Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Little Help?


  • Please log in to reply
34 replies to this topic

#1 mazto

mazto

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 19 July 2018 - 10:18 AM

i have a  Duo core 3GHz pc, GT730 DDR5 VGA, 4 GB Ram, OS Win 7 x64 everything was going pretty smooth, until i started experiencing heavy INTERMITTENT  lags whilst playing games (on the first two days it the lags were exaggerated by turning my air condition ON?!.. then it became consistent regardless of anything) , my streaming and surfing speed is going down, i exhibited the same pattern a couple of years ago for which turned out to be a malware,  i surf porn alot so i presume its the same thing, i formatted my windows drive and installed a fresh copy, but nothing changed, the only the other attribute i could relate to  my processor is about 14 yrs old and i m not sure if it is going down slowly still it doesnt explain my diminishing internet speed especially that i didnt make any kind of change for the last 3 months (same software all along and no single addition to my browser), i have Kaspersky total security 2018 for protection, and recently as a kind of futile try, i installed malware bytes, but it just caught couple of Pups and riskwares, still no improvement, little help?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by fgj (administrator) on HISJUDGMENTCOME (19-07-2018 18:44:28)
Running from C:\Users\Howl Hauru\Downloads\Programs
Loaded Profiles: fgj (Available Profiles: fgj)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3961968 2018-07-09] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D206F6A6-B603-4CC1-ACC0-8098A2324A16}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-18] (AO Kaspersky Lab)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-18] (AO Kaspersky Lab)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-18] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3539279979-1061140905-4216228071-1001 -> Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-18] (AO Kaspersky Lab)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-18]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Howl Hauru\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Howl Hauru\AppData\Roaming\IDM\idmmzcc5 [2018-07-18] [Legacy] [not signed]
FF HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default [2018-07-19]
CHR Extension: (Slides) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-18]
CHR Extension: (Docs) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-18]
CHR Extension: (Google Drive) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-18]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-07-18]
CHR Extension: (YouTube) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-18]
CHR Extension: (Sheets) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-18]
CHR Extension: (Google Docs Offline) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-18]
CHR Extension: (Stream Video Downloader) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2018-07-19]
CHR Extension: (Kaspersky Protection) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-07-18]
CHR Extension: (IDM Integration Module) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-18]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2018-07-19]
CHR Extension: (Gmail) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-18]
CHR Extension: (Chrome Media Router) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-18]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-07-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-07-10]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-07-18] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [119496 2018-07-18] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [206024 2018-07-18] (AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\DRIVERS\klhk.sys [1192128 2018-07-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1073344 2018-07-18] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [56520 2018-07-18] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-12-25] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [142024 2018-07-18] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-19 18:43 - 2018-07-19 18:44 - 000000000 ____D C:\FRST
2018-07-19 18:03 - 2018-07-19 18:03 - 000021658 _____ C:\Users\Howl Hauru\Downloads\csi-crime-scene-investigation-first-season_english-1224890.zip
2018-07-19 16:32 - 2018-07-19 16:32 - 000000000 ____D C:\Users\Howl Hauru\Documents\Rockstar Games
2018-07-19 16:20 - 2018-07-19 16:20 - 000000000 ____D C:\Users\Howl Hauru\AppData\Local\Rockstar Games
2018-07-19 15:41 - 2018-07-19 15:41 - 000771962 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-07-19 15:18 - 2018-07-19 15:18 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-07-19 15:18 - 2018-07-19 15:18 - 000000000 ____D C:\Program Files\MSBuild
2018-07-19 15:18 - 2018-07-19 15:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-07-19 15:18 - 2018-07-19 15:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-07-19 15:06 - 2018-07-19 15:06 - 000000000 ____D C:\Users\Howl Hauru\AppData\LocalLow\Temp
2018-07-19 14:39 - 2015-11-14 00:30 - 000056160 ____N C:\Users\Howl Hauru\Downloads\CSI.Las.Vegas.S01E08.WEB-DL.ENG.ITFriend.srt
2018-07-19 14:35 - 2018-07-19 14:35 - 000021976 _____ C:\Users\Howl Hauru\Downloads\csi-crime-scene-investigation-first-season_english-1224888.zip
2018-07-19 14:32 - 2018-07-19 14:32 - 002869264 _____ (Microsoft Corporation) C:\Users\Howl Hauru\Downloads\dotNetFx35setup.exe
2018-07-19 14:31 - 2018-07-19 14:31 - 000000000 ____D C:\Users\Howl Hauru\Downloads\update2_EN
2018-07-19 14:18 - 2018-07-19 14:29 - 121155486 _____ C:\Users\Howl Hauru\Downloads\update2_EN.zip
2018-07-19 14:00 - 2018-07-19 14:00 - 000000000 ____D C:\Users\Howl Hauru\AppData\Local\CrashDumps
2018-07-19 13:59 - 2018-07-19 13:59 - 000001338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2018-07-19 13:55 - 2018-07-19 13:55 - 000000000 ____D C:\Windows\SysWOW64\xlive
2018-07-19 13:55 - 2018-07-19 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2018-07-19 13:55 - 2018-07-19 13:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2018-07-19 13:55 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-07-19 13:55 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-07-19 13:55 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2018-07-19 13:53 - 2018-07-19 13:53 - 000001045 _____ C:\Users\Howl Hauru\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
2018-07-19 13:53 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-07-19 12:58 - 2015-11-14 00:30 - 000046575 ____N C:\Users\Howl Hauru\Downloads\CSI.Las.Vegas.S01E07.WEB-DL.ENG.ITFriend.srt
2018-07-19 12:57 - 2018-07-19 12:57 - 006520440 _____ C:\Users\Howl Hauru\Downloads\CSI Crime Scene Investigation Season 1 Online Free HD with.mp4.crdownload
2018-07-19 12:55 - 2018-07-19 12:56 - 000018311 _____ C:\Users\Howl Hauru\Downloads\csi-crime-scene-investigation-first-season_english-1224887.zip
2018-07-19 12:08 - 2018-07-19 12:08 - 000021844 _____ C:\Users\Howl Hauru\Downloads\csi-crime-scene-investigation-first-season_english-1224886.zip
2018-07-19 12:08 - 2015-11-14 00:29 - 000055254 ____N C:\Users\Howl Hauru\Downloads\CSI.Las.Vegas.S01E06.WEB-DL.ENG.ITFriend.srt
2018-07-19 05:48 - 2018-07-19 04:10 - 000000213 ____H C:\Boot.BAK
2018-07-19 05:48 - 2018-07-18 21:58 - 000000000 ____D C:\Windows\Panther
2018-07-19 05:41 - 2018-07-19 05:41 - 000000000 ____D C:\Windows.old
2018-07-19 04:53 - 2018-07-19 04:53 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2018-07-19 04:53 - 2018-07-19 04:53 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2018-07-19 04:40 - 2018-07-19 05:48 - 000008192 __RSH C:\BOOTSECT.BAK
2018-07-19 04:40 - 2010-11-21 05:23 - 000383786 __RSH C:\bootmgr
2018-07-19 04:23 - 2018-07-19 04:23 - 000000000 __RSH C:\MSDOS.SYS
2018-07-19 04:23 - 2018-07-19 04:23 - 000000000 __RSH C:\IO.SYS
2018-07-19 04:23 - 2018-07-19 04:23 - 000000000 _____ C:\CONFIG.SYS
2018-07-19 04:23 - 2018-07-19 04:23 - 000000000 _____ C:\AUTOEXEC.BAT
2018-07-18 22:07 - 2018-07-18 22:38 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-18 22:07 - 2018-07-18 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-18 22:07 - 2018-07-18 22:07 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\WinRAR
2018-07-18 22:07 - 2018-07-18 22:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-07-18 22:07 - 2018-07-18 22:05 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-07-18 22:07 - 2014-06-17 14:13 - 000941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2018-07-18 22:07 - 2014-06-17 14:13 - 000107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2018-07-18 22:07 - 2014-06-17 14:13 - 000073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2018-07-18 22:06 - 2018-07-18 22:38 - 000000000 ____D C:\Program Files (x86)\WinRAR
2018-07-18 22:06 - 2018-07-18 22:09 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-07-18 22:05 - 2018-07-18 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2018-07-18 22:05 - 2011-09-16 09:12 - 000032360 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtVlan620.sys
2018-07-18 22:05 - 2011-06-15 15:11 - 000058472 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtTeam60.sys
2018-07-18 22:05 - 2011-06-15 15:11 - 000027136 _____ (Realtek ) C:\Windows\system32\Drivers\RtNdPt60.sys
2018-07-18 22:03 - 2018-07-19 18:43 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\DMCache
2018-07-18 22:03 - 2018-07-19 18:25 - 000000000 ____D C:\Users\Howl Hauru\Downloads\Video
2018-07-18 22:03 - 2018-07-19 17:42 - 000000000 ____D C:\Users\Howl Hauru\Downloads\Compressed
2018-07-18 22:03 - 2018-07-19 11:40 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\IDM
2018-07-18 22:03 - 2018-07-18 22:03 - 000465483 __RSH C:\KVNFA
2018-07-18 21:49 - 2018-07-18 21:49 - 000003098 _____ C:\Windows\System32\Tasks\klcp_update
2018-07-18 21:49 - 2018-07-18 21:49 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\MPC-HC
2018-07-18 21:48 - 2018-07-18 21:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-07-18 21:48 - 2018-01-28 11:00 - 000794112 _____ C:\Windows\system32\xvidcore.dll
2018-07-18 21:48 - 2018-01-28 11:00 - 000694784 _____ C:\Windows\SysWOW64\xvidcore.dll
2018-07-18 21:48 - 2018-01-28 11:00 - 000311296 _____ C:\Windows\system32\xvidvfw.dll
2018-07-18 21:48 - 2018-01-28 11:00 - 000284672 _____ C:\Windows\SysWOW64\xvidvfw.dll
2018-07-18 21:48 - 2017-07-30 12:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2018-07-18 21:48 - 2017-07-30 12:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2018-07-18 21:48 - 2015-10-24 18:00 - 000126976 _____ C:\Windows\system32\ff_vfw.dll
2018-07-18 21:48 - 2015-10-24 18:00 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2018-07-18 21:48 - 2012-07-21 12:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2018-07-18 21:48 - 2012-07-21 12:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2018-07-18 21:48 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2018-07-18 21:48 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2018-07-18 21:47 - 2018-07-18 21:48 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-07-18 21:37 - 2018-07-18 21:46 - 059211099 _____ (KLCP ) C:\Users\Howl Hauru\Downloads\K-Lite_Codec_Pack_1430_Mega.exe
2018-07-18 21:23 - 2018-07-18 21:23 - 000057560 _____ C:\Users\Howl Hauru\AppData\Local\GDIPFONTCACHEV1.DAT
2018-07-18 21:22 - 2018-07-18 21:45 - 000000000 ____D C:\Users\Howl Hauru\AppData\Local\Google
2018-07-18 21:22 - 2018-07-18 21:22 - 000001447 _____ C:\Users\Howl Hauru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-18 21:22 - 2018-07-18 21:22 - 000001413 _____ C:\Users\Howl Hauru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-07-18 21:21 - 2018-07-18 21:22 - 000000000 ____D C:\Users\Howl Hauru
2018-07-18 21:21 - 2018-07-18 21:21 - 000000020 ___SH C:\Users\Howl Hauru\ntuser.ini
2018-07-18 21:21 - 2018-07-18 21:21 - 000000000 ____D C:\Users\Howl Hauru\AppData\Local\VirtualStore
2018-07-18 21:21 - 2011-04-12 10:28 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\Media Center Programs
2018-07-18 21:19 - 2018-07-18 21:19 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-07-18 21:18 - 2018-07-18 21:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-18 21:17 - 2018-07-18 21:33 - 000000000 ____D C:\ProgramData\Adobe
2018-07-18 21:17 - 2018-07-18 21:17 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-07-18 21:07 - 2018-07-18 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-07-18 21:07 - 2018-07-18 21:07 - 000000000 ____D C:\ProgramData\IDM
2018-07-18 21:07 - 2018-07-18 21:07 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-07-18 21:06 - 2018-07-18 21:06 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-07-18 21:06 - 2018-06-24 19:18 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-07-18 21:06 - 2018-06-24 17:31 - 005947520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 002612624 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 000633792 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 000451144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 000083424 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-07-18 21:06 - 2018-06-20 12:52 - 008207422 _____ C:\Windows\system32\nvcoproc.bin
2018-07-18 21:05 - 2018-07-19 16:25 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-18 21:05 - 2018-07-18 21:05 - 000000000 ____D C:\Windows\system32\unknown
2018-07-18 21:05 - 2018-06-25 19:28 - 000551776 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-07-18 21:05 - 2018-06-25 19:28 - 000457064 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-07-18 21:05 - 2018-06-24 17:39 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-07-18 21:04 - 2018-07-18 21:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-07-18 21:04 - 2018-07-18 21:04 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-07-18 21:01 - 2018-07-18 21:01 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-07-18 21:00 - 2018-07-19 05:48 - 000000357 __RSH C:\Boot.ini.saved
2018-07-18 21:00 - 2018-07-18 21:00 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-07-18 21:00 - 2018-07-18 21:00 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-18 21:00 - 2018-07-18 21:00 - 000004488 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-18 21:00 - 2018-07-18 21:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-18 21:00 - 2018-07-18 21:00 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-18 21:00 - 2015-07-18 15:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-18 20:58 - 2018-07-19 16:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-18 20:57 - 2018-07-18 21:19 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-07-18 20:57 - 2018-06-25 19:27 - 040346984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 040092248 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 035250264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 032361048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 017000808 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-07-18 20:57 - 2018-06-25 19:27 - 003965288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 003496376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 002013808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439836.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001562560 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001468456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439836.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001419112 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001216264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001092480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 000627240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 000517720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 031242016 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 025959416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 023270088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 020295744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 019083216 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 013728120 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 011273624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 001157400 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000904744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000544480 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000505928 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000462832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000420184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000164952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 017748120 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 015693248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 015163664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 004614616 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 004081952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-07-18 20:57 - 2018-06-24 19:18 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-07-18 20:57 - 2018-06-24 19:18 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-07-18 20:57 - 2018-06-24 19:18 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-07-18 20:53 - 2018-07-18 21:06 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-07-18 20:50 - 2018-07-18 20:50 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-07-18 20:50 - 2018-07-18 20:50 - 000000000 ____D C:\Program Files\Realtek
2018-07-18 20:49 - 2018-07-18 20:49 - 000000000 ____D C:\Program Files (x86)\Intel
2018-07-18 20:49 - 2012-02-21 13:45 - 002605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2018-07-18 20:49 - 2010-03-02 10:04 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2018-07-18 20:48 - 2012-06-19 10:54 - 004065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-07-18 20:48 - 2012-06-19 07:31 - 000293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-07-18 20:48 - 2012-06-08 10:23 - 000083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2018-07-18 20:48 - 2012-06-08 10:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2018-07-18 20:48 - 2012-06-08 10:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2018-07-18 20:48 - 2012-06-08 10:18 - 003615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2018-07-18 20:48 - 2012-06-06 04:44 - 000869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-07-18 20:48 - 2012-06-01 03:37 - 002674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-07-18 20:48 - 2012-05-31 12:08 - 000105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-07-18 20:48 - 2012-05-10 09:22 - 001262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-07-18 20:48 - 2012-04-03 12:42 - 001015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2018-07-18 20:48 - 2011-12-20 09:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-07-18 20:48 - 2011-12-18 11:58 - 002131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2018-07-18 20:48 - 2011-12-16 08:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2018-07-18 20:48 - 2011-12-13 10:58 - 001560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-07-18 20:48 - 2011-11-22 10:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-07-18 20:48 - 2010-11-03 12:30 - 000149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-07-18 20:48 - 2009-11-24 03:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-07-18 20:48 - 2009-11-24 03:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-07-18 20:48 - 2009-11-24 03:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-07-18 20:48 - 2009-11-24 03:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-07-18 20:48 - 2009-11-18 01:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2018-07-18 20:47 - 2018-07-18 20:47 - 000000000 ____D C:\Intel
2018-07-18 20:47 - 2010-09-27 03:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2018-07-18 20:46 - 2012-04-10 08:40 - 002533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2018-07-18 20:45 - 2018-07-18 20:51 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-07-18 20:45 - 2012-03-08 05:47 - 000202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2018-07-18 20:45 - 2012-03-08 05:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2018-07-18 20:44 - 2012-05-25 12:06 - 001706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-07-18 20:40 - 2018-07-18 20:40 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-18 20:38 - 2018-07-18 20:38 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-07-18 20:38 - 2018-07-18 20:38 - 000000000 ____D C:\Program Files\Common Files\AV
2018-07-18 20:37 - 2018-07-18 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2018-07-18 20:36 - 2018-07-19 17:37 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-07-18 20:36 - 2018-07-18 20:45 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-07-18 20:36 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2018-07-18 20:35 - 2018-07-18 21:10 - 001073344 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-07-18 20:35 - 2018-07-18 21:01 - 000206024 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-07-18 20:35 - 2018-07-18 20:59 - 000152360 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2018-07-18 20:33 - 2018-07-18 20:38 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-18 20:33 - 2018-07-18 20:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-18 20:33 - 2018-07-18 20:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-10 20:02 - 2018-03-01 16:36 - 000226032 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-19 17:48 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-19 17:48 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-19 16:25 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-19 15:41 - 2009-07-14 07:13 - 000771962 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-19 15:41 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-07-19 13:59 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-07-19 13:55 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-07-19 05:48 - 2009-07-14 07:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-07-19 04:57 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-07-19 04:56 - 2009-07-14 06:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-19 04:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\sysprep
2018-07-19 04:49 - 2011-04-12 10:28 - 000000000 ____D C:\Windows\CSC
2018-07-18 21:10 - 2017-12-25 00:12 - 000142024 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2018-07-18 21:10 - 2016-10-11 14:14 - 000056520 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2018-07-18 21:06 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Help
2018-07-18 20:58 - 2017-12-25 00:12 - 001192128 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-07-18 20:58 - 2017-12-25 00:12 - 000119496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2018-07-18 20:44 - 2010-11-21 04:50 - 000000000 ____D C:\Users\Administrator
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-19 04:49
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by fgj (19-07-2018 18:45:46)
Running from C:\Users\Howl Hauru\Downloads\Programs
Windows 7 Ultimate Service Pack 1 (X64) (2018-07-18 19:58:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3539279979-1061140905-4216228071-500 - Administrator - Disabled)
fgj (S-1-5-21-3539279979-1061140905-4216228071-1001 - Administrator - Enabled) => C:\Users\Howl Hauru
Guest (S-1-5-21-3539279979-1061140905-4216228071-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grand Theft Auto IV - Episodes From Liberty City (HKLM-x32\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version:  - )
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038701}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038702}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038703}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Kaspersky Total Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.60 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {40B86FAF-2AE3-4779-8665-B4642406E28E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-18] (Adobe Systems Incorporated)
Task: {44A46917-BAA8-4D92-AE1D-B332253AEB34} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-07-18] (AO Kaspersky Lab)
Task: {4A4D62B7-5B96-4977-9633-634169F76918} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-18] (Google Inc.)
Task: {4EB59C23-D846-4E75-B7CB-FDBCC9D98E73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-18] (Google Inc.)
Task: {4FDEDB8C-5623-41F9-B8B4-177CDCB976DA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-18] (Adobe Systems Incorporated)
Task: {6D5D3B6A-291B-4BD9-9A90-22376F9C32EB} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {7DFF273A-D369-4ABA-A466-660F1C5B78BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-07-18 21:06 - 2018-06-24 17:31 - 000138128 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-07-18 21:47 - 2018-07-06 11:00 - 000340480 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\libbluray.dll
2018-07-18 20:39 - 2018-06-22 21:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-07-18 20:39 - 2018-06-22 21:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-07-18 20:36 - 2018-07-18 20:36 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\kpcengine.2.3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5198FA61-E2A1-40AB-92A1-65F0C1A4AC4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C1B26B69-E0CF-489B-B50F-16D96085EA75}] => (Allow) E:\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{0E9D02BB-D2D3-473C-81B9-7604F75D1B1A}] => (Allow) E:\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
 
==================== Restore Points =========================
 
19-07-2018 14:50:45 Installed Microsoft Visual C++ 2005 Redistributable
19-07-2018 15:14:19 Windows Modules Installer
19-07-2018 15:17:35 Windows Modules Installer
19-07-2018 16:12:56 Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020
19-07-2018 16:13:46 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
19-07-2018 16:14:40 Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020
19-07-2018 16:15:20 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
19-07-2018 16:16:29 Installed Microsoft Visual C++ 2005 Redistributable
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/19/2018 06:43:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/19/2018 04:27:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/19/2018 04:25:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/19/2018 04:25:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/19/2018 04:10:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/19/2018 04:08:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/19/2018 04:08:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/19/2018 04:07:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (07/19/2018 12:02:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {60A90A2F-858D-42AF-8929-82BE9D99E8A1} did not register with DCOM within the required timeout.
 
Error: (07/18/2018 08:39:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
CodeIntegrity:
===================================
 
Date: 2018-07-18 21:13:01.733
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-18 21:13:01.730
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-18 21:12:37.717
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-18 21:12:37.713
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 40%
Total physical RAM: 4094.49 MB
Available physical RAM: 2427.46 MB
Total Virtual: 8187.18 MB
Available Virtual: 5417.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:49.71 GB) (Free:28.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:49.71 GB) (Free:2.75 GB) NTFS
Drive e: () (Fixed) (Total:147.36 GB) (Free:2.77 GB) NTFS
Drive f: (Movies) (Fixed) (Total:147.36 GB) (Free:0.21 GB) NTFS
Drive g: () (Fixed) (Total:147.36 GB) (Free:4.02 GB) NTFS
Drive h: () (Fixed) (Total:147.36 GB) (Free:0.05 GB) NTFS
Drive i: (Sources) (Fixed) (Total:242.64 GB) (Free:0.23 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30233022)
Partition 1: (Active) - (Size=49.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=881.8 GB) - (Type=0F Extended)
 
==================== End of Addition.txt ============================

Edited by mazto, 19 July 2018 - 11:52 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:01 AM

Posted 19 July 2018 - 11:25 AM

Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html

 

Louis



#3 mazto

mazto
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 19 July 2018 - 11:54 AM

thnx, i did



#4 mazto

mazto
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 23 July 2018 - 07:21 PM

something new i found out, whenever i open the internet explorer, i keep getting this stupid message (shown in the attached file) about the "idm" plugin, no matter what i keep pressing "allow" or "dont allow" it keeps showing again for eternity and beyond.. moreover my internet connection turned into modem and most of the time i get connection errors...

Attached Files


Edited by mazto, 23 July 2018 - 07:22 PM.


#5 mazto

mazto
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 July 2018 - 08:08 AM

more good news, my internet has shut down COMPLETELY, i cant even connect through safe mode! (my browser gets just stuck at "resolving host") i contacted my isp and they said the problem is in my pc not the connection, i dont have a cell phone, i dont have access to any nearby cyber and  i m posting this using one of my neighbors' laptop!! i cant even go for a try and format my pc again since you asked me not make any change, i didnt ask for anybody else help cause i m obligated by the request  i posted on your forum (for which nobody volunteered to help with so far) so here i m waiting and what do i get? i get completely trapped with a sluggish pc which is cut off the grid.. well thnx


Edited by mazto, 24 July 2018 - 08:24 AM.


#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 AM

Posted 24 July 2018 - 10:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/680868 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 mazto

mazto
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 July 2018 - 10:44 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by fgj (administrator) on HISJUDGMENTCOME (24-07-2018 17:36:55)
Running from C:\Users\Howl Hauru\Downloads
Loaded Profiles: fgj (Available Profiles: fgj & 21)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3961968 2018-07-09] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D206F6A6-B603-4CC1-ACC0-8098A2324A16}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-24] (AO Kaspersky Lab)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-24] (AO Kaspersky Lab)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-24] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-24] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3539279979-1061140905-4216228071-1001 -> Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-24] (AO Kaspersky Lab)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-24]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Howl Hauru\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Howl Hauru\AppData\Roaming\IDM\idmmzcc5 [2018-07-18] [Legacy] [not signed]
FF HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default [2018-07-24]
CHR Extension: (Slides) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-18]
CHR Extension: (Docs) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-18]
CHR Extension: (Google Drive) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-18]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-07-18]
CHR Extension: (YouTube) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-18]
CHR Extension: (Sheets) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-18]
CHR Extension: (Google Docs Offline) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-18]
CHR Extension: (Stream Video Downloader) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2018-07-19]
CHR Extension: (Imagus) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2018-07-24]
CHR Extension: (Kaspersky Protection) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-07-18]
CHR Extension: (IDM Integration Module) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-18]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2018-07-19]
CHR Extension: (Gmail) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-18]
CHR Extension: (Chrome Media Router) - C:\Users\Howl Hauru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-18]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-07-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-07-10]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-07-18] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [119496 2018-07-18] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [85704 2018-07-24] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [206024 2018-07-18] (AO Kaspersky Lab)
S1 KLHK; C:\Windows\System32\DRIVERS\klhk.sys [1193160 2018-07-24] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1073352 2018-07-24] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [56520 2018-07-18] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-12-25] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [142024 2018-07-24] (AO Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-24 17:36 - 2018-07-24 17:37 - 000013973 _____ C:\Users\Howl Hauru\Downloads\FRST.txt
2018-07-24 17:32 - 2018-07-24 17:36 - 002412544 _____ (Farbar) C:\Users\Howl Hauru\Downloads\FRST64.exe
2018-07-24 17:01 - 2018-07-24 17:01 - 000000000 ____D C:\Windows\SysWOW64\%Data%
2018-07-24 16:49 - 2018-07-24 16:49 - 000057560 _____ C:\Users\21\AppData\Local\GDIPFONTCACHEV1.DAT
2018-07-24 16:48 - 2018-07-24 16:48 - 000001447 _____ C:\Users\21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-24 16:48 - 2018-07-24 16:48 - 000001413 _____ C:\Users\21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-07-24 16:47 - 2018-07-24 16:47 - 000000000 ____D C:\Users\21\AppData\Local\VirtualStore
2018-07-24 16:46 - 2018-07-24 16:46 - 000332696 _____ C:\Windows\Minidump\072418-19624-01.dmp
2018-07-24 16:46 - 2018-07-24 16:46 - 000000000 ____D C:\Windows\Minidump
2018-07-24 16:09 - 2018-07-24 16:09 - 000000000 ____D C:\Users\21\AppData\Roaming\MPC-HC
2018-07-24 15:35 - 2018-07-24 17:00 - 000000000 ____D C:\Users\21\AppData\Roaming\DMCache
2018-07-24 15:35 - 2018-07-24 16:48 - 000002259 _____ C:\Users\21\Desktop\Google Chrome.lnk
2018-07-24 15:35 - 2018-07-24 16:34 - 000000000 ____D C:\Users\21\AppData\Roaming\IDM
2018-07-24 15:35 - 2018-07-24 15:35 - 000000000 ____D C:\Users\21\Downloads\Video
2018-07-24 15:35 - 2018-07-24 15:35 - 000000000 ____D C:\Users\21\Downloads\Compressed
2018-07-24 15:35 - 2018-07-24 15:35 - 000000000 ____D C:\Users\21\AppData\Local\Google
2018-07-24 15:34 - 2018-07-24 16:48 - 000000000 ____D C:\Users\21
2018-07-24 15:34 - 2018-07-24 15:34 - 000000020 ___SH C:\Users\21\ntuser.ini
2018-07-24 15:34 - 2011-04-12 10:28 - 000000000 ____D C:\Users\21\AppData\Roaming\Media Center Programs
2018-07-24 12:36 - 2018-07-24 12:36 - 000000000 ____D C:\Windows\System32\Tasks\Games
2018-07-24 02:09 - 2018-07-24 02:09 - 000000000 ____D C:\Users\Howl Hauru\Documents\My Cheat Tables
2018-07-24 02:09 - 2018-07-24 02:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.8.1
2018-07-24 02:09 - 2018-07-24 02:09 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.8.1
2018-07-24 02:00 - 2018-07-24 02:00 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\YoudaGames
2018-07-24 02:00 - 2018-07-24 02:00 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\Adobe
2018-07-20 14:02 - 2018-07-24 17:02 - 000385890 _____ C:\Windows\ntbtlog.txt
2018-07-19 18:43 - 2018-07-24 17:36 - 000000000 ____D C:\FRST
2018-07-19 16:32 - 2018-07-19 16:32 - 000000000 ____D C:\Users\Howl Hauru\Documents\Rockstar Games
2018-07-19 16:20 - 2018-07-19 16:20 - 000000000 ____D C:\Users\Howl Hauru\AppData\Local\Rockstar Games
2018-07-19 15:41 - 2018-07-19 15:41 - 000771962 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-07-19 15:18 - 2018-07-19 15:18 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-07-19 15:18 - 2018-07-19 15:18 - 000000000 ____D C:\Program Files\MSBuild
2018-07-19 15:18 - 2018-07-19 15:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-07-19 15:18 - 2018-07-19 15:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-07-19 15:06 - 2018-07-19 15:06 - 000000000 ____D C:\Users\Howl Hauru\AppData\LocalLow\Temp
2018-07-19 14:32 - 2018-07-19 14:32 - 002869264 _____ (Microsoft Corporation) C:\Users\Howl Hauru\Downloads\dotNetFx35setup.exe
2018-07-19 14:31 - 2018-07-19 14:31 - 000000000 ____D C:\Users\Howl Hauru\Downloads\update2_EN
2018-07-19 14:18 - 2018-07-19 14:29 - 121155486 _____ C:\Users\Howl Hauru\Downloads\update2_EN.zip
2018-07-19 14:00 - 2018-07-19 14:00 - 000000000 ____D C:\Users\Howl Hauru\AppData\Local\CrashDumps
2018-07-19 13:59 - 2018-07-19 13:59 - 000001338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2018-07-19 13:55 - 2018-07-19 13:55 - 000000000 ____D C:\Windows\SysWOW64\xlive
2018-07-19 13:55 - 2018-07-19 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2018-07-19 13:55 - 2018-07-19 13:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2018-07-19 13:55 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-07-19 13:55 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-07-19 13:55 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2018-07-19 13:53 - 2018-07-19 13:53 - 000001045 _____ C:\Users\Howl Hauru\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
2018-07-19 13:53 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-07-19 05:48 - 2018-07-19 04:10 - 000000213 ____H C:\Boot.BAK
2018-07-19 05:48 - 2018-07-18 21:58 - 000000000 ____D C:\Windows\Panther
2018-07-19 05:41 - 2018-07-19 05:41 - 000000000 ____D C:\Windows.old
2018-07-19 04:53 - 2018-07-19 04:53 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2018-07-19 04:53 - 2018-07-19 04:53 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2018-07-19 04:40 - 2018-07-19 05:48 - 000008192 __RSH C:\BOOTSECT.BAK
2018-07-19 04:40 - 2010-11-21 05:23 - 000383786 __RSH C:\bootmgr
2018-07-19 04:23 - 2018-07-19 04:23 - 000000000 __RSH C:\MSDOS.SYS
2018-07-19 04:23 - 2018-07-19 04:23 - 000000000 __RSH C:\IO.SYS
2018-07-19 04:23 - 2018-07-19 04:23 - 000000000 _____ C:\CONFIG.SYS
2018-07-19 04:23 - 2018-07-19 04:23 - 000000000 _____ C:\AUTOEXEC.BAT
2018-07-18 22:07 - 2018-07-18 22:38 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-18 22:07 - 2018-07-18 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-18 22:07 - 2018-07-18 22:07 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\WinRAR
2018-07-18 22:07 - 2018-07-18 22:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-07-18 22:07 - 2018-07-18 22:05 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-07-18 22:07 - 2014-06-17 14:13 - 000941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2018-07-18 22:07 - 2014-06-17 14:13 - 000107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2018-07-18 22:07 - 2014-06-17 14:13 - 000073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2018-07-18 22:06 - 2018-07-18 22:38 - 000000000 ____D C:\Program Files (x86)\WinRAR
2018-07-18 22:06 - 2018-07-18 22:09 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-07-18 22:05 - 2018-07-18 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2018-07-18 22:05 - 2011-09-16 09:12 - 000032360 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtVlan620.sys
2018-07-18 22:05 - 2011-06-15 15:11 - 000058472 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtTeam60.sys
2018-07-18 22:05 - 2011-06-15 15:11 - 000027136 _____ (Realtek ) C:\Windows\system32\Drivers\RtNdPt60.sys
2018-07-18 22:03 - 2018-07-24 17:36 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\DMCache
2018-07-18 22:03 - 2018-07-24 02:38 - 000000000 ____D C:\Users\Howl Hauru\Downloads\Video
2018-07-18 22:03 - 2018-07-24 00:37 - 000000000 ____D C:\Users\Howl Hauru\Downloads\Compressed
2018-07-18 22:03 - 2018-07-19 11:40 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\IDM
2018-07-18 22:03 - 2018-07-18 22:03 - 000465483 __RSH C:\KVNFA
2018-07-18 21:49 - 2018-07-18 21:49 - 000003098 _____ C:\Windows\System32\Tasks\klcp_update
2018-07-18 21:49 - 2018-07-18 21:49 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\MPC-HC
2018-07-18 21:48 - 2018-07-18 21:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-07-18 21:48 - 2018-01-28 11:00 - 000794112 _____ C:\Windows\system32\xvidcore.dll
2018-07-18 21:48 - 2018-01-28 11:00 - 000694784 _____ C:\Windows\SysWOW64\xvidcore.dll
2018-07-18 21:48 - 2018-01-28 11:00 - 000311296 _____ C:\Windows\system32\xvidvfw.dll
2018-07-18 21:48 - 2018-01-28 11:00 - 000284672 _____ C:\Windows\SysWOW64\xvidvfw.dll
2018-07-18 21:48 - 2017-07-30 12:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2018-07-18 21:48 - 2017-07-30 12:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2018-07-18 21:48 - 2015-10-24 18:00 - 000126976 _____ C:\Windows\system32\ff_vfw.dll
2018-07-18 21:48 - 2015-10-24 18:00 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2018-07-18 21:48 - 2012-07-21 12:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2018-07-18 21:48 - 2012-07-21 12:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2018-07-18 21:48 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2018-07-18 21:48 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2018-07-18 21:47 - 2018-07-18 21:48 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-07-18 21:37 - 2018-07-18 21:46 - 059211099 _____ (KLCP ) C:\Users\Howl Hauru\Downloads\K-Lite_Codec_Pack_1430_Mega.exe
2018-07-18 21:23 - 2018-07-18 21:23 - 000057560 _____ C:\Users\Howl Hauru\AppData\Local\GDIPFONTCACHEV1.DAT
2018-07-18 21:22 - 2018-07-18 21:45 - 000000000 ____D C:\Users\Howl Hauru\AppData\Local\Google
2018-07-18 21:22 - 2018-07-18 21:22 - 000001447 _____ C:\Users\Howl Hauru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-18 21:22 - 2018-07-18 21:22 - 000001413 _____ C:\Users\Howl Hauru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-07-18 21:21 - 2018-07-18 21:22 - 000000000 ____D C:\Users\Howl Hauru
2018-07-18 21:21 - 2018-07-18 21:21 - 000000020 ___SH C:\Users\Howl Hauru\ntuser.ini
2018-07-18 21:21 - 2018-07-18 21:21 - 000000000 ____D C:\Users\Howl Hauru\AppData\Local\VirtualStore
2018-07-18 21:21 - 2011-04-12 10:28 - 000000000 ____D C:\Users\Howl Hauru\AppData\Roaming\Media Center Programs
2018-07-18 21:19 - 2018-07-18 21:19 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-07-18 21:18 - 2018-07-18 21:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-18 21:17 - 2018-07-18 21:33 - 000000000 ____D C:\ProgramData\Adobe
2018-07-18 21:17 - 2018-07-18 21:17 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-07-18 21:07 - 2018-07-18 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-07-18 21:07 - 2018-07-18 21:07 - 000000000 ____D C:\ProgramData\IDM
2018-07-18 21:07 - 2018-07-18 21:07 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-07-18 21:06 - 2018-07-18 21:06 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-07-18 21:06 - 2018-06-24 19:18 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-07-18 21:06 - 2018-06-24 17:31 - 005947520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 002612624 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 000633792 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 000451144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-07-18 21:06 - 2018-06-24 17:31 - 000083424 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-07-18 21:06 - 2018-06-20 12:52 - 008207422 _____ C:\Windows\system32\nvcoproc.bin
2018-07-18 21:05 - 2018-07-24 17:01 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-18 21:05 - 2018-07-18 21:05 - 000000000 ____D C:\Windows\system32\unknown
2018-07-18 21:05 - 2018-06-25 19:28 - 000551776 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-07-18 21:05 - 2018-06-25 19:28 - 000457064 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-07-18 21:05 - 2018-06-24 17:39 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-07-18 21:04 - 2018-07-18 21:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-07-18 21:04 - 2018-07-18 21:04 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-07-18 21:01 - 2018-07-18 21:01 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-07-18 21:00 - 2018-07-19 05:48 - 000000357 __RSH C:\Boot.ini.saved
2018-07-18 21:00 - 2018-07-18 21:00 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-07-18 21:00 - 2018-07-18 21:00 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-18 21:00 - 2018-07-18 21:00 - 000004488 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-18 21:00 - 2018-07-18 21:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-18 21:00 - 2018-07-18 21:00 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-18 21:00 - 2015-07-18 15:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-18 21:00 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-18 20:58 - 2018-07-19 16:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-18 20:57 - 2018-07-18 21:19 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-07-18 20:57 - 2018-06-25 19:27 - 040346984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 040092248 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 035250264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 032361048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 017000808 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-07-18 20:57 - 2018-06-25 19:27 - 003965288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 003496376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 002013808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439836.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001562560 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001468456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439836.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001419112 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001216264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 001092480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 000627240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-07-18 20:57 - 2018-06-25 19:27 - 000517720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 031242016 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 025959416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 023270088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 020295744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 019083216 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 013728120 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 011273624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 001157400 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000904744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000544480 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000505928 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000462832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000420184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000164952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-07-18 20:57 - 2018-06-25 19:26 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 017748120 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 015693248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 015163664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 004614616 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-07-18 20:57 - 2018-06-25 19:25 - 004081952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-07-18 20:57 - 2018-06-24 19:18 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-07-18 20:57 - 2018-06-24 19:18 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-07-18 20:57 - 2018-06-24 19:18 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-07-18 20:53 - 2018-07-18 21:06 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-07-18 20:50 - 2018-07-18 20:50 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-07-18 20:50 - 2018-07-18 20:50 - 000000000 ____D C:\Program Files\Realtek
2018-07-18 20:49 - 2018-07-18 20:49 - 000000000 ____D C:\Program Files (x86)\Intel
2018-07-18 20:49 - 2012-02-21 13:45 - 002605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2018-07-18 20:49 - 2010-03-02 10:04 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2018-07-18 20:48 - 2012-06-19 10:54 - 004065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-07-18 20:48 - 2012-06-19 07:31 - 000293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-07-18 20:48 - 2012-06-08 10:23 - 000083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2018-07-18 20:48 - 2012-06-08 10:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2018-07-18 20:48 - 2012-06-08 10:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2018-07-18 20:48 - 2012-06-08 10:18 - 003615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2018-07-18 20:48 - 2012-06-06 04:44 - 000869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-07-18 20:48 - 2012-06-01 03:37 - 002674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-07-18 20:48 - 2012-05-31 12:08 - 000105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-07-18 20:48 - 2012-05-10 09:22 - 001262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-07-18 20:48 - 2012-04-03 12:42 - 001015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2018-07-18 20:48 - 2011-12-20 09:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-07-18 20:48 - 2011-12-18 11:58 - 002131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2018-07-18 20:48 - 2011-12-16 08:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2018-07-18 20:48 - 2011-12-13 10:58 - 001560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-07-18 20:48 - 2011-11-22 10:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-07-18 20:48 - 2010-11-08 01:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-07-18 20:48 - 2010-11-03 12:30 - 000149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-07-18 20:48 - 2009-11-24 03:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-07-18 20:48 - 2009-11-24 03:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-07-18 20:48 - 2009-11-24 03:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-07-18 20:48 - 2009-11-24 03:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-07-18 20:48 - 2009-11-18 01:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2018-07-18 20:47 - 2018-07-18 20:47 - 000000000 ____D C:\Intel
2018-07-18 20:47 - 2010-09-27 03:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2018-07-18 20:46 - 2012-04-10 08:40 - 002533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2018-07-18 20:45 - 2018-07-18 20:51 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-07-18 20:45 - 2012-03-08 05:47 - 000202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2018-07-18 20:45 - 2012-03-08 05:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2018-07-18 20:44 - 2012-05-25 12:06 - 001706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-07-18 20:40 - 2018-07-18 20:40 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-18 20:38 - 2018-07-18 20:38 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-07-18 20:38 - 2018-07-18 20:38 - 000000000 ____D C:\Program Files\Common Files\AV
2018-07-18 20:37 - 2018-07-18 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2018-07-18 20:36 - 2018-07-24 17:01 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-07-18 20:36 - 2018-07-18 20:45 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-07-18 20:36 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2018-07-18 20:35 - 2018-07-24 10:31 - 001073352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-07-18 20:35 - 2018-07-24 10:30 - 000152360 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2018-07-18 20:35 - 2018-07-18 21:01 - 000206024 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-07-18 20:33 - 2018-07-18 20:38 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-18 20:33 - 2018-07-18 20:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-18 20:33 - 2018-07-18 20:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-10 20:02 - 2018-03-01 16:36 - 000226032 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-24 17:01 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-24 16:54 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-24 16:54 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-24 13:30 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\LiveKernelReports
2018-07-24 10:32 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-07-24 10:31 - 2017-12-25 00:12 - 000142024 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2018-07-24 10:31 - 2016-05-31 23:24 - 000085704 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldisk.sys
2018-07-24 10:30 - 2017-12-25 00:12 - 001193160 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-07-20 20:16 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-07-19 15:41 - 2009-07-14 07:13 - 000771962 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-19 13:59 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-07-19 13:55 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-07-19 05:48 - 2009-07-14 07:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-07-19 04:56 - 2009-07-14 06:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-19 04:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\sysprep
2018-07-19 04:49 - 2011-04-12 10:28 - 000000000 ____D C:\Windows\CSC
2018-07-18 21:10 - 2016-10-11 14:14 - 000056520 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2018-07-18 21:06 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Help
2018-07-18 20:58 - 2017-12-25 00:12 - 000119496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2018-07-18 20:44 - 2010-11-21 04:50 - 000000000 ____D C:\Users\Administrator
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-20 20:10
 
==================== End of FRST.txt ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 24 July 2018 - 10:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===



This is realy bad news
The good news is that it's not caused by an infection
---

Can you by any chance get to the Recovery Options to do a StartUp repair?

Navigate to this page and print it if you can. This will help you follow the instructions.
https://support.microsoft.com/en-ca/help/17101/windows-7-system-recovery-options

Follow the instuctions to do a StartUp repair.

There are other Options listed in this section which you can try if the StarUp repair fails.
System recovery option
===

If you do not have the Installation Disk for this computer contact the Manufacturer and find out if you can get one.

Keep me posted if you can.

#9 mazto

mazto
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 July 2018 - 10:44 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by fgj (24-07-2018 17:37:50)
Running from C:\Users\Howl Hauru\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2018-07-18 19:58:21)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
21 (S-1-5-21-3539279979-1061140905-4216228071-1003 - Administrator - Enabled) => C:\Users\21
Administrator (S-1-5-21-3539279979-1061140905-4216228071-500 - Administrator - Disabled)
fgj (S-1-5-21-3539279979-1061140905-4216228071-1001 - Administrator - Enabled) => C:\Users\Howl Hauru
Guest (S-1-5-21-3539279979-1061140905-4216228071-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version:  - Cheat Engine)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grand Theft Auto IV - Episodes From Liberty City (HKLM-x32\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version:  - )
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038701}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038702}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038703}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Kaspersky Total Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.60 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {40B86FAF-2AE3-4779-8665-B4642406E28E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-18] (Adobe Systems Incorporated)
Task: {44A46917-BAA8-4D92-AE1D-B332253AEB34} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-07-18] (AO Kaspersky Lab)
Task: {4A4D62B7-5B96-4977-9633-634169F76918} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-18] (Google Inc.)
Task: {4BDD5931-7B38-4D30-BD42-8CF9848A1D9F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3539279979-1061140905-4216228071-1001
Task: {4EB59C23-D846-4E75-B7CB-FDBCC9D98E73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-18] (Google Inc.)
Task: {4FDEDB8C-5623-41F9-B8B4-177CDCB976DA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-18] (Adobe Systems Incorporated)
Task: {6D5D3B6A-291B-4BD9-9A90-22376F9C32EB} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {7DFF273A-D369-4ABA-A466-660F1C5B78BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-07-18 20:39 - 2018-06-22 21:15 - 002663768 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\swiftshader\libglesv2.dll
2018-07-18 20:39 - 2018-06-22 21:15 - 000128856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5198FA61-E2A1-40AB-92A1-65F0C1A4AC4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C1B26B69-E0CF-489B-B50F-16D96085EA75}] => (Allow) E:\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{0E9D02BB-D2D3-473C-81B9-7604F75D1B1A}] => (Allow) E:\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
 
==================== Restore Points =========================
 
24-07-2018 10:52:09 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2018 05:04:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 04:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 03:36:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 03:31:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 02:39:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 02:34:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 02:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 02:00:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (07/24/2018 05:02:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/24/2018 05:02:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (07/24/2018 05:02:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/24/2018 05:02:31 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/24/2018 05:02:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
discache
klbackupflt
KLHK
KLIF
klpd
kneps
spldr
Wanarpv6
 
Error: (07/24/2018 05:01:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (07/24/2018 05:01:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (07/24/2018 05:01:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
The service did not start due to a logon failure.
 
 
CodeIntegrity:
===================================
 
Date: 2018-07-24 10:45:26.636
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-24 10:45:26.633
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-24 10:45:26.629
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-24 10:45:20.782
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.8.1\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-24 10:45:20.757
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.8.1\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-20 20:11:09.111
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-20 20:11:09.101
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-20 20:11:09.045
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 4094.49 MB
Available physical RAM: 2734.34 MB
Total Virtual: 8187.18 MB
Available Virtual: 6696.66 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:49.71 GB) (Free:16.98 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:49.71 GB) (Free:2.75 GB) NTFS
Drive e: () (Fixed) (Total:147.36 GB) (Free:2.77 GB) NTFS
Drive f: (Movies) (Fixed) (Total:147.36 GB) (Free:0.21 GB) NTFS
Drive g: () (Fixed) (Total:147.36 GB) (Free:7.12 GB) NTFS
Drive h: () (Fixed) (Total:147.36 GB) (Free:0.05 GB) NTFS
Drive i: (Sources) (Fixed) (Total:242.64 GB) (Free:0.23 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30233022)
Partition 1: (Active) - (Size=49.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=881.8 GB) - (Type=0F Extended)
 
==================== End of Addition.txt ============================


#10 mazto

mazto
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 July 2018 - 10:49 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by fgj (24-07-2018 17:37:50)
Running from C:\Users\Howl Hauru\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2018-07-18 19:58:21)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
21 (S-1-5-21-3539279979-1061140905-4216228071-1003 - Administrator - Enabled) => C:\Users\21
Administrator (S-1-5-21-3539279979-1061140905-4216228071-500 - Administrator - Disabled)
fgj (S-1-5-21-3539279979-1061140905-4216228071-1001 - Administrator - Enabled) => C:\Users\Howl Hauru
Guest (S-1-5-21-3539279979-1061140905-4216228071-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version:  - Cheat Engine)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grand Theft Auto IV - Episodes From Liberty City (HKLM-x32\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version:  - )
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038701}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038702}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\{5454083B-1308-4485-BF17-111000038703}) (Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Kaspersky Total Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.60 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-07-18] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {40B86FAF-2AE3-4779-8665-B4642406E28E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-18] (Adobe Systems Incorporated)
Task: {44A46917-BAA8-4D92-AE1D-B332253AEB34} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-07-18] (AO Kaspersky Lab)
Task: {4A4D62B7-5B96-4977-9633-634169F76918} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-18] (Google Inc.)
Task: {4BDD5931-7B38-4D30-BD42-8CF9848A1D9F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3539279979-1061140905-4216228071-1001
Task: {4EB59C23-D846-4E75-B7CB-FDBCC9D98E73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-18] (Google Inc.)
Task: {4FDEDB8C-5623-41F9-B8B4-177CDCB976DA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-18] (Adobe Systems Incorporated)
Task: {6D5D3B6A-291B-4BD9-9A90-22376F9C32EB} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {7DFF273A-D369-4ABA-A466-660F1C5B78BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-07-18 20:39 - 2018-06-22 21:15 - 002663768 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\swiftshader\libglesv2.dll
2018-07-18 20:39 - 2018-06-22 21:15 - 000128856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3539279979-1061140905-4216228071-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5198FA61-E2A1-40AB-92A1-65F0C1A4AC4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C1B26B69-E0CF-489B-B50F-16D96085EA75}] => (Allow) E:\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
FirewallRules: [{0E9D02BB-D2D3-473C-81B9-7604F75D1B1A}] => (Allow) E:\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe
 
==================== Restore Points =========================
 
24-07-2018 10:52:09 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2018 05:04:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 04:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 03:36:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 03:31:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 02:39:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 02:34:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 02:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2018 02:00:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (07/24/2018 05:02:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/24/2018 05:02:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (07/24/2018 05:02:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/24/2018 05:02:31 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/24/2018 05:02:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
discache
klbackupflt
KLHK
KLIF
klpd
kneps
spldr
Wanarpv6
 
Error: (07/24/2018 05:01:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (07/24/2018 05:01:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (07/24/2018 05:01:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
The service did not start due to a logon failure.
 
 
CodeIntegrity:
===================================
 
Date: 2018-07-24 10:45:26.636
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-24 10:45:26.633
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-24 10:45:26.629
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-24 10:45:20.782
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.8.1\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-24 10:45:20.757
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.8.1\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-20 20:11:09.111
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-20 20:11:09.101
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-20 20:11:09.045
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\klelam_X64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 4094.49 MB
Available physical RAM: 2734.34 MB
Total Virtual: 8187.18 MB
Available Virtual: 6696.66 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:49.71 GB) (Free:16.98 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:49.71 GB) (Free:2.75 GB) NTFS
Drive e: () (Fixed) (Total:147.36 GB) (Free:2.77 GB) NTFS
Drive f: (Movies) (Fixed) (Total:147.36 GB) (Free:0.21 GB) NTFS
Drive g: () (Fixed) (Total:147.36 GB) (Free:7.12 GB) NTFS
Drive h: () (Fixed) (Total:147.36 GB) (Free:0.05 GB) NTFS
Drive i: (Sources) (Fixed) (Total:242.64 GB) (Free:0.23 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30233022)
Partition 1: (Active) - (Size=49.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=881.8 GB) - (Type=0F Extended)
 
==================== End of Addition.txt ============================


#11 mazto

mazto
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 July 2018 - 10:51 AM

please hold on, it takes like about 14 minutes to make a single post, my internet is like 5 seconds working and then cut for 10 minutes



#12 mazto

mazto
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 July 2018 - 11:09 AM

why do i need to repair my windows? i was having the same problems when i just installed a fresh copy of windows(downloaded of the internet)!? this is why i formatted in the first place.. to see the difference, but once installed the fresh copy and i opened one of the games (which was running pretty smooth before all this happened) i found the same slow heavy lags, the only difference i noticed is this, when the problem has started, i was just heavy laggy performance in games, but the internet speed was more than fine, after i formatted, the dead internet speed has added up and by time it became dead!! wat i m saying is if u r refering to damage in my operating system as the cause of the problem, then the fresh installation should have fixed it up, but it didnt.. that doesnt make sense? please elaborate more.. please! i had a couple of POWER CUTS lately so yes the operating system had some damage, but this happened 3 days after all this trouble have already started, there is nothing easier than just take the high way and reinstall a new fresh copy again, but knowing that the same scenario shall take place again, i wont!! i m looking to solve the problem from its roots! this is one of a kind nightmare.. (i posted the addition log seperate)


Edited by mazto, 24 July 2018 - 11:22 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 24 July 2018 - 01:03 PM

Hi,

You said in post No. 5 that the computer was compromised.

, my internet has shut down COMPLETELY, i cant even connect through safe mode! (my browser gets just stuck at "resolving host") etc...


Now you provide new logs.
Can you explain?

From the Errors listed in the Addition.txt log it looks like Kaspersky is compromised.

Re-install it and when done Restart the computer normally.

How is the computer running now?

#14 mazto

mazto
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 July 2018 - 08:47 PM

Hi,

You said in post No. 5 that the computer was compromised.
 

, my internet has shut down COMPLETELY, i cant even connect through safe mode! (my browser gets just stuck at "resolving host") etc...


Now you provide new logs.
Can you explain?

From the Errors listed in the Addition.txt log it looks like Kaspersky is compromised.

Re-install it and when done Restart the computer normally.

How is the computer running now?

 

as i did early mentioned in the same post u refered to " i m posting this using one of my neighbours laptop" ! when i connect his laptop to my internet it is fine.. so the problem clearly is within my pc X_X , moreover in a total ironic way, i launched start up recovery as u asked, it just took few seconds, then said " windows couldnt detect any problems"   now how you would expect to reinstall kaspersky from launcher that uses internet to download the whole programm?? (i m totally trapped)  to stress it more if it helps, whenever i open my browser, i see it stuck on "Resolving Host" , then i have to keep refreshing for about 3 minutes or more so it finally could open any web page, then its back to stuck again!! it is like passing a camel through the eye of a needle that gets opened for approximately 1 minute or 90 seconds then it shuts back again for about 5 minutes and sometimes quarter an hour, all this takes place when i m using the SAFE MODE but when using the normal windows interface the internet is completely SHUT DOWN!!! when this problem started the browser would show the same connection error every 10-6 minutes but it would still work just by refreshing mostly, then by time it reached down to shut completely, if you could notice i mentioned in one of the earlier posts "i get connection errors most of the time" but now such luxury is over, i will try to get the offline installer for kaspersky, BUT i dont know what to do next? i m waiting for  further instructions


Edited by mazto, 24 July 2018 - 09:06 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 25 July 2018 - 08:29 AM

Hi,

Using you neighbors' laptop download to a Flash Drive or CD the Removal tool for Kaspersky Lab applications (kavremover) from this site.
https://support.kaspersky.com/1464

Mount the Flash Drive on your compromised computer.
Since you will need to boot from them USB driver or the CD follow these directives.

How to Boot From a USB Drive or CD on Any Computer

Follow the instructions on this page.
https://lifehacker.com/5991848/how-to-boot-from-a-cd-or-usb-drive-on-any-pc

From there run the Karvermover progam that was downloaded.
When completed restart the computer normally.

Let me know if successful or not.

Edited by nasdaq, 30 July 2018 - 07:42 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users