Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01 Ran by Ma (administrator) on DESKTOP-EVKS371 (23-04-2018 15:18:52) Running from C:\Users\Ma\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads Loaded Profiles: Ma (Available Profiles: Ma) Platform: Windows 10 Pro Version 1709 16299.98 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\kpm_service.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\kpm.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (BitTorrent Inc.) C:\Users\Ma\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\Ma\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe (BitTorrent Inc.) C:\Users\Ma\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804360 2016-03-22] (NVIDIA Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.) HKU\S-1-5-21-3661550181-1661674082-4013068574-1002\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\kpm.exe [540456 2018-02-22] (AO Kaspersky Lab) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [186144 2016-03-22] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164520 2016-03-22] (NVIDIA Corporation) GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{215e8228-9975-4730-8ac5-4d17b785ef57}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\x64\ie_engine.dll [2018-02-22] (AO Kaspersky Lab) BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\ie_engine.dll [2018-02-22] (AO Kaspersky Lab) FireFox: ======== FF ProfilePath: C:\Users\Ma\AppData\Roaming\Mozilla\Firefox\Profiles\uj4pticv.default [2018-04-23] FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-04-23] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi Chrome: ======= CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation) S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-04-23] (AO Kaspersky Lab) R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.0\kpm_service.exe [215840 2018-02-22] (AO Kaspersky Lab) R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) S2 Windows Cache Services; C:\Windows\Logs\NetSetup\VSS\wcservices.exe [858112 2017-11-27] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] () R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [31144 2017-11-23] (ASUS) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [120008 2018-04-23] (AO Kaspersky Lab) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [207576 2018-04-23] (AO Kaspersky Lab) R1 KLHK; C:\Windows\System32\drivers\klhk.sys [594144 2018-04-23] (AO Kaspersky Lab) R3 klids; C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys [180984 2018-04-23] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1055944 2018-04-23] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-04-23] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab) R3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-04-23] (AO Kaspersky Lab) R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2018-04-23] (AO Kaspersky Lab) R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [252600 2018-04-23] (AO Kaspersky Lab) R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [107656 2018-04-23] (AO Kaspersky Lab) R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [174664 2018-04-23] (AO Kaspersky Lab) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [93888 2018-04-23] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [135904 2017-12-25] (AO Kaspersky Lab) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-23] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-23] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-04-23] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-23] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [102112 2018-04-23] (Malwarebytes) R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2017-09-29] (Intel Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-23 14:56 - 2018-04-23 14:56 - 000000017 _____ C:\Users\Ma\AppData\Local\resmon.resmoncfg 2018-04-23 12:15 - 2018-04-23 12:15 - 000000000 ____D C:\Users\Ma\AppData\Local\DBG 2018-04-23 12:05 - 2018-04-23 12:06 - 000000000 ____D C:\Users\Ma\Downloads\Windows 10 Pro v.1709 En-US (64-bit) ACTiVATED-HOBBiT 2018-04-23 12:04 - 2018-04-23 15:19 - 000000000 ____D C:\Users\Ma\AppData\Roaming\uTorrent 2018-04-23 12:04 - 2018-04-23 12:33 - 000000000 ____D C:\Users\Ma\AppData\LocalLow\uTorrent 2018-04-23 12:04 - 2018-04-23 12:04 - 000000893 _____ C:\Users\Ma\Desktop\µTorrent.lnk 2018-04-23 12:02 - 2018-04-23 12:02 - 002951024 _____ (BitTorrent Inc.) C:\Users\Ma\Downloads\uTorrent.exe 2018-04-23 12:00 - 2018-04-23 12:39 - 000000400 __RSH C:\ProgramData\ntuser.pol 2018-04-23 12:00 - 2018-04-23 12:05 - 000000000 ____D C:\Users\Ma\AppData\LocalLow\Mozilla 2018-04-23 12:00 - 2018-04-23 12:00 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-04-23 12:00 - 2018-04-23 12:00 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk 2018-04-23 12:00 - 2018-04-23 12:00 - 000000000 ____D C:\Users\Ma\AppData\Roaming\Mozilla 2018-04-23 12:00 - 2018-04-23 12:00 - 000000000 ____D C:\Users\Ma\AppData\Local\Mozilla 2018-04-23 12:00 - 2018-04-23 12:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-04-23 11:59 - 2018-04-23 12:00 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-04-23 11:51 - 2018-04-23 11:51 - 000000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-04-23 11:25 - 2018-04-23 11:25 - 000001908 _____ C:\Windows\diagwrn.xml 2018-04-23 11:25 - 2018-04-23 11:25 - 000001908 _____ C:\Windows\diagerr.xml 2018-04-23 11:25 - 2018-04-23 11:25 - 000000000 ___HD C:\$WINDOWS.~BT 2018-04-23 11:06 - 2018-04-23 11:06 - 000000000 ____D C:\Users\Ma\Documents\Kaspersky Password Manager 2018-04-23 11:05 - 2018-04-23 11:05 - 000003372 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3661550181-1661674082-4013068574-1002 2018-04-23 11:05 - 2017-12-08 00:13 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll 2018-04-23 11:05 - 2017-12-08 00:10 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll 2018-04-23 11:03 - 2018-04-23 11:05 - 000000000 ____D C:\Windows\system32\MRT 2018-04-23 11:03 - 2018-04-23 11:03 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-04-23 11:03 - 2018-04-23 11:03 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-04-23 11:03 - 2018-04-23 11:03 - 000000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2018-04-23 11:02 - 2018-04-23 11:02 - 000000000 ____D C:\AdwCleaner 2018-04-23 10:28 - 2018-04-23 11:52 - 000003192 _____ C:\Windows\System32\Tasks\BDAntiCryptoWallTask 2018-04-23 10:28 - 2018-04-23 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDAntiRansomware 2018-04-23 10:28 - 2018-04-23 10:28 - 000000000 ____D C:\Program Files\Bitdefender 2018-04-23 09:37 - 2018-04-23 15:18 - 000000000 ____D C:\FRST 2018-04-23 07:57 - 2018-04-23 08:18 - 000000000 ____D C:\Users\Ma\AppData\Local\PlaceholderTileLogoFolder 2018-04-23 07:53 - 2018-04-23 07:53 - 000001369 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk 2018-04-23 07:53 - 2018-04-23 07:53 - 000000000 ____D C:\Users\Ma\AppData\Local\Kaspersky Lab 2018-04-23 07:53 - 2018-04-23 07:53 - 000000000 ____D C:\ProgramData\Package Cache 2018-04-23 07:53 - 2018-04-23 07:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager 2018-04-23 07:51 - 2018-04-23 11:51 - 000000000 __SHD C:\Users\Ma\IntelGraphicsProfiles 2018-04-23 07:50 - 2018-04-23 07:50 - 000252600 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys 2018-04-23 07:50 - 2018-04-23 07:50 - 000000000 ____D C:\Users\Ma\AppData\Local\Comms 2018-04-23 07:50 - 2018-04-23 07:50 - 000000000 ____D C:\Program Files\Intel 2018-04-23 07:50 - 2018-04-23 07:50 - 000000000 ____D C:\Program Files (x86)\Intel 2018-04-23 07:50 - 2018-04-23 07:50 - 000000000 ____D C:\Intel 2018-04-23 07:49 - 2018-04-23 11:03 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-04-23 07:49 - 2018-04-23 11:03 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-04-23 07:49 - 2018-04-23 11:03 - 000102112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-04-23 07:49 - 2018-04-23 11:03 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-04-23 07:49 - 2018-04-23 07:49 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-04-23 07:49 - 2018-04-23 07:49 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-04-23 07:49 - 2018-04-23 07:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-04-23 07:49 - 2018-04-23 07:49 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-04-23 07:49 - 2018-04-23 07:49 - 000000000 ____D C:\Program Files\Malwarebytes 2018-04-23 07:49 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-04-23 07:48 - 2018-04-23 11:03 - 000000000 ____D C:\Windows\SysWOW64\NV 2018-04-23 07:48 - 2018-04-23 11:03 - 000000000 ____D C:\Windows\system32\NV 2018-04-23 07:48 - 2018-04-23 07:48 - 000001317 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk 2018-04-23 07:48 - 2018-04-23 07:48 - 000000000 ____D C:\Users\Ma\AppData\Local\NVIDIA 2018-04-23 07:48 - 2018-04-23 07:48 - 000000000 ____D C:\ProgramData\NVIDIA 2018-04-23 07:48 - 2018-04-23 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2018-04-23 07:48 - 2018-04-23 07:48 - 000000000 ____D C:\Program Files\Elantech 2018-04-23 07:48 - 2016-02-15 09:25 - 006367288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2018-04-23 07:48 - 2016-02-15 09:25 - 002990016 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2018-04-23 07:48 - 2016-02-15 09:25 - 002563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2018-04-23 07:48 - 2016-02-15 09:25 - 000945600 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2018-04-23 07:48 - 2016-02-15 09:25 - 000530368 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2018-04-23 07:48 - 2016-02-15 09:25 - 000393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2018-04-23 07:48 - 2016-02-15 09:25 - 000083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2018-04-23 07:48 - 2016-02-15 09:25 - 000071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2018-04-23 07:48 - 2016-02-11 17:36 - 006172297 _____ C:\Windows\system32\nvcoproc.bin 2018-04-23 07:47 - 2018-04-23 07:48 - 000003392 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2018-04-23 07:47 - 2018-04-23 07:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2018-04-23 07:47 - 2018-04-23 07:48 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2018-04-23 07:47 - 2018-04-23 07:47 - 000231312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys 2018-04-23 07:47 - 2018-04-23 07:47 - 000174664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys 2018-04-23 07:47 - 2018-04-23 07:47 - 000107656 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys 2018-04-23 07:47 - 2018-04-23 07:47 - 000087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys 2018-04-23 07:47 - 2018-04-23 07:47 - 000002242 _____ C:\Users\Public\Desktop\Bezpieczne pieniądze.lnk 2018-04-23 07:47 - 2018-04-23 07:47 - 000002192 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk 2018-04-23 07:47 - 2018-04-23 07:47 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2018-04-23 07:47 - 2018-04-23 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security 2018-04-23 07:47 - 2018-04-23 07:47 - 000000000 ____D C:\Program Files\Common Files\AV 2018-04-23 07:47 - 2015-07-30 22:45 - 000072688 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2018-04-23 07:47 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2018-04-23 07:46 - 2018-04-23 14:54 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-04-23 07:46 - 2018-04-23 07:53 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2018-04-23 07:46 - 2018-04-23 07:49 - 001055944 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2018-04-23 07:46 - 2018-04-23 07:46 - 000594144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2018-04-23 07:46 - 2018-04-23 07:46 - 000207576 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2018-04-23 07:46 - 2018-04-23 07:46 - 000149304 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll 2018-04-23 07:42 - 2018-04-23 11:03 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2018-04-23 07:40 - 2018-04-23 07:45 - 000000000 ____D C:\Users\Ma\AppData\Local\MicrosoftEdge 2018-04-23 07:40 - 2018-04-23 07:40 - 000000000 ___HD C:\Users\Ma\MicrosoftEdgeBackups 2018-04-23 07:34 - 2018-04-23 11:05 - 000002358 _____ C:\Users\Ma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-04-23 07:34 - 2018-04-23 11:05 - 000000000 ___RD C:\Users\Ma\OneDrive 2018-04-23 07:33 - 2018-04-23 11:52 - 000003200 _____ C:\Windows\System32\Tasks\KMS_VL_ALL 2018-04-23 07:33 - 2018-04-23 08:07 - 000000000 ____D C:\Users\Ma\AppData\Local\Packages 2018-04-23 07:33 - 2018-04-23 08:04 - 000000000 ____D C:\Users\Ma\AppData\Local\Publishers 2018-04-23 07:33 - 2018-04-23 07:33 - 000000000 ___RD C:\Users\Ma\3D Objects 2018-04-23 07:33 - 2018-04-23 07:33 - 000000000 ____D C:\Users\Ma\AppData\Roaming\Adobe 2018-04-23 07:33 - 2018-04-23 07:33 - 000000000 ____D C:\Users\Ma\AppData\Local\VirtualStore 2018-04-23 07:33 - 2018-04-23 07:33 - 000000000 ____D C:\Users\Ma\AppData\Local\PeerDistRepub 2018-04-23 07:32 - 2018-04-23 07:51 - 000000000 ____D C:\Users\Ma 2018-04-23 07:32 - 2018-04-23 07:32 - 000000020 ___SH C:\Users\Ma\ntuser.ini 2018-04-23 07:32 - 2018-04-23 07:32 - 000000000 ____D C:\Users\Ma\AppData\Local\ConnectedDevicesPlatform 2018-04-23 07:29 - 2018-04-23 07:29 - 000000000 ____D C:\Windows\CSC ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-23 17:26 - 2017-09-29 15:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2018-04-23 14:53 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF 2018-04-23 14:39 - 2017-11-28 05:44 - 000000000 ____D C:\Windows\system32\SleepStudy 2018-04-23 12:00 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2018-04-23 11:25 - 2017-11-28 05:44 - 000000000 ____D C:\Windows\Panther 2018-04-23 11:22 - 2017-09-29 15:37 - 000000000 ____D C:\Windows\CbsTemp 2018-04-23 11:12 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2018-04-23 11:11 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness 2018-04-23 11:07 - 2017-11-28 05:51 - 001130238 _____ C:\Windows\system32\PerfStringBackup.INI 2018-04-23 11:05 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\appcompat 2018-04-23 11:03 - 2017-11-28 05:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-04-23 11:03 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI 2018-04-23 10:07 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-04-23 09:33 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-04-23 07:49 - 2017-12-25 02:53 - 000120008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys 2018-04-23 07:49 - 2016-12-20 17:51 - 000093888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwfp.sys 2018-04-23 07:49 - 2016-10-12 12:29 - 000057032 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2018-04-23 07:48 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Help 2018-04-23 07:46 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\ELAMBKUP 2018-04-23 07:36 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2018-04-23 07:33 - 2017-11-28 05:47 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-04-23 07:31 - 2017-11-28 05:44 - 000221968 _____ C:\Windows\system32\FNTCACHE.DAT 2018-04-23 07:27 - 2017-11-28 05:47 - 000002770 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2018-04-03 21:37 - 2017-09-29 15:49 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-04-03 21:37 - 2017-09-29 15:49 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2018-04-23 14:56 - 2018-04-23 14:56 - 000000017 _____ () C:\Users\Ma\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-28 05:44 ==================== End of FRST.txt ============================