Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System may be infexted [Solved]

Started by Hari Prahlad , Feb 25 2019 05:34 AM
malware virus Autopico leplus

  • This topic is locked This topic is locked

#1
Hari Prahlad
Posted 25 February 2019 - 05:34 AM

Hari Prahlad

    Member

  • Member
  • PipPipPip
  • 301 posts

Hi

 

Kaspersky gives me strange warnings, screenshot attached.  I have windows opening all by themselves by Tampermonkey.  I attach FRST files as desired by you.  

 

Kindly help.

 

FRST

 

"Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2019 02

Ran by admin (administrator) on USER (25-02-2019 16:50:54)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Huawei Technologies Co., Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(TAOBAO (CHINA) SOFTWARE CO.,LTD. -> ) C:\Program Files (x86)\UCBrowser\Application\UCService.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(LENOVO -> Lenovo) [File not signed] C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2016-03-22] (LENOVO -> Lenovo) [File not signed]
HKLM-x32\...\Run: [CheckNDISPort55ac29] => C:\Program Files (x86)\Vodafone Mobile Connect\CheckNDISPort_df.exe [478928 2017-10-13] (ZTE CORPORATION -> )
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Vodafone Mobile Connect\CancelAutoPlay_df.exe [448208 2017-10-13] (ZTE CORPORATION -> )
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {096eaa51-0d84-11e9-8286-5c93a27a9186} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {5221b181-7b5a-11e7-826d-5c93a27a9186} - "G:\AutoRun.exe" 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {d5bb046f-d9f0-11e8-827d-5c93a27a9186} - "G:\Windows\AutoRun.exe" 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {f95a5e0f-bb05-11e7-8275-5c93a27a9186} - "G:\Lenovo_Suite.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{65122CB0-EA0F-47DF-A953-017170ED12F9}] -> "C:\Program Files (x86)\UCBrowser\Application\5.7.16281.1003\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser"
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3D22F6EB-7D48-4581-8A4A-7761F8E75A76}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7E9EBC38-283C-4B56-89DA-0535C2A81429}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{C298CBC9-DE40-4263-BD24-A79463D2BF0D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F2083A6A-EC22-4295-A53A-8EE8CD7C5778}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F916C187-3FE7-40E2-8C16-F14583B0F455}: [DhcpNameServer] 192.168.43.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]
 
Internet Explorer:
==================
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-07-27] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
 
FireFox:
========
FF DefaultProfile: euxfq1nu.default-1509187813890
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 [2019-01-01]
FF Homepage: Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 -> hxxps://www.google.com/
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-12-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-01] <==== ATTENTION
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2019-02-25]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-29]
CHR Extension: (Video & GIF Downloader For Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajanondpapegkikdhmmhmoogcaajdokn [2018-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-15]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-20]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-12-14]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-20]
CHR Extension: (OpenERP) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapopdbfnfhcgfdldoielojfiidmecaj [2018-12-14]
CHR Extension: (Message Cleaner) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanahkfmlgbgmnjlcmpmjcmbldniele [2017-10-29]
CHR Extension: (Tampermonkey) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-02-22]
CHR Extension: (Video Downloader professional) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-09-21]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-24]
CHR Extension: (Delete All Messages for Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnpnpdgfopkoibbhemhdinhcbghpokf [2019-01-15]
CHR Extension: (Multi Forward for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2017-08-02]
CHR Extension: (Save to Facebook) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-02-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-02-23]
CHR Extension: (Facebook Fast Delete Messages) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmpnhheahecaojonebajllddfhpilan [2017-06-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-21]
CHR Extension: (Anti-Phishing & Authenticity Checker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggehmlfnempkheebgikhmemhnnpacle [2018-12-14]
CHR Extension: (Bahmni Home) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlejgcccohmalhjkncfcbnbekihgnnmg [2017-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-15]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [322176 2014-12-01] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
S4 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-03-11] (Intel Corporation - pGFX -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] (Huawei Technologies Co., Ltd. -> )
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG -> Nero AG)
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [656784 2017-12-20] (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> ) <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-07-01] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1214752 2018-10-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2299392 2015-01-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros, Inc.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-25 16:50 - 2019-02-25 16:52 - 000022496 _____ C:\Users\admin\Desktop\FRST.txt
2019-02-25 16:47 - 2019-02-25 16:47 - 002433536 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2019-02-25 12:50 - 2019-02-25 12:50 - 000001198 _____ C:\Users\admin\Desktop\Depression.txt
2019-02-21 20:42 - 2019-02-21 20:42 - 000000050 _____ C:\Users\admin\Desktop\proverbs.txt
2019-02-21 19:33 - 2019-02-21 19:33 - 000002230 _____ C:\Users\admin\Desktop\WhatsApp.lnk
2019-02-21 19:33 - 2019-02-21 19:33 - 000000000 ____D C:\Users\admin\AppData\Local\WhatsApp
2019-02-21 14:52 - 2019-02-21 14:53 - 139467192 _____ (WhatsApp) C:\Users\admin\Downloads\WhatsAppSetup.exe
2019-02-19 14:49 - 2019-02-19 14:49 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-19 14:49 - 2019-02-19 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-19 14:49 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-19 10:25 - 2019-02-19 10:29 - 040477384 _____ C:\Users\admin\Downloads\vlc-3.0.6-win32 (1).exe
2019-02-19 10:22 - 2019-02-19 10:41 - 1393857432 _____ C:\Users\admin\Downloads\Tamil Full Comedy Movie Panchathantiram Kamal Haasan Simran Jayaram Ramya Krishnan.mp4
2019-02-19 09:03 - 2019-02-19 09:03 - 000161870 _____ C:\Users\admin\Desktop\Poetry.pdf
2019-02-17 17:19 - 2019-02-17 17:25 - 132337635 _____ C:\Users\admin\Downloads\Zinedine Zidane - The Artist HD.mp4
2019-02-17 15:04 - 2019-02-17 15:06 - 039963802 _____ (AmoyShare Technology Company) C:\Users\admin\Downloads\anyvid-win (1).exe
2019-02-17 07:41 - 2019-02-17 07:41 - 000053490 _____ C:\Users\admin\Downloads\Valluvar.zip
2019-02-17 07:41 - 2015-09-21 17:15 - 000000000 ____D C:\Users\admin\Downloads\Valluvar
2019-02-16 09:00 - 2019-02-16 09:00 - 000250775 _____ C:\Users\admin\Downloads\Dr_Sarojini_PrahladSat-Feb-16-03_29_47-2019.pdf
2019-02-14 09:46 - 2019-02-14 09:47 - 062530321 _____ C:\Users\admin\Downloads\Stavros Flatly - BGT 2009 - AUDITION - HD - EryGarza (1 of My Top 5's).mp4
2019-02-13 10:41 - 2019-02-13 10:41 - 000046956 _____ C:\Users\admin\Downloads\images (19).jpeg
2019-02-13 06:23 - 2019-02-06 07:37 - 003323392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-02-13 06:23 - 2019-02-06 07:13 - 003616768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-02-13 06:23 - 2019-02-06 06:23 - 002780160 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-02-13 06:23 - 2019-02-06 06:14 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-02-13 06:23 - 2019-01-26 06:32 - 025736192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-02-13 06:23 - 2019-01-26 06:08 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-02-13 06:23 - 2019-01-26 06:06 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-02-13 06:23 - 2019-01-26 06:02 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-02-13 06:23 - 2019-01-26 05:57 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-02-13 06:23 - 2019-01-26 05:54 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-02-13 06:23 - 2019-01-26 05:36 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-02-13 06:23 - 2019-01-26 05:33 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-02-13 06:23 - 2019-01-26 05:27 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-02-13 06:23 - 2019-01-26 05:26 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-02-13 06:23 - 2019-01-26 05:18 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-02-13 06:23 - 2019-01-26 05:16 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-02-13 06:23 - 2019-01-26 05:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-02-13 06:23 - 2019-01-26 05:04 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-02-13 06:23 - 2019-01-26 05:04 - 004494336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-02-13 06:23 - 2019-01-26 05:01 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-02-13 06:23 - 2019-01-26 04:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-02-13 06:23 - 2019-01-26 04:52 - 001556480 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-02-13 06:23 - 2019-01-26 04:42 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-02-13 06:23 - 2019-01-26 04:41 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-02-13 06:23 - 2019-01-26 04:38 - 001331200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-02-13 06:23 - 2019-01-26 04:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-02-13 06:23 - 2019-01-12 07:06 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-02-13 06:23 - 2019-01-12 07:05 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-02-13 06:23 - 2019-01-12 06:48 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-02-13 06:23 - 2019-01-09 12:06 - 001901688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-02-13 06:23 - 2019-01-09 11:57 - 002533920 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-02-13 06:23 - 2019-01-09 11:54 - 007371512 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-13 06:23 - 2019-01-09 09:04 - 001755136 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-02-13 06:23 - 2019-01-09 09:04 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 06:23 - 2019-01-09 08:51 - 001493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-02-13 06:23 - 2019-01-09 08:51 - 000102400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 06:23 - 2019-01-08 10:24 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-02-13 06:23 - 2019-01-08 06:52 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-02-13 06:23 - 2019-01-08 06:52 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-02-13 06:23 - 2019-01-05 23:18 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-02-13 06:23 - 2019-01-05 23:17 - 000684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-02-13 06:23 - 2019-01-05 23:16 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-02-13 06:23 - 2018-12-27 23:27 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-02-13 06:23 - 2018-12-27 22:00 - 000626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-02-13 06:23 - 2018-12-08 21:31 - 000513376 _____ C:\Windows\SysWOW64\locale.nls
2019-02-13 06:23 - 2018-12-08 21:31 - 000513376 _____ C:\Windows\system32\locale.nls
2019-02-13 06:23 - 2018-12-02 15:38 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-02-13 06:23 - 2018-12-01 22:14 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-02-13 06:23 - 2018-10-12 18:49 - 000998480 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-02-11 19:29 - 2019-02-11 19:33 - 189059049 _____ C:\Users\admin\Downloads\The Magic Of Zinedine Zidane ● Real Madrid 2001 - 2006.mp4
2019-02-11 17:22 - 2019-02-11 17:26 - 156470791 _____ C:\Users\admin\Downloads\Saraswati Puja Mantra and Pushpanjali (1).mp4
2019-02-08 18:29 - 2019-02-08 18:30 - 083679983 _____ C:\Users\admin\Downloads\Ennodu Nee Irundal.HD Full Video Song __ I Movie Songs __ AR Rahman, Vikram, Shankar __ Tamil.mp4
2019-02-08 05:40 - 2019-02-08 05:40 - 000346247 _____ C:\Users\admin\Downloads\Slanguage within tricky tongue (1).pdf
2019-02-06 13:21 - 2019-02-06 13:22 - 000000000 ____D C:\Users\admin\Desktop\PP
2019-02-05 16:40 - 2019-02-05 16:40 - 000000000 ____D C:\Users\admin\AppData\Roaming\AnyVid
2019-02-05 16:40 - 2019-02-05 16:40 - 000000000 ____D C:\Users\admin\.anyvid
2019-02-05 16:38 - 2019-02-05 16:39 - 039963802 _____ (AmoyShare Technology Company) C:\Users\admin\Downloads\anyvid-win.exe
2019-02-04 07:19 - 2019-02-04 07:19 - 000250775 _____ C:\Users\admin\Downloads\Dr Sarojini Prahlad.pdf
2019-02-04 07:19 - 2019-02-04 07:19 - 000250775 _____ C:\Users\admin\Desktop\Dr Sarojini Prahlad.pdf
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-25 16:53 - 2019-01-20 13:49 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2019-02-25 16:50 - 2018-12-15 10:57 - 000000000 ____D C:\FRST
2019-02-25 16:47 - 2017-04-20 07:19 - 000000466 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2019-02-25 16:35 - 2014-03-18 15:34 - 000820208 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-25 16:35 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
2019-02-25 16:23 - 2017-04-21 08:36 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4A6C8BA-157C-4671-970D-5A9A13D3CC10}
2019-02-25 16:20 - 2017-04-25 09:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-25 16:20 - 2017-04-20 07:19 - 000000302 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
2019-02-23 20:09 - 2017-04-19 19:10 - 000000000 ____D C:\Users\admin\AppData\Roaming\Atheros
2019-02-23 17:59 - 2017-04-20 07:01 - 000000000 ____D C:\Users\admin\Documents\Bluetooth Folder
2019-02-23 05:54 - 2018-11-13 12:01 - 000000000 ____D C:\Users\admin\Desktop\Pics
2019-02-22 09:07 - 2017-04-20 06:50 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-844090339-168977430-2555540811-1001
2019-02-21 20:37 - 2017-05-20 12:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\WhatsApp
2019-02-21 19:33 - 2017-05-20 12:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-02-21 19:33 - 2017-05-20 12:14 - 000000000 ____D C:\Users\admin\AppData\Local\SquirrelTemp
2019-02-21 18:37 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-02-21 14:14 - 2018-11-13 12:03 - 000000000 ____D C:\Users\admin\Desktop\Video
2019-02-21 14:10 - 2018-11-05 16:20 - 000000000 ____D C:\Users\admin\Desktop\phone
2019-02-19 10:32 - 2019-01-20 13:49 - 000001082 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-02-17 15:08 - 2017-06-04 12:06 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2019-02-15 07:34 - 2017-04-21 12:17 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 07:34 - 2017-04-21 12:17 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-14 18:33 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-14 18:33 - 2013-08-22 20:14 - 000483952 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-14 17:39 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp
2019-02-13 14:36 - 2017-04-20 07:19 - 000003438 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2019-02-13 09:20 - 2018-10-29 12:20 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-13 09:20 - 2017-09-19 05:09 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-02-13 09:20 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-13 09:20 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-12 10:33 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\LiveKernelReports
2019-02-09 05:45 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-02-06 13:21 - 2019-01-21 08:36 - 000000000 ____D C:\Users\admin\Desktop\Notepad
2019-02-06 13:20 - 2019-01-21 08:36 - 000000000 ____D C:\Users\admin\Desktop\Word
2019-02-05 16:40 - 2017-04-20 06:43 - 000000000 ____D C:\Users\admin
2019-02-03 01:37 - 2017-06-21 08:03 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-03 01:37 - 2017-06-21 08:03 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-02 12:13 - 2017-07-12 08:33 - 000000000 ____D C:\Users\admin\Desktop\Hari
 
==================== Files in the root of some directories =======
 
2017-05-08 13:26 - 2017-09-09 13:54 - 000005120 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-11 19:12 - 2017-05-11 19:12 - 000000000 _____ () C:\Users\admin\AppData\Local\{D0478A62-141E-4DB0-823C-FBA3EF766F66}
 
Some files in TEMP:
====================
2019-01-14 08:40 - 2019-01-14 08:40 - 040477384 _____ () C:\Users\admin\AppData\Local\Temp\vlc-3.0.6-win32.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-14 17:29
 
==================== End of FRST.txt ============================"
 
Addition
 
"Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2019 02
Ran by admin (25-02-2019 16:53:50)
Running from C:\Users\admin\Desktop
Windows 8.1 Pro (Update) (X64) (2017-04-20 01:13:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-844090339-168977430-2555540811-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-844090339-168977430-2555540811-500 - Administrator - Disabled)
Guest (S-1-5-21-844090339-168977430-2555540811-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
iBall Face2Face Webcam C8.0 (HKLM-x32\...\{D20DAFCD-D58E-44EC-99CA-BB1FD7387F5C}) (Version: 1.0.0.0 - VideoCap)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{B2913DAE-3EBC-4C88-8245-0AA34B2E461D}) (Version: 17.1.1450.0402 - Intel Corporation)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Lenovo Moto Smart Assistant (HKLM-x32\...\{C050AF2D-DD41-455E-A65E-628637B4A9CC}) (Version: 3.0.0.6 - Lenovo)
LenovoUsbDriver 1.1.33 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.33 - Lenovo)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Assistant (HKLM-x32\...\{BAE5A642-2B18-411F-A79A-D3B213385ACA}) (Version: 1.4.1.14200 - Lenovo)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.177L - Qualcomm Atheros)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.47 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39063 - Realtek Semiconductor Corp.)
UC Browser (HKLM-x32\...\UCBrowser) (Version: 7.0.185.1002 - UCWeb Inc.) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vodafone Mobile Connect (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.3 - ZTE Corporation)
WhatsApp (HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\WhatsApp) (Version: 0.3.2043 - WhatsApp)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version:  - )
Windows Driver Package - MediaTek Inc. (wdm_usb) Ports  (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-25] (Nero AG -> Nero AG)
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-03-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DCDEB5C-2A7C-48A4-A53B-EC4FB36A6600} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0EE47038-C6ED-4F4F-B514-A10B7EB711BE} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
Task: {13A8C07B-CBA2-43FD-9BF3-CFE030D1C5C0} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> UCWeb Inc) <==== ATTENTION
Task: {3FC3F079-6081-49FF-916A-1F0D51593867} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {69DBB2D3-CDFE-44DE-965A-C049476056F8} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {718B462D-642E-4D71-A58A-130FB25AC2FA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe (Kaspersky Lab -> AO Kaspersky Lab)
Task: {723F3A83-6C29-47A9-BD81-CEADA00A2C4F} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> UCWeb Inc) <==== ATTENTION
Task: {7520ACC7-D2C2-42C4-8543-2CAE9F797492} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {B2E2873B-3113-4057-8A01-9FEF9E84AFCB} - System32\Tasks\{496F90B5-C9B5-4A27-9AFE-955D281DC2B0} => C:\Windows\system32\pcalua.exe -a G:\LenovoUsbDriver_autorun_1.0.17.exe -d G:\
Task: {BD06ECF5-8E2D-4779-83A0-0D6A3018A920} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CE05F840-39B2-4BC0-8553-57BBCEEAA31A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {E7872C45-D201-4AF3-9705-3115CB2C7B24} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe (LENOVO -> Lenovo) [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bahmni Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nlejgcccohmalhjkncfcbnbekihgnnmg
ShortcutWithArgument: C:\Users\Public\Desktop\Vodafone.lnk -> C:\Program Files (x86)\Vodafone Mobile Connect\LaunchWebUI.exe () -> hxxp://vodafonemobileconnect.4G
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-27 04:12 - 2015-01-27 04:12 - 000139264 _____ () [File not signed] C:\Windows\system32\ihvmanager\AthIHVManager.dll
2015-01-27 04:11 - 2015-01-27 04:11 - 000376320 _____ (Quacomm Atheros, Inc.) [File not signed] C:\Windows\system32\ihvmanager\AthIhvWlanVoE.dll
2006-10-27 02:10 - 2006-10-27 02:10 - 000335872 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2014-12-01 07:02 - 2014-12-01 07:02 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000116352 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutLookLib.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 002499208 _____ (LENOVO -> Lenovo) [File not signed] C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000134784 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000096768 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000422400 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2014-12-01 06:57 - 2014-12-01 06:57 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2014-12-01 06:54 - 2014-12-01 06:54 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\skypeagent.dll
2014-12-01 07:00 - 2014-12-01 07:00 - 000012928 _____ (Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2016-03-22 16:09 - 2016-03-22 16:09 - 000109704 _____ (LENOVO -> ) [File not signed] C:\Program Files (x86)\MagicPlus\crashreport.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000354440 _____ (LENOVO -> ) [File not signed] C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000418952 _____ (LENOVO -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\MagicPlus\MSVCP100.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000771720 _____ (LENOVO -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\MagicPlus\MSVCR100.dll
2017-04-20 07:24 - 2017-04-20 07:24 - 000095744 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2017-09-19 06:32 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: AVP16.0.1 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: UCBrowserSvc => 2
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPort55ac29"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F3791660-E337-4F8E-8B50-B065B489997E}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> UCWeb Inc.)
FirewallRules: [{1D5FFC58-EBB8-46CC-BC10-80AA0EFAF0B6}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe No File
FirewallRules: [{0A687043-A69C-4264-8F6A-16D83821C55F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> UCWeb Inc.)
FirewallRules: [{3698853D-E40D-4AA0-A66F-DBB0E4A80524}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF178FBD-4C15-4C3D-BD1D-5BF6DE8C0CC3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{A92C2F83-407A-42B3-90A4-BD76EC4D07FE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{B65E01E2-1FAD-445E-AB2E-916B7B2D4B4A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
15-12-2018 12:58:20 Windows Update
22-12-2018 08:53:14 Windows Update
10-01-2019 10:54:51 Windows Update
13-02-2019 15:47:59 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/25/2019 04:21:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/25/2019 04:21:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=40
 
Error: (02/25/2019 12:30:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/25/2019 12:30:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=39
 
Error: (02/25/2019 09:42:24 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/25/2019 09:42:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/25/2019 07:32:46 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).
 
Error: (02/25/2019 06:44:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (02/25/2019 07:23:53 AM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: The following service has repeatedly stopped responding to service control requests: Kaspersky Anti-Virus Service 19.0.0
 
Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.
 
You may have to restart the computer in safe mode before you can disable the service.
 
Error: (02/25/2019 07:23:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP19.0.0 service.
 
Error: (02/25/2019 07:22:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP19.0.0 service.
 
Error: (02/25/2019 07:20:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP19.0.0 service.
 
Error: (02/25/2019 07:20:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP19.0.0 service.
 
Error: (02/25/2019 07:19:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP19.0.0 service.
 
Error: (02/25/2019 07:19:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP19.0.0 service.
 
Error: (02/25/2019 07:18:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP19.0.0 service.
 
 
Windows Defender:
===================================
Date: 2017-04-25 09:28:04.158
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2017-04-25 09:28:04.158
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2017-04-24 19:54:26.943
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 106.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-04-24 19:54:26.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.155.266.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-04-24 19:54:26.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.155.266.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 78%
Total physical RAM: 4016.42 MB
Available physical RAM: 874.43 MB
Total Virtual: 6586.22 MB
Available Virtual: 2996.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:243.8 GB) (Free:170.26 GB) NTFS
Drive d: (Data) (Fixed) (Total:341.8 GB) (Free:321.45 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:284.72 GB) NTFS
Drive g: () (Removable) (Total:30 GB) (Free:10.22 GB) FAT32
 
\\?\Volume{b5d81129-2565-11e7-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F7B2ADD7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Protective MBR) (Size: 30 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================"

Edited by Hari Prahlad, 25 February 2019 - 05:52 AM.

  • 0

Advertisements

#2
iMacg3
Posted 25 February 2019 - 09:42 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, uninstall it before proceeding.
  • If you don't respond to your topic in 4 days, it will be closed. You can have it reopened by contacting me or any staff member by pm with the address of the thread.
  • If you have questions about anything, please ask.
--------------------

I don't see the attached screenshot - can you try posting it again?

--------------------

If you do not wish to keep the Tampermoney extension, uninstall it:

Uninstall a Chrome Extension

Type chrome://extensions in the address bar and press Enter.
Click the trash can icon next to ehf ollowing extension/s:

Tampermonkey

A confirmation dialog box will appear, click Remove.

--------------------

Press the Windows Key + R. This will open the Run box.
Type Appwiz.cpl and click OK.

A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

UC Browser

Follow the steps in the uninstaller to remove the program.

--------------------

Highlight the contents of the below code box and press Ctrl + C:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-01] <==== ATTENTION 

CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

Task: {B2E2873B-3113-4057-8A01-9FEF9E84AFCB} - System32\Tasks\{496F90B5-C9B5-4A27-9AFE-955D281DC2B0} => C:\Windows\system32\pcalua.exe -a G:\LenovoUsbDriver_autorun_1.0.17.exe -d G:\

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

--------------------

Right-click on FRST/FRST64 and click Run as Administrator
Click on Scan. Once the scan is complete, two log files will open in Notepad. (FRST.txt and Addition.txt)

Please copy and paste the contents of FRST.txt and Addition.txt in your next reply.

--------------------

In your next reply, please include:
  • Fixlog.txt
  • FRST.txt
  • Addition.txt
Let me know if the problems persist.

Thanks.
  • 0

#3
Hari Prahlad
Posted 25 February 2019 - 06:59 PM

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 301 posts

Hi, 

 

Thanks for your help.

 

Here are the files you requested:

 

1. Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01
Ran by admin (26-02-2019 06:00:58) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-01] <==== ATTENTION 
CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {B2E2873B-3113-4057-8A01-9FEF9E84AFCB} - System32\Tasks\{496F90B5-C9B5-4A27-9AFE-955D281DC2B0} => C:\Windows\system32\pcalua.exe -a G:\LenovoUsbDriver_autorun_1.0.17.exe -d G:\
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js => moved successfully
C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg => moved successfully
HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo => removed successfully
HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2E2873B-3113-4057-8A01-9FEF9E84AFCB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2E2873B-3113-4057-8A01-9FEF9E84AFCB}" => removed successfully
C:\Windows\System32\Tasks\{496F90B5-C9B5-4A27-9AFE-955D281DC2B0} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{496F90B5-C9B5-4A27-9AFE-955D281DC2B0}" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 113258040 B
Java, Flash, Steam htmlcache => 1814 B
Windows/system/drivers => 405871332 B
Edge => 0 B
Chrome => 800326929 B
Firefox => 1094871796 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 89112 B
NetworkService => 19878 B
admin => 605519778 B
 
RecycleBin => 0 B
EmptyTemp: => 2.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 06:06:22 ====
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01
Ran by admin (administrator) on USER (26-02-2019 06:13:41)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Huawei Technologies Co., Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LENOVO -> Lenovo) [File not signed] C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2016-03-22] (LENOVO -> Lenovo) [File not signed]
HKLM-x32\...\Run: [CheckNDISPort55ac29] => C:\Program Files (x86)\Vodafone Mobile Connect\CheckNDISPort_df.exe [478928 2017-10-13] (ZTE CORPORATION -> )
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Vodafone Mobile Connect\CancelAutoPlay_df.exe [448208 2017-10-13] (ZTE CORPORATION -> )
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {096eaa51-0d84-11e9-8286-5c93a27a9186} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {5221b181-7b5a-11e7-826d-5c93a27a9186} - "G:\AutoRun.exe" 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {d5bb046f-d9f0-11e8-827d-5c93a27a9186} - "G:\Windows\AutoRun.exe" 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {f95a5e0f-bb05-11e7-8275-5c93a27a9186} - "G:\Lenovo_Suite.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-26] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3D22F6EB-7D48-4581-8A4A-7761F8E75A76}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7E9EBC38-283C-4B56-89DA-0535C2A81429}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{C298CBC9-DE40-4263-BD24-A79463D2BF0D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F2083A6A-EC22-4295-A53A-8EE8CD7C5778}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F916C187-3FE7-40E2-8C16-F14583B0F455}: [DhcpNameServer] 192.168.43.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]
 
Internet Explorer:
==================
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-07-27] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
 
FireFox:
========
FF DefaultProfile: euxfq1nu.default-1509187813890
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 [2019-02-26]
FF Homepage: Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 -> hxxps://www.google.com/
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-12-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2019-02-26]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-29]
CHR Extension: (Video & GIF Downloader For Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajanondpapegkikdhmmhmoogcaajdokn [2018-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-15]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-20]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-12-14]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-20]
CHR Extension: (OpenERP) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapopdbfnfhcgfdldoielojfiidmecaj [2018-12-14]
CHR Extension: (Video Downloader professional) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-09-21]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-24]
CHR Extension: (Delete All Messages for Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnpnpdgfopkoibbhemhdinhcbghpokf [2019-01-15]
CHR Extension: (Multi Forward for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2017-08-02]
CHR Extension: (Save to Facebook) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-02-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-02-26]
CHR Extension: (Facebook Fast Delete Messages) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmpnhheahecaojonebajllddfhpilan [2017-06-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-21]
CHR Extension: (Anti-Phishing & Authenticity Checker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggehmlfnempkheebgikhmemhnnpacle [2018-12-14]
CHR Extension: (Bahmni Home) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlejgcccohmalhjkncfcbnbekihgnnmg [2017-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-15]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [322176 2014-12-01] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
S4 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-03-11] (Intel Corporation - pGFX -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] (Huawei Technologies Co., Ltd. -> )
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG -> Nero AG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-07-01] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1214752 2018-10-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-26] (Malwarebytes Corporation -> Malwarebytes)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2299392 2015-01-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros, Inc.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-26 06:08 - 2019-02-26 06:08 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-26 06:00 - 2019-02-26 06:06 - 000003354 _____ C:\Users\admin\Desktop\Fixlog.txt
2019-02-26 06:00 - 2019-02-26 06:00 - 000000000 ____D C:\Users\admin\Desktop\FRST-OlderVersion
2019-02-25 16:53 - 2019-02-25 16:56 - 000037029 _____ C:\Users\admin\Desktop\Addition.txt
2019-02-25 16:50 - 2019-02-26 06:15 - 000021304 _____ C:\Users\admin\Desktop\FRST.txt
2019-02-25 16:47 - 2019-02-26 06:00 - 002433536 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2019-02-25 12:50 - 2019-02-25 12:50 - 000001198 _____ C:\Users\admin\Desktop\Depression.txt
2019-02-21 20:42 - 2019-02-21 20:42 - 000000050 _____ C:\Users\admin\Desktop\proverbs.txt
2019-02-21 19:33 - 2019-02-21 19:33 - 000002230 _____ C:\Users\admin\Desktop\WhatsApp.lnk
2019-02-21 19:33 - 2019-02-21 19:33 - 000000000 ____D C:\Users\admin\AppData\Local\WhatsApp
2019-02-21 14:52 - 2019-02-21 14:53 - 139467192 _____ (WhatsApp) C:\Users\admin\Downloads\WhatsAppSetup.exe
2019-02-19 14:49 - 2019-02-19 14:49 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-19 14:49 - 2019-02-19 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-19 14:49 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-19 10:25 - 2019-02-19 10:29 - 040477384 _____ C:\Users\admin\Downloads\vlc-3.0.6-win32 (1).exe
2019-02-19 10:22 - 2019-02-19 10:41 - 1393857432 _____ C:\Users\admin\Downloads\Tamil Full Comedy Movie Panchathantiram Kamal Haasan Simran Jayaram Ramya Krishnan.mp4
2019-02-19 09:03 - 2019-02-19 09:03 - 000161870 _____ C:\Users\admin\Desktop\Poetry.pdf
2019-02-17 17:19 - 2019-02-17 17:25 - 132337635 _____ C:\Users\admin\Downloads\Zinedine Zidane - The Artist HD.mp4
2019-02-17 15:04 - 2019-02-17 15:06 - 039963802 _____ (AmoyShare Technology Company) C:\Users\admin\Downloads\anyvid-win (1).exe
2019-02-17 07:41 - 2019-02-17 07:41 - 000053490 _____ C:\Users\admin\Downloads\Valluvar.zip
2019-02-17 07:41 - 2015-09-21 17:15 - 000000000 ____D C:\Users\admin\Downloads\Valluvar
2019-02-16 09:00 - 2019-02-16 09:00 - 000250775 _____ C:\Users\admin\Downloads\Dr_Sarojini_PrahladSat-Feb-16-03_29_47-2019.pdf
2019-02-14 09:46 - 2019-02-14 09:47 - 062530321 _____ C:\Users\admin\Downloads\Stavros Flatly - BGT 2009 - AUDITION - HD - EryGarza (1 of My Top 5's).mp4
2019-02-13 10:41 - 2019-02-13 10:41 - 000046956 _____ C:\Users\admin\Downloads\images (19).jpeg
2019-02-13 06:23 - 2019-02-06 07:37 - 003323392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-02-13 06:23 - 2019-02-06 07:13 - 003616768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-02-13 06:23 - 2019-02-06 06:23 - 002780160 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-02-13 06:23 - 2019-02-06 06:14 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-02-13 06:23 - 2019-01-26 06:32 - 025736192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-02-13 06:23 - 2019-01-26 06:08 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-02-13 06:23 - 2019-01-26 06:06 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-02-13 06:23 - 2019-01-26 06:02 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-02-13 06:23 - 2019-01-26 05:57 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-02-13 06:23 - 2019-01-26 05:54 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-02-13 06:23 - 2019-01-26 05:36 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-02-13 06:23 - 2019-01-26 05:33 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-02-13 06:23 - 2019-01-26 05:27 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-02-13 06:23 - 2019-01-26 05:26 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-02-13 06:23 - 2019-01-26 05:18 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-02-13 06:23 - 2019-01-26 05:16 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-02-13 06:23 - 2019-01-26 05:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-02-13 06:23 - 2019-01-26 05:04 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-02-13 06:23 - 2019-01-26 05:04 - 004494336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-02-13 06:23 - 2019-01-26 05:01 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-02-13 06:23 - 2019-01-26 04:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-02-13 06:23 - 2019-01-26 04:52 - 001556480 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-02-13 06:23 - 2019-01-26 04:42 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-02-13 06:23 - 2019-01-26 04:41 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-02-13 06:23 - 2019-01-26 04:38 - 001331200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-02-13 06:23 - 2019-01-26 04:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-02-13 06:23 - 2019-01-12 07:06 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-02-13 06:23 - 2019-01-12 07:05 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-02-13 06:23 - 2019-01-12 06:48 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-02-13 06:23 - 2019-01-09 12:06 - 001901688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-02-13 06:23 - 2019-01-09 11:57 - 002533920 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-02-13 06:23 - 2019-01-09 11:54 - 007371512 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-13 06:23 - 2019-01-09 09:04 - 001755136 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-02-13 06:23 - 2019-01-09 09:04 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 06:23 - 2019-01-09 08:51 - 001493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-02-13 06:23 - 2019-01-09 08:51 - 000102400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 06:23 - 2019-01-08 10:24 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-02-13 06:23 - 2019-01-08 06:52 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-02-13 06:23 - 2019-01-08 06:52 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-02-13 06:23 - 2019-01-05 23:18 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-02-13 06:23 - 2019-01-05 23:17 - 000684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-02-13 06:23 - 2019-01-05 23:16 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-02-13 06:23 - 2018-12-27 23:27 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-02-13 06:23 - 2018-12-27 22:00 - 000626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-02-13 06:23 - 2018-12-08 21:31 - 000513376 _____ C:\Windows\SysWOW64\locale.nls
2019-02-13 06:23 - 2018-12-08 21:31 - 000513376 _____ C:\Windows\system32\locale.nls
2019-02-13 06:23 - 2018-12-02 15:38 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-02-13 06:23 - 2018-12-01 22:14 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-02-13 06:23 - 2018-10-12 18:49 - 000998480 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-02-11 19:29 - 2019-02-11 19:33 - 189059049 _____ C:\Users\admin\Downloads\The Magic Of Zinedine Zidane ● Real Madrid 2001 - 2006.mp4
2019-02-11 17:22 - 2019-02-11 17:26 - 156470791 _____ C:\Users\admin\Downloads\Saraswati Puja Mantra and Pushpanjali (1).mp4
2019-02-08 18:29 - 2019-02-08 18:30 - 083679983 _____ C:\Users\admin\Downloads\Ennodu Nee Irundal.HD Full Video Song __ I Movie Songs __ AR Rahman, Vikram, Shankar __ Tamil.mp4
2019-02-08 05:40 - 2019-02-08 05:40 - 000346247 _____ C:\Users\admin\Downloads\Slanguage within tricky tongue (1).pdf
2019-02-06 13:21 - 2019-02-06 13:22 - 000000000 ____D C:\Users\admin\Desktop\PP
2019-02-05 16:40 - 2019-02-05 16:40 - 000000000 ____D C:\Users\admin\AppData\Roaming\AnyVid
2019-02-05 16:40 - 2019-02-05 16:40 - 000000000 ____D C:\Users\admin\.anyvid
2019-02-05 16:38 - 2019-02-05 16:39 - 039963802 _____ (AmoyShare Technology Company) C:\Users\admin\Downloads\anyvid-win.exe
2019-02-04 07:19 - 2019-02-04 07:19 - 000250775 _____ C:\Users\admin\Downloads\Dr Sarojini Prahlad.pdf
2019-02-04 07:19 - 2019-02-04 07:19 - 000250775 _____ C:\Users\admin\Desktop\Dr Sarojini Prahlad.pdf
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-26 06:13 - 2018-12-15 10:57 - 000000000 ____D C:\FRST
2019-02-26 06:13 - 2017-04-20 06:50 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-844090339-168977430-2555540811-1001
2019-02-26 06:10 - 2017-04-25 09:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-26 06:08 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-26 06:07 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-02-26 06:06 - 2017-04-21 15:27 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Temp
2019-02-26 06:01 - 2017-04-30 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-26 05:59 - 2017-04-21 12:17 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-26 05:59 - 2017-04-21 12:17 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-26 05:51 - 2017-04-21 08:36 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4A6C8BA-157C-4671-970D-5A9A13D3CC10}
2019-02-25 18:10 - 2018-11-13 12:01 - 000000000 ____D C:\Users\admin\Desktop\Pics
2019-02-25 17:59 - 2019-01-20 13:49 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2019-02-25 16:35 - 2014-03-18 15:34 - 000820208 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-25 16:35 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
2019-02-23 20:09 - 2017-04-19 19:10 - 000000000 ____D C:\Users\admin\AppData\Roaming\Atheros
2019-02-23 17:59 - 2017-04-20 07:01 - 000000000 ____D C:\Users\admin\Documents\Bluetooth Folder
2019-02-21 20:37 - 2017-05-20 12:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\WhatsApp
2019-02-21 19:33 - 2017-05-20 12:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-02-21 19:33 - 2017-05-20 12:14 - 000000000 ____D C:\Users\admin\AppData\Local\SquirrelTemp
2019-02-21 18:37 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-02-21 14:14 - 2018-11-13 12:03 - 000000000 ____D C:\Users\admin\Desktop\Video
2019-02-21 14:10 - 2018-11-05 16:20 - 000000000 ____D C:\Users\admin\Desktop\phone
2019-02-19 10:32 - 2019-01-20 13:49 - 000001082 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-02-17 15:08 - 2017-06-04 12:06 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2019-02-14 18:33 - 2013-08-22 20:14 - 000483952 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-14 17:39 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp
2019-02-13 09:20 - 2018-10-29 12:20 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-13 09:20 - 2017-09-19 05:09 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-02-13 09:20 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-13 09:20 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-12 10:33 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\LiveKernelReports
2019-02-06 13:21 - 2019-01-21 08:36 - 000000000 ____D C:\Users\admin\Desktop\Notepad
2019-02-06 13:20 - 2019-01-21 08:36 - 000000000 ____D C:\Users\admin\Desktop\Word
2019-02-05 16:40 - 2017-04-20 06:43 - 000000000 ____D C:\Users\admin
2019-02-03 01:37 - 2017-06-21 08:03 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-03 01:37 - 2017-06-21 08:03 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-02 12:13 - 2017-07-12 08:33 - 000000000 ____D C:\Users\admin\Desktop\Hari
 
==================== Files in the root of some directories =======
 
2017-05-08 13:26 - 2017-09-09 13:54 - 000005120 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-11 19:12 - 2017-05-11 19:12 - 000000000 _____ () C:\Users\admin\AppData\Local\{D0478A62-141E-4DB0-823C-FBA3EF766F66}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-14 17:29
 
==================== End of FRST.txt ============================
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01
Ran by admin (26-02-2019 06:15:47)
Running from C:\Users\admin\Desktop
Windows 8.1 Pro (Update) (X64) (2017-04-20 01:13:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-844090339-168977430-2555540811-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-844090339-168977430-2555540811-500 - Administrator - Disabled)
Guest (S-1-5-21-844090339-168977430-2555540811-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
iBall Face2Face Webcam C8.0 (HKLM-x32\...\{D20DAFCD-D58E-44EC-99CA-BB1FD7387F5C}) (Version: 1.0.0.0 - VideoCap)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{B2913DAE-3EBC-4C88-8245-0AA34B2E461D}) (Version: 17.1.1450.0402 - Intel Corporation)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Lenovo Moto Smart Assistant (HKLM-x32\...\{C050AF2D-DD41-455E-A65E-628637B4A9CC}) (Version: 3.0.0.6 - Lenovo)
LenovoUsbDriver 1.1.33 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.33 - Lenovo)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Assistant (HKLM-x32\...\{BAE5A642-2B18-411F-A79A-D3B213385ACA}) (Version: 1.4.1.14200 - Lenovo)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.177L - Qualcomm Atheros)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.47 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39063 - Realtek Semiconductor Corp.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vodafone Mobile Connect (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.3 - ZTE Corporation)
WhatsApp (HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\WhatsApp) (Version: 0.3.2043 - WhatsApp)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version:  - )
Windows Driver Package - MediaTek Inc. (wdm_usb) Ports  (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-25] (Nero AG -> Nero AG)
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-03-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DCDEB5C-2A7C-48A4-A53B-EC4FB36A6600} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0EE47038-C6ED-4F4F-B514-A10B7EB711BE} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
Task: {3FC3F079-6081-49FF-916A-1F0D51593867} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {69DBB2D3-CDFE-44DE-965A-C049476056F8} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {718B462D-642E-4D71-A58A-130FB25AC2FA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe (Kaspersky Lab -> AO Kaspersky Lab)
Task: {7520ACC7-D2C2-42C4-8543-2CAE9F797492} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {BD06ECF5-8E2D-4779-83A0-0D6A3018A920} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CE05F840-39B2-4BC0-8553-57BBCEEAA31A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {E7872C45-D201-4AF3-9705-3115CB2C7B24} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe (LENOVO -> Lenovo) [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bahmni Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nlejgcccohmalhjkncfcbnbekihgnnmg
ShortcutWithArgument: C:\Users\Public\Desktop\Vodafone.lnk -> C:\Program Files (x86)\Vodafone Mobile Connect\LaunchWebUI.exe () -> hxxp://vodafonemobileconnect.4G
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-27 04:12 - 2015-01-27 04:12 - 000139264 _____ () [File not signed] C:\Windows\system32\ihvmanager\AthIHVManager.dll
2015-01-27 04:11 - 2015-01-27 04:11 - 000376320 _____ (Quacomm Atheros, Inc.) [File not signed] C:\Windows\system32\ihvmanager\AthIhvWlanVoE.dll
2006-10-27 02:10 - 2006-10-27 02:10 - 000335872 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2014-12-01 07:02 - 2014-12-01 07:02 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000116352 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutLookLib.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 002499208 _____ (LENOVO -> Lenovo) [File not signed] C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000134784 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000096768 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000422400 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2014-12-01 06:57 - 2014-12-01 06:57 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-12-01 06:54 - 2014-12-01 06:54 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\skypeagent.dll
2014-12-01 07:00 - 2014-12-01 07:00 - 000012928 _____ (Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2016-03-22 16:09 - 2016-03-22 16:09 - 000109704 _____ (LENOVO -> ) [File not signed] C:\Program Files (x86)\MagicPlus\crashreport.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000354440 _____ (LENOVO -> ) [File not signed] C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000418952 _____ (LENOVO -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\MagicPlus\MSVCP100.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000771720 _____ (LENOVO -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\MagicPlus\MSVCR100.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-02-19 14:49 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2017-09-19 06:32 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: AVP16.0.1 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: UCBrowserSvc => 2
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPort55ac29"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3698853D-E40D-4AA0-A66F-DBB0E4A80524}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF178FBD-4C15-4C3D-BD1D-5BF6DE8C0CC3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{A92C2F83-407A-42B3-90A4-BD76EC4D07FE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{AEC66816-D855-4E81-9248-6300A57E79CB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
22-12-2018 08:53:14 Windows Update
10-01-2019 10:54:51 Windows Update
13-02-2019 15:47:59 Windows Update
26-02-2019 06:01:04 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/26/2019 06:10:46 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/26/2019 06:10:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/26/2019 06:01:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/26/2019 06:01:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bef3ab9c-869a-410f-b20a-38a10c728e4c}
 
Error: (02/26/2019 05:57:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 
Error: (02/26/2019 05:48:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=42
 
Error: (02/26/2019 05:48:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/26/2019 05:47:36 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
 
System errors:
=============
Error: (02/26/2019 06:07:33 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\ihvmanager\AthIHVManager.dll
 
Error: (02/26/2019 06:07:33 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\ihvmanager\AthIHVManager.dll
 
Error: (02/26/2019 06:07:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\ihvmanager\AthIHVManager.dll
 
Error: (02/26/2019 06:02:03 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (02/26/2019 06:01:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Secure Connection Service 2.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/26/2019 06:01:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/26/2019 06:01:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/26/2019 06:01:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Remote Procedure Call (RPC) Locator service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Windows Defender:
===================================
Date: 2017-04-25 09:28:04.158
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2017-04-25 09:28:04.158
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2017-04-24 19:54:26.943
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 106.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-04-24 19:54:26.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.155.266.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-04-24 19:54:26.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.155.266.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 56%
Total physical RAM: 4016.42 MB
Available physical RAM: 1755.36 MB
Total Virtual: 5552.42 MB
Available Virtual: 3248.66 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:243.8 GB) (Free:176.5 GB) NTFS
Drive d: (Data) (Fixed) (Total:341.8 GB) (Free:321.45 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:284.72 GB) NTFS
 
\\?\Volume{b5d81129-2565-11e7-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F7B2ADD7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================
 
 
 
 

Attached Thumbnails

  • GeeksToGo.JPG

  • 0

#4
Hari Prahlad
Posted 25 February 2019 - 07:01 PM

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 301 posts

Thank you so much.  The Tampermonkey window does  not open now.  I've attached the screenshot.


  • 0

#5
iMacg3
Posted 25 February 2019 - 07:49 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Going over your logs I noticed that you have qBittorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall qBittorrent, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.

-------------------------

Press the Windows Key + R. This will open the Run box.
Type Appwiz.cpl and click OK.

A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

KMSpico

Follow the steps in the uninstaller to remove the program.

Let me know how the computer is doing.

Thanks.
  • 0

#6
Hari Prahlad
Posted 25 February 2019 - 09:28 PM

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 301 posts

Hi

Took your advice and uninstalled qBitTorrent and Spico.  Will restart laptop now

Thanks.

 

Hari


  • 0

#7
iMacg3
Posted 25 February 2019 - 09:40 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Hi,

 

Excellent :thumbsup:

 

After you restart the computer, please run a new scan with FRST, and copy/paste both reports (FRST.txt and Addition.txt) into your reply.


  • 0

#8
Hari Prahlad
Posted 25 February 2019 - 10:39 PM

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 301 posts

Hi

Everything seems to be okay now.

Thanks a million.

 

Hari


  • 0

#9
Hari Prahlad
Posted 25 February 2019 - 10:39 PM

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 301 posts

Hi

Everything seems to be okay now.

Thanks a million.

 

Hari


  • 0

#10
Hari Prahlad
Posted 25 February 2019 - 10:39 PM

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 301 posts

Hi

Everything seems to be okay now.

Thanks a million.

 

Hari


  • 0

Advertisements

#11
iMacg3
Posted 26 February 2019 - 08:10 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Glad to hear the computer is working well. :)

I would still like to see the FRST scan results, to make sure your computer is clean.



Thanks.
  • 0

#12
Hari Prahlad
Posted 26 February 2019 - 07:03 PM

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 301 posts

Sure.  Will do.  Give me half an hour.


  • 0

#13
Hari Prahlad
Posted 26 February 2019 - 07:10 PM

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 301 posts

FRST
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01
Ran by admin (administrator) on USER (27-02-2019 06:34:21)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Huawei Technologies Co., Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(LENOVO -> Lenovo) [File not signed] C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2016-03-22] (LENOVO -> Lenovo) [File not signed]
HKLM-x32\...\Run: [CheckNDISPort55ac29] => C:\Program Files (x86)\Vodafone Mobile Connect\CheckNDISPort_df.exe [478928 2017-10-13] (ZTE CORPORATION -> )
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Vodafone Mobile Connect\CancelAutoPlay_df.exe [448208 2017-10-13] (ZTE CORPORATION -> )
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {096eaa51-0d84-11e9-8286-5c93a27a9186} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {5221b181-7b5a-11e7-826d-5c93a27a9186} - "G:\AutoRun.exe" 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {d5bb046f-d9f0-11e8-827d-5c93a27a9186} - "G:\Windows\AutoRun.exe" 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {f95a5e0f-bb05-11e7-8275-5c93a27a9186} - "G:\Lenovo_Suite.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-26] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3D22F6EB-7D48-4581-8A4A-7761F8E75A76}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7E9EBC38-283C-4B56-89DA-0535C2A81429}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{C298CBC9-DE40-4263-BD24-A79463D2BF0D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F2083A6A-EC22-4295-A53A-8EE8CD7C5778}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F916C187-3FE7-40E2-8C16-F14583B0F455}: [DhcpNameServer] 192.168.43.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]
 
Internet Explorer:
==================
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-07-27] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
 
FireFox:
========
FF DefaultProfile: euxfq1nu.default-1509187813890
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 [2019-02-26]
FF Homepage: Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 -> hxxps://www.google.com/
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-12-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2019-02-27]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-29]
CHR Extension: (Video & GIF Downloader For Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajanondpapegkikdhmmhmoogcaajdokn [2018-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-15]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-20]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-12-14]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-20]
CHR Extension: (OpenERP) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapopdbfnfhcgfdldoielojfiidmecaj [2018-12-14]
CHR Extension: (Video Downloader professional) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-09-21]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-24]
CHR Extension: (Delete All Messages for Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnpnpdgfopkoibbhemhdinhcbghpokf [2019-01-15]
CHR Extension: (Multi Forward for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2017-08-02]
CHR Extension: (Save to Facebook) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-02-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-02-26]
CHR Extension: (Facebook Fast Delete Messages) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmpnhheahecaojonebajllddfhpilan [2017-06-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-21]
CHR Extension: (Anti-Phishing & Authenticity Checker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggehmlfnempkheebgikhmemhnnpacle [2018-12-14]
CHR Extension: (Bahmni Home) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlejgcccohmalhjkncfcbnbekihgnnmg [2017-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-15]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [322176 2014-12-01] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
S4 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-03-11] (Intel Corporation - pGFX -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] (Huawei Technologies Co., Ltd. -> )
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG -> Nero AG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-07-01] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1214752 2018-10-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-26] (Malwarebytes Corporation -> Malwarebytes)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2299392 2015-01-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros, Inc.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-27 06:34 - 2019-02-27 06:35 - 000021307 _____ C:\Users\admin\Desktop\FRST.txt
2019-02-26 06:08 - 2019-02-26 09:00 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-26 06:00 - 2019-02-26 06:00 - 000000000 ____D C:\Users\admin\Desktop\FRST-OlderVersion
2019-02-25 16:47 - 2019-02-26 06:00 - 002433536 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2019-02-21 19:33 - 2019-02-21 19:33 - 000002230 _____ C:\Users\admin\Desktop\WhatsApp.lnk
2019-02-21 19:33 - 2019-02-21 19:33 - 000000000 ____D C:\Users\admin\AppData\Local\WhatsApp
2019-02-21 14:52 - 2019-02-21 14:53 - 139467192 _____ (WhatsApp) C:\Users\admin\Downloads\WhatsAppSetup.exe
2019-02-19 14:49 - 2019-02-19 14:49 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-19 14:49 - 2019-02-19 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-19 14:49 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-19 10:25 - 2019-02-19 10:29 - 040477384 _____ C:\Users\admin\Downloads\vlc-3.0.6-win32 (1).exe
2019-02-19 10:22 - 2019-02-19 10:41 - 1393857432 _____ C:\Users\admin\Downloads\Tamil Full Comedy Movie Panchathantiram Kamal Haasan Simran Jayaram Ramya Krishnan.mp4
2019-02-19 09:03 - 2019-02-19 09:03 - 000161870 _____ C:\Users\admin\Desktop\Poetry.pdf
2019-02-17 17:19 - 2019-02-17 17:25 - 132337635 _____ C:\Users\admin\Downloads\Zinedine Zidane - The Artist HD.mp4
2019-02-17 15:04 - 2019-02-17 15:06 - 039963802 _____ (AmoyShare Technology Company) C:\Users\admin\Downloads\anyvid-win (1).exe
2019-02-17 07:41 - 2019-02-17 07:41 - 000053490 _____ C:\Users\admin\Downloads\Valluvar.zip
2019-02-17 07:41 - 2015-09-21 17:15 - 000000000 ____D C:\Users\admin\Downloads\Valluvar
2019-02-16 09:00 - 2019-02-16 09:00 - 000250775 _____ C:\Users\admin\Downloads\Dr_Sarojini_PrahladSat-Feb-16-03_29_47-2019.pdf
2019-02-14 09:46 - 2019-02-14 09:47 - 062530321 _____ C:\Users\admin\Downloads\Stavros Flatly - BGT 2009 - AUDITION - HD - EryGarza (1 of My Top 5's).mp4
2019-02-13 10:41 - 2019-02-13 10:41 - 000046956 _____ C:\Users\admin\Downloads\images (19).jpeg
2019-02-13 06:23 - 2019-02-06 07:37 - 003323392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-02-13 06:23 - 2019-02-06 07:13 - 003616768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-02-13 06:23 - 2019-02-06 06:23 - 002780160 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-02-13 06:23 - 2019-02-06 06:14 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-02-13 06:23 - 2019-01-26 06:32 - 025736192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-02-13 06:23 - 2019-01-26 06:08 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-02-13 06:23 - 2019-01-26 06:06 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-02-13 06:23 - 2019-01-26 06:02 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-02-13 06:23 - 2019-01-26 05:57 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-02-13 06:23 - 2019-01-26 05:54 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-02-13 06:23 - 2019-01-26 05:36 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-02-13 06:23 - 2019-01-26 05:33 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-02-13 06:23 - 2019-01-26 05:27 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-02-13 06:23 - 2019-01-26 05:26 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-02-13 06:23 - 2019-01-26 05:18 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-02-13 06:23 - 2019-01-26 05:16 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-02-13 06:23 - 2019-01-26 05:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-02-13 06:23 - 2019-01-26 05:04 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-02-13 06:23 - 2019-01-26 05:04 - 004494336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-02-13 06:23 - 2019-01-26 05:01 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-02-13 06:23 - 2019-01-26 04:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-02-13 06:23 - 2019-01-26 04:52 - 001556480 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-02-13 06:23 - 2019-01-26 04:42 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-02-13 06:23 - 2019-01-26 04:41 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-02-13 06:23 - 2019-01-26 04:38 - 001331200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-02-13 06:23 - 2019-01-26 04:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-02-13 06:23 - 2019-01-12 07:06 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-02-13 06:23 - 2019-01-12 07:05 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-02-13 06:23 - 2019-01-12 06:48 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-02-13 06:23 - 2019-01-09 12:06 - 001901688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-02-13 06:23 - 2019-01-09 11:57 - 002533920 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-02-13 06:23 - 2019-01-09 11:54 - 007371512 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-13 06:23 - 2019-01-09 09:04 - 001755136 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-02-13 06:23 - 2019-01-09 09:04 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 06:23 - 2019-01-09 08:51 - 001493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-02-13 06:23 - 2019-01-09 08:51 - 000102400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 06:23 - 2019-01-08 10:24 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-02-13 06:23 - 2019-01-08 06:52 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-02-13 06:23 - 2019-01-08 06:52 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-02-13 06:23 - 2019-01-05 23:18 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-02-13 06:23 - 2019-01-05 23:17 - 000684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-02-13 06:23 - 2019-01-05 23:16 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-02-13 06:23 - 2018-12-27 23:27 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-02-13 06:23 - 2018-12-27 22:00 - 000626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-02-13 06:23 - 2018-12-08 21:31 - 000513376 _____ C:\Windows\SysWOW64\locale.nls
2019-02-13 06:23 - 2018-12-08 21:31 - 000513376 _____ C:\Windows\system32\locale.nls
2019-02-13 06:23 - 2018-12-02 15:38 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-02-13 06:23 - 2018-12-01 22:14 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-02-13 06:23 - 2018-10-12 18:49 - 000998480 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-02-11 19:29 - 2019-02-11 19:33 - 189059049 _____ C:\Users\admin\Downloads\The Magic Of Zinedine Zidane ● Real Madrid 2001 - 2006.mp4
2019-02-11 17:22 - 2019-02-11 17:26 - 156470791 _____ C:\Users\admin\Downloads\Saraswati Puja Mantra and Pushpanjali (1).mp4
2019-02-08 18:29 - 2019-02-08 18:30 - 083679983 _____ C:\Users\admin\Downloads\Ennodu Nee Irundal.HD Full Video Song __ I Movie Songs __ AR Rahman, Vikram, Shankar __ Tamil.mp4
2019-02-08 05:40 - 2019-02-08 05:40 - 000346247 _____ C:\Users\admin\Downloads\Slanguage within tricky tongue (1).pdf
2019-02-06 13:21 - 2019-02-06 13:22 - 000000000 ____D C:\Users\admin\Desktop\PP
2019-02-05 16:40 - 2019-02-05 16:40 - 000000000 ____D C:\Users\admin\AppData\Roaming\AnyVid
2019-02-05 16:40 - 2019-02-05 16:40 - 000000000 ____D C:\Users\admin\.anyvid
2019-02-05 16:38 - 2019-02-05 16:39 - 039963802 _____ (AmoyShare Technology Company) C:\Users\admin\Downloads\anyvid-win.exe
2019-02-04 07:19 - 2019-02-04 07:19 - 000250775 _____ C:\Users\admin\Downloads\Dr Sarojini Prahlad.pdf
2019-02-04 07:19 - 2019-02-04 07:19 - 000250775 _____ C:\Users\admin\Desktop\Dr Sarojini Prahlad.pdf
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-27 06:34 - 2018-12-15 10:57 - 000000000 ____D C:\FRST
2019-02-27 06:29 - 2017-04-25 09:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-26 13:02 - 2019-01-21 08:36 - 000000000 ____D C:\Users\admin\Desktop\Notepad
2019-02-26 12:36 - 2017-04-21 15:27 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Temp
2019-02-26 09:50 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\rescache
2019-02-26 09:48 - 2017-04-20 06:50 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-844090339-168977430-2555540811-1001
2019-02-26 09:00 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-26 08:59 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-02-26 08:55 - 2017-04-20 06:41 - 000000000 ____D C:\Program Files\KMSpico
2019-02-26 08:52 - 2014-03-18 15:34 - 000820208 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-26 08:52 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
2019-02-26 07:26 - 2017-06-24 08:00 - 000000000 ____D C:\Windows\system32\MRT
2019-02-26 07:01 - 2017-06-24 08:00 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-02-26 06:25 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\LiveKernelReports
2019-02-26 06:01 - 2017-04-30 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-26 05:59 - 2017-04-21 12:17 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-26 05:59 - 2017-04-21 12:17 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-26 05:51 - 2017-04-21 08:36 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4A6C8BA-157C-4671-970D-5A9A13D3CC10}
2019-02-25 18:10 - 2018-11-13 12:01 - 000000000 ____D C:\Users\admin\Desktop\Pics
2019-02-25 17:59 - 2019-01-20 13:49 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2019-02-23 20:09 - 2017-04-19 19:10 - 000000000 ____D C:\Users\admin\AppData\Roaming\Atheros
2019-02-23 17:59 - 2017-04-20 07:01 - 000000000 ____D C:\Users\admin\Documents\Bluetooth Folder
2019-02-21 20:37 - 2017-05-20 12:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\WhatsApp
2019-02-21 19:33 - 2017-05-20 12:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-02-21 19:33 - 2017-05-20 12:14 - 000000000 ____D C:\Users\admin\AppData\Local\SquirrelTemp
2019-02-21 18:37 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-02-21 14:14 - 2018-11-13 12:03 - 000000000 ____D C:\Users\admin\Desktop\Video
2019-02-21 14:10 - 2018-11-05 16:20 - 000000000 ____D C:\Users\admin\Desktop\phone
2019-02-19 10:32 - 2019-01-20 13:49 - 000001082 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-02-17 15:08 - 2017-06-04 12:06 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2019-02-14 18:33 - 2013-08-22 20:14 - 000483952 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-14 17:39 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp
2019-02-13 09:20 - 2018-10-29 12:20 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-13 09:20 - 2017-09-19 05:09 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-02-13 09:20 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-13 09:20 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-06 13:20 - 2019-01-21 08:36 - 000000000 ____D C:\Users\admin\Desktop\Word
2019-02-05 16:40 - 2017-04-20 06:43 - 000000000 ____D C:\Users\admin
2019-02-03 01:37 - 2017-06-21 08:03 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-03 01:37 - 2017-06-21 08:03 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-02 12:13 - 2017-07-12 08:33 - 000000000 ____D C:\Users\admin\Desktop\Hari
 
==================== Files in the root of some directories =======
 
2017-05-08 13:26 - 2017-09-09 13:54 - 000005120 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-11 19:12 - 2017-05-11 19:12 - 000000000 _____ () C:\Users\admin\AppData\Local\{D0478A62-141E-4DB0-823C-FBA3EF766F66}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-26 06:59
 
==================== End of FRST.txt ============================
 
Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01
Ran by admin (27-02-2019 06:36:39)
Running from C:\Users\admin\Desktop
Windows 8.1 Pro (Update) (X64) (2017-04-20 01:13:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-844090339-168977430-2555540811-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-844090339-168977430-2555540811-500 - Administrator - Disabled)
Guest (S-1-5-21-844090339-168977430-2555540811-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
iBall Face2Face Webcam C8.0 (HKLM-x32\...\{D20DAFCD-D58E-44EC-99CA-BB1FD7387F5C}) (Version: 1.0.0.0 - VideoCap)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{B2913DAE-3EBC-4C88-8245-0AA34B2E461D}) (Version: 17.1.1450.0402 - Intel Corporation)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Lenovo Moto Smart Assistant (HKLM-x32\...\{C050AF2D-DD41-455E-A65E-628637B4A9CC}) (Version: 3.0.0.6 - Lenovo)
LenovoUsbDriver 1.1.33 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.33 - Lenovo)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Assistant (HKLM-x32\...\{BAE5A642-2B18-411F-A79A-D3B213385ACA}) (Version: 1.4.1.14200 - Lenovo)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.177L - Qualcomm Atheros)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.47 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39063 - Realtek Semiconductor Corp.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vodafone Mobile Connect (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.3 - ZTE Corporation)
WhatsApp (HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\WhatsApp) (Version: 0.3.2043 - WhatsApp)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version:  - )
Windows Driver Package - MediaTek Inc. (wdm_usb) Ports  (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-25] (Nero AG -> Nero AG)
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-03-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DCDEB5C-2A7C-48A4-A53B-EC4FB36A6600} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {3FC3F079-6081-49FF-916A-1F0D51593867} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {69DBB2D3-CDFE-44DE-965A-C049476056F8} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {718B462D-642E-4D71-A58A-130FB25AC2FA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe (Kaspersky Lab -> AO Kaspersky Lab)
Task: {7520ACC7-D2C2-42C4-8543-2CAE9F797492} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {BD06ECF5-8E2D-4779-83A0-0D6A3018A920} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CE05F840-39B2-4BC0-8553-57BBCEEAA31A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {E7872C45-D201-4AF3-9705-3115CB2C7B24} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe (LENOVO -> Lenovo) [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bahmni Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nlejgcccohmalhjkncfcbnbekihgnnmg
ShortcutWithArgument: C:\Users\Public\Desktop\Vodafone.lnk -> C:\Program Files (x86)\Vodafone Mobile Connect\LaunchWebUI.exe () -> hxxp://vodafonemobileconnect.4G
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-27 04:12 - 2015-01-27 04:12 - 000139264 _____ () [File not signed] C:\Windows\system32\ihvmanager\AthIHVManager.dll
2015-01-27 04:11 - 2015-01-27 04:11 - 000376320 _____ (Quacomm Atheros, Inc.) [File not signed] C:\Windows\system32\ihvmanager\AthIhvWlanVoE.dll
2006-10-27 02:10 - 2006-10-27 02:10 - 000335872 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2014-12-01 07:02 - 2014-12-01 07:02 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000116352 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutLookLib.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 002499208 _____ (LENOVO -> Lenovo) [File not signed] C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000134784 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000096768 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000422400 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2014-12-01 07:01 - 2014-12-01 07:01 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2014-12-01 06:54 - 2014-12-01 06:54 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\skypeagent.dll
2014-12-01 07:00 - 2014-12-01 07:00 - 000012928 _____ (Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2019-02-19 14:49 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-02-19 14:49 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-02-19 14:49 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000109704 _____ (LENOVO -> ) [File not signed] C:\Program Files (x86)\MagicPlus\crashreport.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000354440 _____ (LENOVO -> ) [File not signed] C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000418952 _____ (LENOVO -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\MagicPlus\MSVCP100.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000771720 _____ (LENOVO -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\MagicPlus\MSVCR100.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2017-09-19 06:32 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: AVP16.0.1 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: UCBrowserSvc => 2
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPort55ac29"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3698853D-E40D-4AA0-A66F-DBB0E4A80524}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF178FBD-4C15-4C3D-BD1D-5BF6DE8C0CC3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe No File
FirewallRules: [{A92C2F83-407A-42B3-90A4-BD76EC4D07FE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe No File
FirewallRules: [{AEC66816-D855-4E81-9248-6300A57E79CB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
10-01-2019 10:54:51 Windows Update
13-02-2019 15:47:59 Windows Update
26-02-2019 06:01:04 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/27/2019 06:29:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/27/2019 06:29:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
 
Error: (02/27/2019 06:29:28 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).
 
Error: (02/26/2019 12:30:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (02/26/2019 12:29:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/26/2019 09:01:10 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/26/2019 09:01:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/26/2019 08:56:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 
 
System errors:
=============
Error: (02/26/2019 06:59:45 AM) (Source: DCOM) (EventID: 10010) (User: user)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (02/26/2019 06:59:15 AM) (Source: DCOM) (EventID: 10010) (User: user)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (02/26/2019 06:59:16 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (02/26/2019 06:07:33 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\ihvmanager\AthIHVManager.dll
 
Error: (02/26/2019 06:07:33 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\ihvmanager\AthIHVManager.dll
 
Error: (02/26/2019 06:07:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\ihvmanager\AthIHVManager.dll
 
Error: (02/26/2019 06:02:03 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (02/26/2019 06:01:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Secure Connection Service 2.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Windows Defender:
===================================
Date: 2017-04-25 09:28:04.158
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2017-04-25 09:28:04.158
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2017-04-24 19:54:26.943
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 106.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-04-24 19:54:26.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.155.266.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-04-24 19:54:26.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.155.266.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 54%
Total physical RAM: 4016.42 MB
Available physical RAM: 1827.28 MB
Total Virtual: 5552.42 MB
Available Virtual: 2825.65 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:243.8 GB) (Free:176.77 GB) NTFS
Drive d: (Data) (Fixed) (Total:341.8 GB) (Free:321.43 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:284.72 GB) NTFS
 
\\?\Volume{b5d81129-2565-11e7-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F7B2ADD7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================

  • 0

#14
iMacg3
Posted 26 February 2019 - 08:50 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

We'll remove a KMSpico remnant.


Highlight the contents of the below code box and press Ctrl + C:
Start::
2019-02-26 08:55 - 2017-04-20 06:41 - 000000000 ____D C:\Program Files\KMSpico
reboot:
End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

---------------

Just to err on the side of caution we'll run one final scan.

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

  • 0

#15
Hari Prahlad
Posted 27 February 2019 - 01:01 AM

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 301 posts

ESET running now.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, virus, Autopico, leplus

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP