• Please describe your problem in as much detail as possible. The more specific you are, the better we can diagnose the problem.
Computer and IE is acting sluggish and computer doesnt feel right, I have to turn Kaspersky off in order to use OUTLOOK Web Based Email.m ( used to be hotmail.)
• Do you have popups? If so, where are they from? What do they say? Are they advertising a particular product? none
• Has your browser been hijacked? If so, to what URL? not
• Does your antivirus detect an infected file? If so, what file, and what is the infection detected? Kaspersky - no viruses- but IE seems to work allot faster when I disable the ANTIVIRUS
• Is your system sluggish? Is there a particular process using a lot of the CPU? If so, what is it? Does your firewall give alerts about a process trying to access the internet? If so, what is it? not sure about any firewall intrusions, but the system feels sluggish.
• Have you already tried certain steps to fix your problem? If so, what have you tried? none
• Please also mention that you have read this FAQ and followed the directions, or else someone is likely to ask you to come back here. trying to follow step by step
---> Full description of issues :
1. slow sluggish IE
2. on favorites ( in IE) something has added .url to the items in the favorite bar
3. when working on WORD and EXCEL the system lags and loses some information and sometimes creates duplicate files
4. when i Email Outlook it is slow and lags and unresponsive, ( i cant click on the items in the email to delete and it sometimes takes extended time for the processes to clear or stop. sometimes pressing the <esc> button seems to let the processes that was preventing me from using the email program to stop not sure....
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 9/2/18
Scan Time: 11:50 AM
Log File: 0d3a2898-aee1-11e8-9cf1-00fff474f90d.json
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.421
Update Package Version: 1.0.6613
License: Free
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: AZUZ1DESK\dannyid
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 403653
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 49 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
Ran by dannyid (administrator) on AZUZ1DESK (02-09-2018 14:56:31)
Running from C:\Users\dannyid\Downloads
Loaded Profiles: dannyid & QBDataServiceUser26 (Available Profiles: dannyid & DanielAzuz & QBDataServiceUser23 & QBDataServiceUser26 & Daniel Tech Support)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avp.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHOA.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(SAMSUNG Electornics Co., Ltd.) C:\Users\dannyid\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WDDiscoveryMonitor.exe
(Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Western Digital Technologies, Inc.) C:\Program Files\WD Desktop App\kdd.exe
() C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe
() C:\Program Files\WD Desktop App\kdd
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
() C:\Program Files\WD Desktop App\wdsync.exe
() C:\Program Files\WD Desktop App\wdsync-inotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Agent\WDDriveAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WD Desktop App\wdsync.exe
() C:\Program Files\WD Desktop App\wdsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-12] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-06-24] (cyberlink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-10-22] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2018-02-02] (Carbonite, Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [56265192 2018-07-02] (Western Digital Corporation)
HKLM-x32\...\Run: [WDDriveAgent] => C:\Program Files (x86)\Western Digital\WD Drive Agent\WDDriveAgent.exe [2379552 2018-06-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-06-06] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2017-05-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\MountPoints2: {be32e01a-ddfc-11e5-8329-bcee7bd9cce4} - "L:\VZW_Software_upgrade_assistant.exe"
SSODL: WDFSMountNotificator-wdfsconnect2017 - {62582D6F-2615-4AF3-ACB6-12482A7E6BD7} - C:\Windows\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.)
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {62582D6F-2615-4AF3-ACB6-12482A7E6BD7} - C:\Windows\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-02-15]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-02-15]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-02-15]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\dannyid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-03-30]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\dannyid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-03-18]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\dannyid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2018-08-02]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\dannyid\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1236490B-DA5D-41E8-8F13-AC457124A458}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{330E5A1B-E392-48FE-9394-788C663F8101}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
URLSearchHook: [S-1-5-21-2358354011-981561540-3637120196-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> DefaultScope {B3F26710-5699-4AE1-BD54-8976C5B82E30} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {B3F26710-5699-4AE1-BD54-8976C5B82E30} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {CB602716-2E5F-48C2-9385-6A79ACDC1AF5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\IEExt\ie_plugin.dll [2016-12-10] (AO Kaspersky Lab)
BHO: No Name -> {62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\IEExt\ie_plugin.dll [2016-12-10] (AO Kaspersky Lab)
BHO-x32: No Name -> {62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\IEExt\ie_plugin.dll [2016-12-10] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\IEExt\ie_plugin.dll [2016-12-10] (AO Kaspersky Lab)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2018-05-21] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default [2018-09-02]
FF Homepage: Mozilla\Firefox\Profiles\kyac6rn3.default -> hxxps://www.google.com/
FF HKLM\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi [2018-04-22]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-12-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-12-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2358354011-981561540-3637120196-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dannyid\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
Chrome:
=======
CHR Profile: C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default [2018-08-13]
CHR Extension: (Google Translate) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-03-13]
CHR Extension: (Slides) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-13]
CHR Extension: (Docs) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-13]
CHR Extension: (Google Drive) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09]
CHR Extension: (YouTube) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09]
CHR Extension: (Translate Selected Text) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2016-07-09]
CHR Extension: (Sheets) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-13]
CHR Extension: (Google Docs Offline) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-16]
CHR Extension: (Which Font Is This ?) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhkckbkndockmajpedihihnplcgchgh [2018-06-23]
CHR Extension: (Gmail) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-12]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244696 2013-06-24] (CyberLink)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [303544 2015-08-12] (CyberLink)
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] ()
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-10-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-10-22] (Intuit Inc.) [File not signed]
R3 QuickBooksDB26; C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe [127792 2015-10-22] (Intuit, Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [528160 2018-06-04] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [92864 2018-04-22] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197312 2018-05-27] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1191616 2018-05-27] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1023176 2018-05-27] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-25] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [139968 2018-04-22] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-09-17] (AO Kaspersky Lab)
S3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE1200w764.sys [1254464 2011-03-30] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [259360 2018-09-01] (Malwarebytes)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2017-01-15] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R1 wdfsconnect2017; C:\Windows\system32\drivers\wdfsconnect2017.sys [468096 2017-11-21] (Western Digital Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 wdvpnpbus; C:\Windows\System32\drivers\wdvpnpbus.sys [20608 2017-11-21] (Western Digital Technologies, Inc.)
U0 aswVmm; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-02 14:57 - 2018-09-02 14:57 - 000899584 _____ C:\Users\dannyid\Downloads\RGSA.exe
2018-09-02 14:56 - 2018-09-02 14:57 - 000030013 _____ C:\Users\dannyid\Downloads\FRST.txt
2018-09-02 14:49 - 2018-09-02 14:49 - 002413056 _____ (Farbar) C:\Users\dannyid\Downloads\FRST64.exe
2018-09-02 11:50 - 2018-09-02 11:50 - 000000000 ____D C:\Users\dannyid\AppData\Local\mbam
2018-09-01 20:38 - 2018-09-01 20:38 - 000001249 _____ C:\Users\dannyid\Desktop\Daniel's My Cloud Home.lnk
2018-08-31 19:12 - 2018-08-31 19:12 - 000127779 _____ C:\Users\dannyid\Downloads\כי תצא - One small step one giant leap.pdf
2018-08-31 19:12 - 2018-08-31 19:12 - 000106751 _____ C:\Users\dannyid\Downloads\כח הדמיון במלחמת היצר - כי תצא.pdf
2018-08-31 19:08 - 2018-08-31 19:08 - 000731408 _____ C:\Users\dannyid\Downloads\Parshah Points Ki Savo..pdf
2018-08-30 18:18 - 2018-08-30 18:18 - 000539503 _____ C:\Users\dannyid\Downloads\YSC Succos - 3.pdf
2018-08-29 08:07 - 2018-08-29 08:07 - 000000000 ___SD C:\Users\dannyid\Documents\My Data Sources
2018-08-27 17:14 - 2018-08-27 17:14 - 000068096 _____ C:\Users\dannyid\Downloads\PFS Daniel D.xls
2018-08-27 13:20 - 2018-08-27 13:20 - 000095583 _____ C:\Users\dannyid\Downloads\Loan Check List Multifamily and Commercial.pdf
2018-08-21 16:21 - 2018-08-21 16:21 - 008899917 _____ C:\Users\dannyid\Downloads\Davidsohn Discovery Decision-c.pdf
2018-08-19 17:43 - 2018-08-19 17:43 - 000000000 ____D C:\Users\dannyid\Intuit
2018-08-19 15:34 - 2018-08-19 15:34 - 001700570 _____ C:\Users\dannyid\Downloads\DavidsohnPetition.pdf
2018-08-18 20:58 - 2018-09-01 15:24 - 000259360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-12 15:05 - 2018-08-12 15:05 - 000000000 ____D C:\Users\dannyid\AppData\Roaming\QuickBooks
2018-08-08 02:29 - 2018-08-08 02:29 - 000016583 _____ C:\Users\dannyid\Documents\~WRD2680.tmp
2018-08-08 02:22 - 2018-08-08 02:22 - 000016380 _____ C:\Users\dannyid\Documents\~WRD4044.tmp
2018-08-08 01:45 - 2018-08-08 01:45 - 000011356 _____ C:\Users\dannyid\Documents\~WRD1270.tmp
2018-08-08 00:29 - 2018-08-08 00:29 - 001259544 _____ C:\Users\dannyid\Documents\1112 11 RPRT PG 17.pdf
2018-08-07 21:15 - 2018-08-07 21:21 - 000011283 ____H C:\Users\dannyid\Documents\~WRL1304.tmp
2018-08-04 10:20 - 2018-08-04 10:20 - 000005120 _____ C:\Users\dannyid\Downloads\CPNI.xls
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-02 14:56 - 2016-12-09 21:08 - 000000000 ____D C:\FRST
2018-09-02 14:52 - 2017-05-26 00:10 - 000000000 ____D C:\Users\dannyid\AppData\LocalLow\Mozilla
2018-09-02 14:48 - 2016-12-06 18:25 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-09-02 14:43 - 2016-12-10 00:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-09-02 12:48 - 2018-05-06 17:15 - 000001271 _____ C:\Users\dannyid\Desktop\malwarebyte fille 2018.txt
2018-09-01 20:39 - 2017-10-02 16:11 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-09-01 20:39 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-09-01 20:38 - 2018-06-11 23:43 - 000000000 ____D C:\Users\dannyid\AppData\Roaming\WD Discovery
2018-09-01 20:38 - 2018-06-11 23:02 - 000000000 ____D C:\Users\dannyid\.wdc
2018-09-01 20:38 - 2014-08-30 14:43 - 000000000 ___DO C:\Users\dannyid\OneDrive
2018-09-01 15:23 - 2014-03-22 02:35 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-01 15:23 - 2013-11-29 02:06 - 000000025 ___SH C:\Windows\SysWOW64\ReadTag.ini
2018-09-01 15:23 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-01 15:23 - 2013-08-22 06:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-09-01 15:23 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2018-08-31 12:34 - 2016-02-15 23:06 - 000000000 ____D C:\Users\QBDataServiceUser26
2018-08-31 12:34 - 2014-06-14 03:18 - 000000000 ____D C:\Users\dannyid
2018-08-30 15:12 - 2015-12-29 17:19 - 000000000 ____D C:\Users\dannyid\AppData\Local\CrashDumps
2018-08-30 15:11 - 2015-09-26 22:47 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-29 18:22 - 2015-01-05 13:54 - 000000060 _____ C:\Windows\wpd99.drv
2018-08-29 18:22 - 2015-01-05 13:54 - 000000000 ____D C:\ProgramData\pdf995
2018-08-23 18:27 - 2017-09-24 15:09 - 000000000 ____D C:\Users\dannyid\Documents\TOPS
2018-08-19 15:07 - 2016-09-08 11:09 - 000417986 _____ C:\Windows\system32\perfh00D.dat
2018-08-19 15:07 - 2016-09-08 11:09 - 000065428 _____ C:\Windows\system32\perfc00D.dat
2018-08-19 15:07 - 2013-11-29 01:58 - 001338816 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-19 15:07 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
2018-08-18 20:57 - 2018-05-20 15:43 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-08-18 17:45 - 2014-06-14 00:25 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2358354011-981561540-3637120196-1002
2018-08-16 21:03 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\NDF
2018-08-14 12:57 - 2015-11-18 11:48 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-12 15:09 - 2015-03-15 14:51 - 000000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2018-08-12 15:03 - 2015-03-15 14:51 - 000000000 ____D C:\ProgramData\Intuit
2018-08-11 12:16 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
2018-08-09 21:18 - 2015-02-27 01:30 - 000000000 ____D C:\Users\dannyid\AppData\Local\Windows Live
2018-08-08 15:41 - 2016-06-17 20:27 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 15:41 - 2016-06-17 20:27 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2016-02-15 23:07 - 2016-02-28 17:42 - 000003461 _____ () C:\Users\dannyid\AppData\Roaming\QBFileDrTool.log
2016-01-04 19:13 - 2017-01-03 14:20 - 000016384 _____ () C:\Users\dannyid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2018-07-18 13:21 - 2018-07-18 13:21 - 000073728 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\5510.tmp.exe
2018-07-18 12:24 - 2018-07-18 12:24 - 000103424 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\629A.tmp.exe
2018-07-18 12:15 - 2018-07-18 12:15 - 000073728 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\8EEB.tmp.exe
2018-07-18 12:16 - 2018-07-18 12:16 - 000651776 _____ (Igor Pavlov) C:\Users\Daniel Tech Support\AppData\Local\Temp\DED5.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000103424 _____ () C:\Users\DanielAzuz\AppData\Local\Temp\261C.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000058336 _____ (NirSoft) C:\Users\DanielAzuz\AppData\Local\Temp\2C18.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000651776 _____ (Igor Pavlov) C:\Users\DanielAzuz\AppData\Local\Temp\833.tmp.exe
2018-07-25 11:23 - 2018-07-25 11:23 - 000073728 _____ () C:\Users\DanielAzuz\AppData\Local\Temp\A8F8.tmp.exe
2018-06-12 00:07 - 2018-06-12 00:07 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\11B4.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\1A45.tmp.exe
2018-07-21 14:26 - 2018-07-21 14:26 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\1C99.tmp.exe
2018-07-18 11:14 - 2018-07-18 11:14 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\1D57.tmp.exe
2018-07-18 11:11 - 2018-07-18 11:11 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\1E5.tmp.exe
2018-08-23 14:19 - 2018-08-23 14:19 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\2076.tmp.exe
2018-08-23 14:19 - 2018-08-23 14:19 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\221D.tmp.exe
2018-07-31 16:15 - 2018-07-31 16:15 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\253C.tmp.exe
2018-08-19 11:48 - 2018-08-19 11:48 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\2560.tmp.exe
2018-07-21 12:34 - 2018-07-21 12:34 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\311A.tmp.exe
2018-07-21 11:17 - 2018-07-21 11:17 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3177.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\32A7.tmp.exe
2018-07-23 12:01 - 2018-07-23 12:01 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\35A1.tmp.exe
2018-07-28 14:32 - 2018-07-28 14:32 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\371E.tmp.exe
2018-07-23 12:01 - 2018-07-23 12:01 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3757.tmp.exe
2018-08-19 12:02 - 2018-08-19 12:02 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\3B00.tmp.exe
2018-08-19 12:02 - 2018-08-19 12:02 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3C88.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\3F9D.tmp.exe
2018-07-02 11:34 - 2018-07-02 11:34 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\4969.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\4CE2.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\509D.tmp.exe
2018-07-02 11:44 - 2018-07-02 11:44 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\50B8.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\542D.tmp.exe
2018-08-25 10:56 - 2018-08-25 10:56 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\59A6.tmp.exe
2018-07-23 10:32 - 2018-07-23 10:32 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\5AA6.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\603C.tmp.exe
2018-07-28 14:34 - 2018-07-28 14:34 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\60CD.tmp.exe
2018-08-12 14:43 - 2018-08-12 14:43 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\6943.tmp.exe
2018-07-02 11:49 - 2018-07-02 11:49 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\69EC.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\6AE4.tmp.exe
2018-07-18 11:46 - 2018-07-18 11:46 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\6C2.tmp.exe
2018-08-25 10:59 - 2018-08-25 10:59 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\6CB6.tmp.exe
2018-07-22 17:34 - 2018-07-22 17:34 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\7BAE.tmp.exe
2018-07-23 11:32 - 2018-07-23 11:32 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\84D9.tmp.exe
2018-07-18 13:30 - 2018-07-18 13:30 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\8FF1.tmp.exe
2018-08-12 14:44 - 2018-08-12 14:44 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\91CE.tmp.exe
2018-08-12 14:44 - 2018-08-12 14:44 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\93A4.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\9568.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\97CA.tmp.exe
2018-08-09 23:07 - 2018-08-09 23:07 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\9C9F.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\9FC.tmp.exe
2018-08-11 11:49 - 2018-08-11 11:49 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A233.tmp.exe
2018-08-11 11:53 - 2018-08-11 11:53 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\A4D3.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A521.tmp.exe
2018-07-18 11:43 - 2018-07-18 11:43 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A94B.tmp.exe
2018-07-22 04:43 - 2018-07-22 04:43 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\AC73.tmp.exe
2018-08-11 11:53 - 2018-08-11 11:53 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\ADEC.tmp.exe
2018-07-21 16:04 - 2018-07-21 16:04 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B08A.tmp.exe
2018-07-15 21:20 - 2018-07-15 21:20 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B2FB.tmp.exe
2018-08-16 19:01 - 2018-08-16 19:01 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B383.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B460.tmp.exe
2018-07-15 21:20 - 2018-07-15 21:20 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\B50F.tmp.exe
2018-07-02 11:45 - 2018-07-02 11:45 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\B56E.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\BC2.tmp.exe
2018-07-29 15:29 - 2018-07-29 15:29 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\BCA5.tmp.exe
2018-08-16 19:01 - 2018-08-16 19:01 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\BF5B.tmp.exe
2018-08-23 14:17 - 2018-08-23 14:17 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\C387.tmp.exe
2018-07-29 15:30 - 2018-07-29 15:30 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\C6B6.tmp.exe
2018-07-31 16:18 - 2018-07-31 16:18 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\CC73.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\CD9B.tmp.exe
2018-07-21 16:02 - 2018-07-21 16:02 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D425.tmp.exe
2018-08-06 06:55 - 2018-08-06 06:55 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D54E.tmp.exe
2018-08-06 06:56 - 2018-08-06 06:56 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\D59B.tmp.exe
2018-08-06 06:56 - 2018-08-06 06:56 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\D6A6.tmp.exe
2018-07-22 04:38 - 2018-07-22 04:38 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D702.tmp.exe
2018-08-09 23:09 - 2018-08-09 23:09 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\DCEE.tmp.exe
2018-08-09 23:09 - 2018-08-09 23:09 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\DD7C.tmp.exe
2018-07-18 13:32 - 2018-07-18 13:32 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\E237.tmp.exe
2018-08-06 06:49 - 2018-08-06 06:49 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\EB24.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\EB36.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\EBC4.tmp.exe
2018-07-15 21:16 - 2018-07-15 21:16 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\ED54.tmp.exe
2018-08-16 19:00 - 2018-08-16 19:00 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\EEB8.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\EF64.tmp.exe
2018-08-29 08:57 - 2018-08-29 08:57 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\F07E.tmp.exe
2018-07-23 03:14 - 2018-07-23 03:14 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\F8BD.tmp.exe
2018-07-21 12:36 - 2018-07-21 12:36 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\FBAD.tmp.exe
2018-07-22 17:29 - 2018-07-22 17:29 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\FD07.tmp.exe
2017-06-20 16:57 - 2017-06-20 16:57 - 097404904 _____ (Seagate) C:\Users\dannyid\AppData\Local\Temp\setup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-08-27 04:13
==================== End of FRST.txt ============================
Edited by sefnf, 02 September 2018 - 04:27 PM.