Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by HisJudgmntComthSoon (administrator) on HISJUDGMENTCOMT (05-08-2018 11:07:42)
Running from C:\Users\HisJudgmntComthSoon\Desktop
Loaded Profiles: HisJudgmntComthSoon (Available Profiles: HisJudgmntComthSoon & fh)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1988405664-605711334-484934328-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1988405664-605711334-484934328-1002 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-08-03] (AO Kaspersky Lab)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-08-03]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
Chrome:
=======
CHR Profile: C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default [2018-08-04]
CHR Extension: (Docs) - C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-04]
CHR Extension: (Google Drive) - C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-04]
CHR Extension: (YouTube) - C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-04]
CHR Extension: (Gmail) - C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-04]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/deta ... ddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/deta ... ddadjhcadd
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe [416560 2018-08-03] (AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [72904 2017-12-27] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [122056 2018-02-02] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [84672 2017-12-27] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [219336 2018-08-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [356040 2018-08-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1127104 2018-08-03] (AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [56520 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [58056 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81632 2017-11-07] (AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [177344 2018-02-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-08-05] ()
U1 aswbdisk; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-05 11:07 - 2018-08-05 11:08 - 000008174 _____ C:\Users\HisJudgmntComthSoon\Desktop\FRST.txt
2018-08-05 11:07 - 2018-08-05 11:07 - 000000000 ____D C:\FRST
2018-08-05 11:06 - 2018-08-05 11:02 - 002412544 ____N (Farbar) C:\Users\HisJudgmntComthSoon\Desktop\FRST64.exe
2018-08-05 10:55 - 2018-08-05 10:55 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-08-05 10:48 - 2018-08-05 10:48 - 000000000 ____D C:\Users\fh\AppData\Local\CEF
2018-08-05 10:46 - 2018-08-05 11:04 - 000000000 ____D C:\Users\fh\AppData\Local\AVAST Software
2018-08-05 10:46 - 2018-08-05 10:46 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-08-05 10:45 - 2018-08-05 10:45 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-08-05 10:45 - 2018-08-05 10:45 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-08-05 10:45 - 2018-08-05 10:45 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-08-05 10:37 - 2018-08-05 11:04 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-05 10:37 - 2018-08-05 10:37 - 000057560 _____ C:\Users\fh\AppData\Local\GDIPFONTCACHEV1.DAT
2018-08-05 10:25 - 2018-08-05 10:25 - 000000244 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2018-08-05 10:25 - 2018-08-05 10:25 - 000000000 ____D C:\AdwCleaner
2018-08-05 10:09 - 2018-08-05 10:25 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-05 10:09 - 2018-08-05 10:09 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-08-05 09:54 - 2018-08-05 10:00 - 000005171 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-08-05 09:54 - 2018-08-05 09:56 - 000003786 _____ C:\Windows\ZAM.krnl.trace
2018-08-05 09:54 - 2018-08-05 09:54 - 000000000 ____D C:\Users\fh\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-08-05 09:53 - 2018-08-05 10:00 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2018-08-05 09:51 - 2018-08-05 09:51 - 000001443 _____ C:\Users\fh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-08-05 09:51 - 2018-08-05 09:51 - 000001409 _____ C:\Users\fh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-08-05 09:50 - 2018-08-05 09:50 - 000000000 ____D C:\Users\fh\AppData\Local\VirtualStore
2018-08-05 09:30 - 2018-08-05 09:30 - 000000000 ____D C:\Users\fh\AppData\Roaming\WinRAR
2018-08-05 09:30 - 2018-08-05 09:30 - 000000000 ____D C:\Users\fh\AppData\Local\Zemana
2018-08-05 09:29 - 2018-08-05 09:51 - 000000000 ____D C:\Users\fh
2018-08-05 09:29 - 2018-08-05 09:29 - 000000020 ___SH C:\Users\fh\ntuser.ini
2018-08-05 09:29 - 2011-04-12 11:28 - 000000000 ____D C:\Users\fh\AppData\Roaming\Media Center Programs
2018-08-05 09:11 - 2018-08-05 10:37 - 000644248 _____ C:\Windows\ntbtlog.txt
2018-08-05 09:09 - 2018-08-05 09:09 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2018-08-04 13:40 - 2018-08-04 13:40 - 000002449 _____ C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-04 13:39 - 2018-08-04 13:39 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Local\Google
2018-08-04 00:22 - 2018-08-04 00:22 - 000057560 _____ C:\Users\HisJudgmntComthSoon\AppData\Local\GDIPFONTCACHEV1.DAT
2018-08-04 00:18 - 2018-08-03 13:33 - 000000000 ____D C:\Windows\Panther
2018-08-04 00:17 - 2018-08-03 22:37 - 000000213 ____H C:\Boot.BAK
2018-08-04 00:11 - 2018-08-04 00:11 - 000000000 ____D C:\Windows.old
2018-08-03 23:25 - 2018-08-03 23:25 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2018-08-03 23:25 - 2018-08-03 23:25 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2018-08-03 23:09 - 2018-08-04 00:17 - 000008192 __RSH C:\BOOTSECT.BAK
2018-08-03 23:09 - 2010-11-21 06:23 - 000383786 __RSH C:\bootmgr
2018-08-03 22:59 - 2018-08-03 23:03 - 000000000 ____D C:\win
2018-08-03 22:49 - 2018-08-03 22:49 - 000000000 __RSH C:\MSDOS.SYS
2018-08-03 22:49 - 2018-08-03 22:49 - 000000000 __RSH C:\IO.SYS
2018-08-03 22:49 - 2018-08-03 22:49 - 000000000 _____ C:\CONFIG.SYS
2018-08-03 22:49 - 2018-08-03 22:49 - 000000000 _____ C:\AUTOEXEC.BAT
2018-08-03 22:30 - 2018-08-03 22:30 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Roaming\MPC-HC
2018-08-03 22:26 - 2018-08-03 22:26 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-08-03 22:26 - 2018-08-03 22:26 - 000000000 ____D C:\Program Files\Realtek
2018-08-03 22:26 - 2012-06-19 11:54 - 004065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-08-03 22:26 - 2012-06-19 08:31 - 000293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-08-03 22:26 - 2012-06-08 11:23 - 000083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2018-08-03 22:26 - 2012-06-08 11:18 - 003615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2018-08-03 22:26 - 2012-06-06 05:44 - 000869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-08-03 22:26 - 2012-06-01 04:37 - 002674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-08-03 22:26 - 2012-05-31 13:08 - 000105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-08-03 22:26 - 2012-05-10 10:22 - 001262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-08-03 22:26 - 2012-02-21 14:45 - 002605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2018-08-03 22:26 - 2011-12-20 10:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-08-03 22:26 - 2011-12-16 09:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2018-08-03 22:26 - 2011-12-13 11:58 - 001560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-08-03 22:26 - 2011-11-22 11:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-08-03 22:26 - 2010-11-08 02:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-08-03 22:26 - 2010-11-03 13:30 - 000149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-08-03 22:26 - 2009-11-24 04:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-08-03 22:26 - 2009-11-24 04:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-08-03 22:26 - 2009-11-24 04:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-08-03 22:26 - 2009-11-24 04:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-08-03 22:26 - 2009-11-18 02:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2018-08-03 22:25 - 2018-08-03 22:26 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-08-03 22:25 - 2018-08-03 22:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-03 22:25 - 2018-08-03 22:25 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-08-03 22:25 - 2012-06-08 11:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2018-08-03 22:25 - 2012-06-08 11:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2018-08-03 22:25 - 2012-05-25 13:06 - 001706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-08-03 22:25 - 2012-04-10 09:40 - 002533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2018-08-03 22:25 - 2012-04-03 13:42 - 001015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2018-08-03 22:25 - 2012-03-08 06:47 - 000202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2018-08-03 22:25 - 2012-03-08 06:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2018-08-03 22:25 - 2011-12-18 12:58 - 002131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2018-08-03 22:25 - 2010-09-27 04:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2018-08-03 19:35 - 2018-08-03 19:35 - 000003116 _____ C:\Windows\System32\Tasks\klcp_update
2018-08-03 19:34 - 2018-08-03 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-08-03 19:34 - 2018-01-28 12:00 - 000794112 _____ C:\Windows\system32\xvidcore.dll
2018-08-03 19:34 - 2018-01-28 12:00 - 000694784 _____ C:\Windows\SysWOW64\xvidcore.dll
2018-08-03 19:34 - 2018-01-28 12:00 - 000311296 _____ C:\Windows\system32\xvidvfw.dll
2018-08-03 19:34 - 2018-01-28 12:00 - 000284672 _____ C:\Windows\SysWOW64\xvidvfw.dll
2018-08-03 19:34 - 2017-07-30 13:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2018-08-03 19:34 - 2017-07-30 13:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2018-08-03 19:34 - 2015-10-24 19:00 - 000126976 _____ C:\Windows\system32\ff_vfw.dll
2018-08-03 19:34 - 2015-10-24 19:00 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2018-08-03 19:34 - 2012-07-21 13:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2018-08-03 19:34 - 2012-07-21 13:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2018-08-03 19:34 - 2011-12-07 20:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2018-08-03 19:34 - 2011-12-07 20:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2018-08-03 19:33 - 2018-08-03 19:34 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-08-03 19:14 - 2018-08-03 19:14 - 000000000 ____D C:\Users\HisJudgmntComthSoon\Documents\Rockstar Games
2018-08-03 19:11 - 2018-08-03 19:11 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Local\Rockstar Games
2018-08-03 19:10 - 2018-08-03 19:11 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Roaming\WinRAR
2018-08-03 19:10 - 2018-08-03 19:10 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-08-03 19:10 - 2018-08-03 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-08-03 19:06 - 2018-08-03 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-03 19:04 - 2018-08-03 19:04 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-08-03 19:04 - 2018-08-03 19:04 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-08-03 19:04 - 2015-03-13 22:41 - 000073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-08-03 19:04 - 2015-03-13 22:41 - 000060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 006861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 003526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 002559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 000935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2018-08-03 19:04 - 2015-03-13 19:16 - 000386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-08-03 19:04 - 2015-03-13 19:16 - 000062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-08-03 19:04 - 2015-03-11 16:10 - 004246327 _____ C:\Windows\system32\nvcoproc.bin
2018-08-03 19:03 - 2015-03-13 22:41 - 032114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 025460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 024775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 020466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 018580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 017258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 016022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 014121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 013297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 013210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 010775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 010715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 010262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-08-03 19:03 - 2015-03-13 22:41 - 003611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 003303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 003249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 002906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 001896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 001557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-08-03 19:03 - 2015-03-13 22:41 - 000027441 _____ C:\Windows\system32\nvinfo.pb
2018-08-03 19:02 - 2018-08-03 19:04 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-08-03 19:01 - 2018-08-03 19:01 - 000000000 ____D C:\NVIDIA
2018-08-03 16:58 - 2018-08-03 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2018-08-03 16:58 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-08-03 16:58 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-08-03 16:58 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2018-08-03 16:57 - 2018-08-03 16:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2018-08-03 16:57 - 2018-08-03 16:57 - 000000000 ____D C:\Windows\SysWOW64\xlive
2018-08-03 16:56 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-08-03 16:55 - 2018-08-03 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV - Episodes From Liberty City
2018-08-03 15:28 - 2018-08-04 00:17 - 000000357 __RSH C:\Boot.ini.saved
2018-08-03 14:00 - 2018-08-03 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-08-03 13:59 - 2018-08-03 13:59 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-08-03 13:59 - 2018-08-03 13:59 - 000000000 ____D C:\Program Files\Common Files\AV
2018-08-03 13:58 - 2018-08-03 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2018-08-03 13:58 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2018-08-03 13:57 - 2018-08-05 11:07 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-08-03 13:57 - 2018-08-03 13:59 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-08-03 13:57 - 2018-08-03 13:57 - 001127104 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-08-03 13:57 - 2018-08-03 13:57 - 000356040 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-08-03 13:57 - 2018-08-03 13:57 - 000219336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-08-03 13:57 - 2018-08-03 13:57 - 000151848 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2018-08-03 13:56 - 2018-08-03 13:56 - 000771962 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-08-03 13:45 - 2018-08-04 19:59 - 000000000 ____D C:\Users\HisJudgmntComthSoon
2018-08-03 13:45 - 2018-08-03 13:45 - 000001443 _____ C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-08-03 13:45 - 2018-08-03 13:45 - 000001409 _____ C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-08-03 13:45 - 2018-08-03 13:45 - 000000020 ___SH C:\Users\HisJudgmntComthSoon\ntuser.ini
2018-08-03 13:45 - 2018-08-03 13:45 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Local\VirtualStore
2018-08-03 13:45 - 2011-04-12 11:28 - 000000000 ____D C:\Users\HisJudgmntComthSoon\AppData\Roaming\Media Center Programs
2018-08-03 13:36 - 2018-08-03 13:36 - 000423576 __RSH C:\YPGEI
2018-08-03 13:34 - 2018-08-03 19:10 - 000000000 ____D C:\Program Files (x86)\WinRAR
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-05 11:05 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-05 10:49 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-05 10:49 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-05 06:58 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\registration
2018-08-04 20:02 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2018-08-04 00:17 - 2009-07-14 08:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-08-03 23:32 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
2018-08-03 23:28 - 2009-07-14 07:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-03 23:22 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\sysprep
2018-08-03 23:19 - 2011-04-12 11:28 - 000000000 ____D C:\Windows\CSC
2018-08-03 19:09 - 2009-07-14 08:13 - 000778150 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-03 19:04 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\Help
2018-08-03 16:58 - 2009-07-14 08:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
Some files in TEMP:
====================
2018-08-05 10:09 - 2010-11-21 06:23 - 001731936 _____ (Microsoft Corporation) C:\Users\fh\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-08-03 17:25
==================== End of FRST.txt ===
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by HisJudgmntComthSoon (05-08-2018 11:09:07)
Running from C:\Users\HisJudgmntComthSoon\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-08-03 10:33:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1988405664-605711334-484934328-500 - Administrator - Disabled)
fh (S-1-5-21-1988405664-605711334-484934328-1004 - Administrator - Enabled) => C:\Users\fh
Guest (S-1-5-21-1988405664-605711334-484934328-501 - Limited - Disabled)
HisJudgmntComthSoon (S-1-5-21-1988405664-605711334-484934328-1002 - Administrator - Enabled) => C:\Users\HisJudgmntComthSoon
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Total Security (Enabled - Out of date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Total Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Google Chrome (HKU\S-1-5-21-1988405664-605711334-484934328-1002\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Grand Theft Auto IV - Episodes From Liberty City (HKLM-x32\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version: - )
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038701}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1988405664-605711334-484934328-1002_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\HisJudgmntComthSoon\AppData\Local\Google\Chrome\Application\67.0.3396.99\notification_helper.exe (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-08-03] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-08-03] (AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-08-03] (AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-03-13] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-08-03] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {048EC128-C496-4E38-804B-8B4AD9AB7BF1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-08-05] (AVAST Software)
Task: {771C8994-896B-4710-B805-8DD2B46D93A5} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {FDD49399-CAB3-4F09-BA60-5272AAB3C02C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-08-03] (AO Kaspersky Lab)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => I:\adwcleaner_7.2.2.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-08-03 19:04 - 2015-03-13 19:16 - 000118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-08-03 13:57 - 2018-08-03 13:57 - 000863600 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\kpcengine.2.3.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1988405664-605711334-484934328-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\HisJudgmntComthSoon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{699312FC-E7C3-4DFB-8543-87B140FB9F93}] => (Allow) I:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{FAF720E8-FA5C-4CF9-A897-8E7BBFEBFD18}] => (Allow) I:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{9E56E06E-4D86-4BF2-9F58-418EF5EA57B0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{5EEDF867-355D-4C53-8534-C521DDBA39DB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
==================== Restore Points =========================
03-08-2018 19:09:12 Installed Grand Theft Auto: Episodes from Liberty City
04-08-2018 13:41:22 Installed Realtek Ethernet Controller Driver
==================== Faulty Device Manager Devices =============
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/05/2018 11:06:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 10:43:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 10:39:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 10:28:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 10:09:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 10:02:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 09:54:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (08/05/2018 09:54:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
System errors:
=============
Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (08/05/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (08/05/2018 10:37:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (08/05/2018 10:37:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
CodeIntegrity:
===================================
Date: 2018-08-04 20:44:55.042
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-08-04 20:44:55.040
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-08-04 20:44:55.036
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-08-03 17:26:27.341
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-08-03 17:26:27.338
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-08-03 17:26:27.333
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 24%
Total physical RAM: 4094.49 MB
Available physical RAM: 3072.4 MB
Total Virtual: 8187.18 MB
Available Virtual: 6962.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:49.71 GB) (Free:25.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:49.71 GB) (Free:0.11 GB) NTFS
Drive e: () (Fixed) (Total:147.36 GB) (Free:1.62 GB) NTFS
Drive f: () (Fixed) (Total:147.36 GB) (Free:0.72 GB) NTFS
Drive g: () (Fixed) (Total:147.36 GB) (Free:0.79 GB) NTFS
Drive h: () (Fixed) (Total:147.36 GB) (Free:7.47 GB) NTFS
Drive i: () (Fixed) (Total:242.64 GB) (Free:178.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30233022)
Partition 1: (Active) - (Size=49.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=881.8 GB) - (Type=0F Extended)
==================== End of Addition.