: HisJudgmntComthSoon & fh)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1988405664-605711334-484934328-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1988405664-605711334-484934328-1002 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-08-03]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi

Chrome:
=======
CHR Profile: C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default [2018-08-04]
CHR Extension: (Docs) - C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-04]
CHR Extension: (Google Drive) - C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-04]
CHR Extension: (YouTube) - C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-04]
CHR Extension: (Gmail) - C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-04]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/deta ... ddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/deta ... ddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe [416560 2018-08-03] (AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [72904 2017-12-27] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [122056 2018-02-02] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [84672 2017-12-27] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [219336 2018-08-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [356040 2018-08-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1127104 2018-08-03] (AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [56520 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [58056 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81632 2017-11-07] (AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [177344 2018-02-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-08-05] ()
U1 aswbdisk; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-05 11:07 - 2018-08-05 11:08 - 000008174 _____ C:\Users\HisJudgmntComthSoon\Desktop\FRST.txt
2018-08-05 11:07 - 2018-08-05 11:07 - 000000000 ____D C:\FRST
2018-08-05 11:06 - 2018-08-05 11:02 - 002412544 ____N (Farbar) C:\Users\HisJudgmntComthSoon\Desktop\FRST64.exe
2018-08-05 10:55 - 2018-08-05 10:55 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-08-05 10:48 - 2018-08-05 10:48 - 000000000 ____D C:\Users\fh\AppData\Local\CEF
2018-08-05 10:46 - 2018-08-05 11:04 - 000000000 ____D C:\Users\fh\AppData\Local\AVAST Software
2018-08-05 10:46 - 2018-08-05 10:46 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-08-05 10:45 - 2018-08-05 10:45 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-08-05 10:45 - 2018-08-05 10:45 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-08-05 10:45 - 2018-08-05 10:45 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-08-05 10:37 - 2018-08-05 11:04 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-05 10:37 - 2018-08-05 10:37 - 000057560 _____ C:\Users\fh\AppData\Local\GDIPFONTCACHEV1.DAT
2018-08-05 10:25 - 2018-08-05 10:25 - 000000244 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2018-08-05 10:25 - 2018-08-05 10:25 - 000000000 ____D C:\AdwCleaner
2018-08-05 10:09 - 2018-08-05 10:25 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-05 10:09 - 2018-08-05 10:09 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-08-05 09:54 - 2018-08-05 10:00 - 000005171 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-08-05 09:54 - 2018-08-05 09:56 - 000003786 _____ C:\Windows\ZAM.krnl.trace
2018-08-05 09:54 - 2018-08-05 09:54 - 000000000 ____D C:\Users\fh\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-08-05 09:53 - 2018-08-05 10:00 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2018-08-05 09:51 - 2018-08-05 09:51 - 000001443 _____ C:\Users\fh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-08-05 09:51 - 2018-08-05 09:51 - 000001409 _____ C:\Users\fh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-08-05 09:50 - 2018-08-05 09:50 - 000000000 ____D C:\Users\fh\AppData\Local\VirtualStore
2018-08-05 09:30 - 2018-08-05 09:30 - 000000000 ____D C:\Users\fh\AppData\Roaming\WinRAR
2018-08-05 09:30 - 2018-08-05 09:30 - 000000000 ____D C:\Users\fh\AppData\Local\Zemana
2018-08-05 09:29 - 2018-08-05 09:51 - 000000000 ____D C:\Users\fh
2018-08-05 09:29 - 2018-08-05 09:29 - 000000020 ___SH C:\Users\fh\ntuser.ini
2018-08-05 09:29 - 2011-04-12 11:28 - 000000000 ____D C:\Users\fh\AppData\Roaming\Media Center Programs
2018-08-05 09:11 - 2018-08-05 10:37 - 000644248 _____ C:\Windows\ntbtlog.txt
2018-08-05 09:09 - 2018-08-05 09:09 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2018-08-04 13:40 - 2018-08-04 13:40 - 000002449 _____ C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-04 13:39 - 2018-08-04 13:39 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Local\Google
2018-08-04 00:22 - 2018-08-04 00:22 - 000057560 _____ C:\Users\HisJudgmntComthSoon\AppData\Local\GDIPFONTCACHEV1.DAT
2018-08-04 00:18 - 2018-08-03 13:33 - 000000000 ____D C:\Windows\Panther
2018-08-04 00:17 - 2018-08-03 22:37 - 000000213 ____H C:\Boot.BAK
2018-08-04 00:11 - 2018-08-04 00:11 - 000000000 ____D C:\Windows.old
2018-08-03 23:25 - 2018-08-03 23:25 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2018-08-03 23:25 - 2018-08-03 23:25 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2018-08-03 23:09 - 2018-08-04 00:17 - 000008192 __RSH C:\BOOTSECT.BAK
2018-08-03 23:09 - 2010-11-21 06:23 - 000383786 __RSH C:\bootmgr
2018-08-03 22:59 - 2018-08-03 23:03 - 000000000 ____D C:\win
2018-08-03 22:49 - 2018-08-03 22:49 - 000000000 __RSH C:\MSDOS.SYS
2018-08-03 22:49 - 2018-08-03 22:49 - 000000000 __RSH C:\IO.SYS
2018-08-03 22:49 - 2018-08-03 22:49 - 000000000 _____ C:\CONFIG.SYS
2018-08-03 22:49 - 2018-08-03 22:49 - 000000000 _____ C:\AUTOEXEC.BAT
2018-08-03 22:30 - 2018-08-03 22:30 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Roaming\MPC-HC
2018-08-03 22:26 - 2018-08-03 22:26 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-08-03 22:26 - 2018-08-03 22:26 - 000000000 ____D C:\Program Files\Realtek
2018-08-03 22:26 - 2012-06-19 11:54 - 004065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-08-03 22:26 - 2012-06-19 08:31 - 000293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-08-03 22:26 - 2012-06-08 11:23 - 000083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2018-08-03 22:26 - 2012-06-08 11:18 - 003615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2018-08-03 22:26 - 2012-06-06 05:44 - 000869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-08-03 22:26 - 2012-06-01 04:37 - 002674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-08-03 22:26 - 2012-05-31 13:08 - 000105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-08-03 22:26 - 2012-05-10 10:22 - 001262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-08-03 22:26 - 2012-02-21 14:45 - 002605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2018-08-03 22:26 - 2011-12-20 10:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-08-03 22:26 - 2011-12-16 09:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2018-08-03 22:26 - 2011-12-13 11:58 - 001560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-08-03 22:26 - 2011-11-22 11:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-08-03 22:26 - 2010-11-03 13:30 - 000149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-08-03 22:26 - 2009-11-24 04:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-08-03 22:26 - 2009-11-24 04:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-08-03 22:26 - 2009-11-24 04:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-08-03 22:26 - 2009-11-24 04:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-08-03 22:26 - 2009-11-18 02:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2018-08-03 22:25 - 2018-08-03 22:26 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-08-03 22:25 - 2018-08-03 22:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-03 22:25 - 2018-08-03 22:25 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-08-03 22:25 - 2012-06-08 11:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2018-08-03 22:25 - 2012-06-08 11:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2018-08-03 22:25 - 2012-05-25 13:06 - 001706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-08-03 22:25 - 2012-04-10 09:40 - 002533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2018-08-03 22:25 - 2012-04-03 13:42 - 001015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2018-08-03 22:25 - 2012-03-08 06:47 - 000202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2018-08-03 22:25 - 2012-03-08 06:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2018-08-03 22:25 - 2011-12-18 12:58 - 002131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2018-08-03 22:25 - 2010-09-27 04:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2018-08-03 19:35 - 2018-08-03 19:35 - 000003116 _____ C:\Windows\System32\Tasks\klcp_update
2018-08-03 19:34 - 2018-08-03 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-08-03 19:34 - 2018-01-28 12:00 - 000794112 _____ C:\Windows\system32\xvidcore.dll
2018-08-03 19:34 - 2018-01-28 12:00 - 000694784 _____ C:\Windows\SysWOW64\xvidcore.dll
2018-08-03 19:34 - 2018-01-28 12:00 - 000311296 _____ C:\Windows\system32\xvidvfw.dll
2018-08-03 19:34 - 2018-01-28 12:00 - 000284672 _____ C:\Windows\SysWOW64\xvidvfw.dll
2018-08-03 19:34 - 2017-07-30 13:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2018-08-03 19:34 - 2017-07-30 13:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2018-08-03 19:34 - 2015-10-24 19:00 - 000126976 _____ C:\Windows\system32\ff_vfw.dll
2018-08-03 19:34 - 2015-10-24 19:00 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2018-08-03 19:34 - 2012-07-21 13:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2018-08-03 19:34 - 2012-07-21 13:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2018-08-03 19:34 - 2011-12-07 20:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2018-08-03 19:34 - 2011-12-07 20:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2018-08-03 19:33 - 2018-08-03 19:34 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-08-03 19:14 - 2018-08-03 19:14 - 000000000 ____D C:\Users\HisJudgmntComthSoon\Documents\Rockstar Games
2018-08-03 19:11 - 2018-08-03 19:11 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Local\Rockstar Games
2018-08-03 19:10 - 2018-08-03 19:11 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Roaming\WinRAR
2018-08-03 19:10 - 2018-08-03 19:10 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-08-03 19:10 - 2018-08-03 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-08-03 19:06 - 2018-08-03 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-03 19:04 - 2018-08-03 19:04 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-08-03 19:04 - 2018-08-03 19:04 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-08-03 19:04 - 2015-03-13 22:41 - 000073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-08-03 19:04 - 2015-03-13 22:41 - 000060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 006861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 003526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 002559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 000935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2018-08-03 19:04 - 2015-03-13 19:16 - 000386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 000062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-08-03 19:04 - 2015-03-11 16:10 - 004246327 _____ C:\Windows\system32\nvcoproc.bin
2018-08-03 19:03 - 2015-03-13 22:41 - 032114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 025460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 024775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 020466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 018580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 017258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 016022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 014121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 013297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 013210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 010775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 010715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 010262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-08-03 19:03 - 2015-03-13 22:41 - 003611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 003303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 003249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 002906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 001896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 001557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000027441 _____ C:\Windows\system32\nvinfo.pb
2018-08-03 19:02 - 2018-08-03 19:04 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-08-03 19:01 - 2018-08-03 19:01 - 000000000 ____D C:\NVIDIA
2018-08-03 16:58 - 2018-08-03 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2018-08-03 16:58 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-08-03 16:58 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-08-03 16:58 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2018-08-03 16:57 - 2018-08-03 16:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2018-08-03 16:57 - 2018-08-03 16:57 - 000000000 ____D C:\Windows\SysWOW64\xlive
2018-08-03 16:56 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-08-03 16:55 - 2018-08-03 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV - Episodes From Liberty City
2018-08-03 15:28 - 2018-08-04 00:17 - 000000357 __RSH C:\Boot.ini.saved
2018-08-03 14:00 - 2018-08-03 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-08-03 13:59 - 2018-08-03 13:59 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-08-03 13:59 - 2018-08-03 13:59 - 000000000 ____D C:\Program Files\Common Files\AV
2018-08-03 13:58 - 2018-08-03 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2018-08-03 13:58 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2018-08-03 13:57 - 2018-08-05 11:07 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-08-03 13:57 - 2018-08-03 13:59 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-08-03 13:57 - 2018-08-03 13:57 - 001127104 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-08-03 13:57 - 2018-08-03 13:57 - 000356040 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-08-03 13:57 - 2018-08-03 13:57 - 000219336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-08-03 13:57 - 2018-08-03 13:57 - 000151848 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2018-08-03 13:56 - 2018-08-03 13:56 - 000771962 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-08-03 13:45 - 2018-08-04 19:59 - 000000000 ____D C:\Users\HisJudgmntComthSoon
2018-08-03 13:45 - 2018-08-03 13:45 - 000001443 _____ C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-08-03 13:45 - 2018-08-03 13:45 - 000001409 _____ C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-08-03 13:45 - 2018-08-03 13:45 - 000000020 ___SH C:\Users\HisJudgmntComthSoon\ntuser.ini
2018-08-03 13:45 - 2018-08-03 13:45 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Local\VirtualStore
2018-08-03 13:45 - 2011-04-12 11:28 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Roaming\Media Center Programs
2018-08-03 13:36 - 2018-08-03 13:36 - 000423576 __RSH C:\YPGEI
2018-08-03 13:34 - 2018-08-03 19:10 - 000000000 ____D C:\Program Files (x86)\WinRAR

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-05 11:05 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-05 10:49 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-05 10:49 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-05 06:58 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\registration
2018-08-04 20:02 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2018-08-04 00:17 - 2009-07-14 08:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-08-03 23:32 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
2018-08-03 23:28 - 2009-07-14 07:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-03 23:22 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\sysprep
2018-08-03 23:19 - 2011-04-12 11:28 - 000000000 ____D C:\Windows\CSC
2018-08-03 19:09 - 2009-07-14 08:13 - 000778150 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-03 19:04 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\Help
2018-08-03 16:58 - 2009-07-14 08:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

Some files in TEMP:
====================
2018-08-05 10:09 - 2010-11-21 06:23 - 001731936 _____ (Microsoft Corporation) C:\Users\fh\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-03 17:25

==================== End of FRST.txt ===

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by HisJudgmntComthSoon (05-08-2018 11:09:07)
Running from C:\Users\HisJudgmntComthSoon\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-08-03 10:33:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1988405664-605711334-484934328-500 - Administrator - Disabled)
fh (S-1-5-21-1988405664-605711334-484934328-1004 - Administrator - Enabled) => C:\Users\fh
Guest (S-1-5-21-1988405664-605711334-484934328-501 - Limited - Disabled)
HisJudgmntComthSoon (S-1-5-21-1988405664-605711334-484934328-1002 - Administrator - Enabled) => C:\Users\HisJudgmntComthSoon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Out of date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Total Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Google Chrome (HKU\S-1-5-21-1988405664-605711334-484934328-1002\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Grand Theft Auto IV - Episodes From Liberty City (HKLM-x32\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version: - )
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038701}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1988405664-605711334-484934328-1002_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\Application\67.0.3396.99\notification_helper.exe (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-08-03] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-08-03] (AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-08-03] (AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-03-13] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-08-03] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {048EC128-C496-4E38-804B-8B4AD9AB7BF1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-08-05] (AVAST Software)
Task: {771C8994-896B-4710-B805-8DD2B46D93A5} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {FDD49399-CAB3-4F09-BA60-5272AAB3C02C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-08-03] (AO Kaspersky Lab)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => I:\adwcleaner_7.2.2.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-08-03 19:04 - 2015-03-13 19:16 - 000118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-08-03 13:57 - 2018-08-03 13:57 - 000863600 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1988405664-605711334-484934328-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{699312FC-E7C3-4DFB-8543-87B140FB9F93}] => (Allow) I:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{FAF720E8-FA5C-4CF9-A897-8E7BBFEBFD18}] => (Allow) I:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{9E56E06E-4D86-4BF2-9F58-418EF5EA57B0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{5EEDF867-355D-4C53-8534-C521DDBA39DB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

03-08-2018 19:09:12 Installed Grand Theft Auto: Episodes from Liberty City
04-08-2018 13:41:22 Installed Realtek Ethernet Controller Driver

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2018 11:06:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2018 10:43:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2018 10:39:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2018 10:28:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2018 10:09:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2018 10:02:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2018 09:54:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/05/2018 09:54:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2018 10:37:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2018 10:37:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================

Date: 2018-08-04 20:44:55.042
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-08-04 20:44:55.040
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-08-04 20:44:55.036
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 17:26:27.341
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 17:26:27.338
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-08-03 17:26:27.333
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 24%
Total physical RAM: 4094.49 MB
Available physical RAM: 3072.4 MB
Total Virtual: 8187.18 MB
Available Virtual: 6962.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:49.71 GB) (Free:25.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:49.71 GB) (Free:0.11 GB) NTFS
Drive e: () (Fixed) (Total:147.36 GB) (Free:1.62 GB) NTFS
Drive f: () (Fixed) (Total:147.36 GB) (Free:0.72 GB) NTFS
Drive g: () (Fixed) (Total:147.36 GB) (Free:0.79 GB) NTFS
Drive h: () (Fixed) (Total:147.36 GB) (Free:7.47 GB) NTFS
Drive i: () (Fixed) (Total:242.64 GB) (Free:178.88 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30233022)
Partition 1: (Active) - (Size=49.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=881.8 GB) - (Type=0F Extended)

==================== End of Addition.
faosto
Active Member
 
Posts: 1
Joined: August 5th, 2018, 4:53 am
Advertisement
Register to Remove

Re: Invisible Spyware

Unread postby pgmigg » August 7th, 2018, 12:25 pm

Hello faosto,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4238
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Invisible Spyware

Unread postby pgmigg » August 7th, 2018, 11:13 pm

Hello faosto,

As far as I can tell, after all the endless permutations of the system, your computer is clean and there's not a hidden or obvious infection.

But the problem exists and it seems to me, the reason is quite different, namely in the markup and partitioning of your hard drive plus drivers re-installation problems.
Apparently, your computer is not very new. But on it there is one large hard disk, the size of which as a whole is 1 TB.

Many, many years ago it was a fashionable concept to break such disks into two parts, making one small partition (Active and Primary) for operating system and installed programs, and the other bigger one (Not Active and Secondary) for logical working disks - exactly as you have now. Look at the picture:
==================== Drives ================================

Drive c: () (Fixed) (Total:49.71 GB) (Free:25.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:49.71 GB) (Free:0.11 GB) NTFS
Drive e: () (Fixed) (Total:147.36 GB) (Free:1.62 GB) NTFS
Drive f: () (Fixed) (Total:147.36 GB) (Free:0.72 GB) NTFS
Drive g: () (Fixed) (Total:147.36 GB) (Free:0.79 GB) NTFS
Drive h: () (Fixed) (Total:147.36 GB) (Free:7.47 GB) NTFS
Drive i: () (Fixed) (Total:242.64 GB) (Free:178.88 GB) NTFS

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30233022)
Partition 1: (Active) - (Size=49.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=881.8 GB) - (Type=0F Extended)
It must be added that there is a high probability that your computer has some version of the RAID (which is data backup system for files that are written to the hard drive), and all parts of your hard disk are doubled or even quadrupled for parallel recording in many places, which should greatly improve the survivability of data written to disk. Probably, in terms of formatting, drives C and D are clones as well as E, F, G and H. The rest of the disk (logical drive I) is alone and unique for some reason. A RAID system can be quite complex and may automatically synchronize files on disk clones.

It seems to me that when you formatted the C drive to rearrange the system, all the remaining disks remained untouched. Please pay attention that practically all the clone disks are filled to the eyeballs and there is very little free space on them - for the normal functioning at least 15% of the space should be free. Especially it concerns the system drive C.

Judging by your description of the situation, there are problems with reinstalling the drivers - in particular, with a network driver. All together requires the attention of specialists in technical issues related to the re-installation of the system in such a complex environment as yours. In this situation, I could suggest you to backup of what you need to save and format this whole disk, removing all the partitions in advance, but I highly recommend you to get technical help for your not related to malware problem outside of our forum. In such case I would like to refer you to a technical support forum like: Tech Support Guy.

Thank you,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4238
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Invisible Spyware

Unread postby pgmigg » August 11th, 2018, 12:41 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4238
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 80 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware