FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by admin (administrator) on USER (15-12-2018 10:57:19)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\UCBrowser\Application\7.0.185.1002\UCAgent.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2015-06-11] (Lenovo)
HKLM-x32\...\Run: [CheckNDISPort55ac29] => C:\Program Files (x86)\Vodafone Mobile Connect\CheckNDISPort_df.exe [478928 2017-10-13] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Vodafone Mobile Connect\CancelAutoPlay_df.exe [448208 2017-10-13] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-01] (Qualcomm®Atheros®)
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {5221b181-7b5a-11e7-826d-5c93a27a9186} - "G:\AutoRun.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {d5bb046f-d9f0-11e8-827d-5c93a27a9186} - "G:\Windows\AutoRun.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {f95a5e0f-bb05-11e7-8275-5c93a27a9186} - "G:\Lenovo_Suite.exe"
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3D22F6EB-7D48-4581-8A4A-7761F8E75A76}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7E9EBC38-283C-4B56-89DA-0535C2A81429}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{C298CBC9-DE40-4263-BD24-A79463D2BF0D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F916C187-3FE7-40E2-8C16-F14583B0F455}: [DhcpNameServer] 192.168.43.1
Internet Explorer:
==================
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-07-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (AO Kaspersky Lab)
FireFox:
========
FF DefaultProfile: euxfq1nu.default-1509187813890
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 [2018-11-30]
FF Homepage: Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 -> hxxps://www.google.com/
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-12-07]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-12-15]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-29]
CHR Extension: (Video & GIF Downloader For Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajanondpapegkikdhmmhmoogcaajdokn [2018-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-15]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-20]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-12-14]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-20]
CHR Extension: (OpenERP) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapopdbfnfhcgfdldoielojfiidmecaj [2018-12-14]
CHR Extension: (Message Cleaner) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanahkfmlgbgmnjlcmpmjcmbldniele [2017-10-29]
CHR Extension: (Video Downloader professional) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-09-21]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
CHR Extension: (Multi Forward for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2017-08-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-12-14]
CHR Extension: (Facebook Fast Delete Messages) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmpnhheahecaojonebajllddfhpilan [2017-06-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-21]
CHR Extension: (Anti-Phishing & Authenticity Checker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggehmlfnempkheebgikhmemhnnpacle [2018-12-14]
CHR Extension: (Bahmni Home) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlejgcccohmalhjkncfcbnbekihgnnmg [2017-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-15]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-15]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [322176 2014-12-01] (Windows ® Win 7 DDK provider) [File not signed]
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S4 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-03-11] (Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2018-12-07] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [656784 2017-12-20] () <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-12-01] (Qualcomm Atheros)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-07-01] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-10-09] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-10-09] (AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-10-09] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2018-12-07] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1214752 2018-10-27] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2018-12-07] (AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-10-09] (AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-12-07] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2299392 2015-01-29] (Qualcomm Atheros, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-15 10:57 - 2018-12-15 10:58 - 000017822 _____ C:\Users\admin\Desktop\FRST.txt
2018-12-15 10:57 - 2018-12-15 10:57 - 000000000 ____D C:\FRST
2018-12-15 10:54 - 2018-12-15 10:54 - 002417152 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2018-12-14 15:04 - 2018-12-14 15:04 - 009250410 _____ C:\Users\admin\Desktop\biharini.mp4
2018-12-14 14:13 - 2018-12-14 14:13 - 013938635 _____ C:\Users\admin\Desktop\morakka.mp4
2018-12-14 08:34 - 2018-12-14 08:34 - 014451535 _____ C:\Users\admin\Desktop\radhe.mp4
2018-12-14 08:31 - 2018-12-14 08:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\Google
2018-12-12 11:53 - 2018-12-12 11:53 - 000059999 _____ C:\Users\admin\Desktop\Yogi.htm
2018-12-12 07:56 - 2018-11-28 15:09 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-12 07:56 - 2018-11-28 13:38 - 015441408 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-12 07:56 - 2018-11-28 13:34 - 013322240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-12 07:56 - 2018-11-15 08:30 - 025735680 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-12 07:56 - 2018-11-15 08:04 - 020281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-12 07:56 - 2018-11-15 07:21 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-12 07:56 - 2018-11-15 07:20 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-12 07:56 - 2018-11-13 10:05 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-12 07:56 - 2018-11-13 09:58 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-12 07:56 - 2018-11-13 09:34 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-12 07:56 - 2018-11-13 09:21 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-12 07:56 - 2018-11-13 09:08 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-12 07:56 - 2018-11-11 01:12 - 001368584 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-12 07:56 - 2018-11-11 01:06 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-12 07:56 - 2018-11-11 00:55 - 000121288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2018-12-12 07:56 - 2018-11-11 00:24 - 001308456 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-12 07:56 - 2018-11-11 00:23 - 000356088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-12 07:56 - 2018-11-10 22:04 - 001754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-12-12 07:56 - 2018-11-10 21:55 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-12-12 07:56 - 2018-11-10 21:52 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-12 07:56 - 2018-11-10 21:45 - 001491968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-12-12 07:56 - 2018-11-03 23:58 - 002532344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-12 07:56 - 2018-11-03 23:11 - 001903456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-12 07:56 - 2018-11-03 20:55 - 002348032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-12 07:56 - 2018-11-03 20:41 - 001556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-12 07:56 - 2018-10-06 22:13 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-12 07:56 - 2018-10-06 21:43 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-12-12 07:56 - 2018-10-05 22:36 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-12-12 07:56 - 2018-10-05 21:50 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-12-12 07:56 - 2018-10-05 20:48 - 000513376 _____ C:\Windows\SysWOW64\locale.nls
2018-12-12 07:56 - 2018-10-05 20:48 - 000513376 _____ C:\Windows\system32\locale.nls
2018-12-12 07:55 - 2018-11-13 09:30 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-12-12 07:55 - 2018-11-13 09:22 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-12 07:55 - 2018-11-13 09:13 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-12-12 07:55 - 2018-11-13 09:12 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-12 07:55 - 2018-11-13 09:08 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-12 07:55 - 2018-11-13 09:07 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-12-12 07:55 - 2018-11-13 08:57 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-12 07:55 - 2018-11-13 08:48 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-12 07:55 - 2018-11-13 08:46 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-12 07:55 - 2018-11-13 08:45 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-12-12 07:55 - 2018-11-13 08:44 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-12-12 07:55 - 2018-10-05 22:36 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-12-12 07:55 - 2018-10-05 21:50 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-12-10 19:57 - 2018-12-10 19:57 - 000000012 _____ C:\Users\admin\Desktop\mstick.txt
2018-12-10 09:37 - 2018-12-10 09:37 - 000051782 _____ C:\Users\admin\Desktop\nietsche.html
2018-12-09 15:04 - 2018-12-09 15:05 - 025887840 _____ C:\Users\admin\Desktop\BM1.mp4
2018-12-06 10:43 - 2018-12-10 09:53 - 000000557 _____ C:\Users\admin\Desktop\Compassion.txt
2018-12-04 16:56 - 2018-12-04 16:56 - 000001096 _____ C:\Users\admin\Desktop\TGD.txt
2018-12-04 15:59 - 2018-12-04 16:00 - 040210008 _____ C:\Users\admin\Downloads\vlc-3.0.4-win32.exe
2018-11-27 10:10 - 2018-11-27 10:11 - 101642892 _____ C:\Users\admin\Desktop\Menaka Guruswamy.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-15 10:45 - 2017-04-20 07:19 - 000000466 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2018-12-15 10:44 - 2017-04-25 09:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-12-15 10:41 - 2017-04-20 07:19 - 000000302 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
2018-12-15 10:41 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-15 10:40 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-12-15 08:04 - 2017-04-21 08:36 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4A6C8BA-157C-4671-970D-5A9A13D3CC10}
2018-12-15 08:01 - 2017-04-20 07:19 - 000003438 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2018-12-14 14:01 - 2017-04-21 14:18 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2018-12-14 13:58 - 2018-11-13 12:01 - 000000000 ____D C:\Users\admin\Desktop\Pics
2018-12-12 11:47 - 2013-08-22 20:14 - 000483952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-12 11:47 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
2018-12-12 08:49 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM
2018-12-12 08:47 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp
2018-12-12 07:38 - 2017-04-20 06:50 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-844090339-168977430-2555540811-1001
2018-12-11 19:02 - 2017-04-21 08:01 - 000000000 ____D C:\Users\admin\AppData\Roaming\IrfanView
2018-12-09 11:18 - 2014-03-18 15:34 - 000820208 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-09 11:16 - 2017-06-24 08:00 - 000000000 ____D C:\Windows\system32\MRT
2018-12-09 11:11 - 2017-06-24 08:00 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-07 10:43 - 2018-10-27 19:08 - 001113696 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-12-07 10:42 - 2018-10-27 19:08 - 000219744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-12-07 10:42 - 2018-10-09 20:03 - 000176976 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2018-12-05 17:34 - 2018-10-29 12:20 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-05 17:34 - 2017-09-19 05:09 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-12-05 17:34 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-12-05 17:34 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-04 16:35 - 2017-07-12 08:33 - 000000000 ____D C:\Users\admin\Desktop\Hari
2018-12-04 16:01 - 2017-06-30 08:20 - 000001082 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-12-02 14:45 - 2018-11-05 16:20 - 000000000 ____D C:\Users\admin\Desktop\phone
2018-12-01 05:13 - 2017-06-21 08:03 - 000835688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:13 - 2017-06-21 08:03 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-30 07:57 - 2017-04-21 08:35 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2018-11-30 07:49 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\AppReadiness
2018-11-28 12:19 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\LiveKernelReports
2018-11-27 07:49 - 2017-04-21 12:17 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-27 07:49 - 2017-04-21 12:17 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-26 16:47 - 2018-11-13 12:03 - 000000000 ____D C:\Users\admin\Desktop\Video
2018-11-19 09:46 - 2017-04-19 19:10 - 000000000 ____D C:\Users\admin\AppData\Roaming\Atheros
2018-11-18 17:20 - 2017-04-20 07:01 - 000000000 ____D C:\Users\admin\Documents\Bluetooth Folder
2018-11-18 17:08 - 2017-04-30 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-16 10:46 - 2017-04-30 09:51 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-16 10:46 - 2017-04-30 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Files in the root of some directories =======
2017-05-08 13:26 - 2017-09-09 13:54 - 000005120 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-11 19:12 - 2017-05-11 19:12 - 000000000 _____ () C:\Users\admin\AppData\Local\{D0478A62-141E-4DB0-823C-FBA3EF766F66}
Some files in TEMP:
====================
2017-10-14 14:28 - 2017-04-21 08:01 - 000036312 _____ (Irfan Skiljan, IrfanView) C:\Users\admin\AppData\Local\Temp\iv_uninstall.exe
2018-12-02 15:14 - 2018-12-02 15:15 - 040210008 _____ () C:\Users\admin\AppData\Local\Temp\vlc-3.0.4-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-09 11:47
==================== End of FRST.txt