Hi
I am having trouble with the system slowing down. When I try to shut down, I get a leplus.srv warning. Is my system infected? How do I clean it up?
Thanks in advance.
-
This topic is locked
#2
Posted 14 December 2018 - 11:40 PM
Hari Prahlad
- Topic Starter
-
- Member
-
- 301 posts
Member
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by admin (administrator) on USER (15-12-2018 10:57:19)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\UCBrowser\Application\7.0.185.1002\UCAgent.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2015-06-11] (Lenovo)
HKLM-x32\...\Run: [CheckNDISPort55ac29] => C:\Program Files (x86)\Vodafone Mobile Connect\CheckNDISPort_df.exe [478928 2017-10-13] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Vodafone Mobile Connect\CancelAutoPlay_df.exe [448208 2017-10-13] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-01] (Qualcomm®Atheros®)
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {5221b181-7b5a-11e7-826d-5c93a27a9186} - "G:\AutoRun.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {d5bb046f-d9f0-11e8-827d-5c93a27a9186} - "G:\Windows\AutoRun.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {f95a5e0f-bb05-11e7-8275-5c93a27a9186} - "G:\Lenovo_Suite.exe"
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3D22F6EB-7D48-4581-8A4A-7761F8E75A76}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7E9EBC38-283C-4B56-89DA-0535C2A81429}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{C298CBC9-DE40-4263-BD24-A79463D2BF0D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F916C187-3FE7-40E2-8C16-F14583B0F455}: [DhcpNameServer] 192.168.43.1
Internet Explorer:
==================
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-07-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-07] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-12-07] (AO Kaspersky Lab)
FireFox:
========
FF DefaultProfile: euxfq1nu.default-1509187813890
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 [2018-11-30]
FF Homepage: Mozilla\Firefox\Profiles\euxfq1nu.default-1509187813890 -> hxxps://www.google.com/
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-12-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-12-15]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-29]
CHR Extension: (Video & GIF Downloader For Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajanondpapegkikdhmmhmoogcaajdokn [2018-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-15]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-20]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-12-14]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-20]
CHR Extension: (OpenERP) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapopdbfnfhcgfdldoielojfiidmecaj [2018-12-14]
CHR Extension: (Message Cleaner) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanahkfmlgbgmnjlcmpmjcmbldniele [2017-10-29]
CHR Extension: (Video Downloader professional) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-09-21]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
CHR Extension: (Multi Forward for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2017-08-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-12-14]
CHR Extension: (Facebook Fast Delete Messages) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmpnhheahecaojonebajllddfhpilan [2017-06-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-21]
CHR Extension: (Anti-Phishing & Authenticity Checker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggehmlfnempkheebgikhmemhnnpacle [2018-12-14]
CHR Extension: (Bahmni Home) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlejgcccohmalhjkncfcbnbekihgnnmg [2017-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-15]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-15]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [322176 2014-12-01] (Windows ® Win 7 DDK provider) [File not signed]
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S4 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-03-11] (Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2018-12-07] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [656784 2017-12-20] () <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-12-01] (Qualcomm Atheros)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-07-01] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-10-09] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-10-09] (AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-10-09] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2018-12-07] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1214752 2018-10-27] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2018-12-07] (AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-10-09] (AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-12-07] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2299392 2015-01-29] (Qualcomm Atheros, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-15 10:57 - 2018-12-15 10:58 - 000017822 _____ C:\Users\admin\Desktop\FRST.txt
2018-12-15 10:57 - 2018-12-15 10:57 - 000000000 ____D C:\FRST
2018-12-15 10:54 - 2018-12-15 10:54 - 002417152 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2018-12-14 15:04 - 2018-12-14 15:04 - 009250410 _____ C:\Users\admin\Desktop\biharini.mp4
2018-12-14 14:13 - 2018-12-14 14:13 - 013938635 _____ C:\Users\admin\Desktop\morakka.mp4
2018-12-14 08:34 - 2018-12-14 08:34 - 014451535 _____ C:\Users\admin\Desktop\radhe.mp4
2018-12-14 08:31 - 2018-12-14 08:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\Google
2018-12-12 11:53 - 2018-12-12 11:53 - 000059999 _____ C:\Users\admin\Desktop\Yogi.htm
2018-12-12 07:56 - 2018-11-28 15:09 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-12 07:56 - 2018-11-28 13:38 - 015441408 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-12 07:56 - 2018-11-28 13:34 - 013322240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-12 07:56 - 2018-11-15 08:30 - 025735680 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-12 07:56 - 2018-11-15 08:04 - 020281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-12 07:56 - 2018-11-15 07:21 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-12 07:56 - 2018-11-15 07:20 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-12 07:56 - 2018-11-13 10:05 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-12 07:56 - 2018-11-13 09:58 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-12 07:56 - 2018-11-13 09:34 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-12 07:56 - 2018-11-13 09:21 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-12 07:56 - 2018-11-13 09:08 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-12 07:56 - 2018-11-11 01:12 - 001368584 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-12 07:56 - 2018-11-11 01:06 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-12 07:56 - 2018-11-11 00:55 - 000121288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2018-12-12 07:56 - 2018-11-11 00:24 - 001308456 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-12 07:56 - 2018-11-11 00:23 - 000356088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-12 07:56 - 2018-11-10 22:04 - 001754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-12-12 07:56 - 2018-11-10 21:55 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-12-12 07:56 - 2018-11-10 21:52 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-12 07:56 - 2018-11-10 21:45 - 001491968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-12-12 07:56 - 2018-11-03 23:58 - 002532344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-12 07:56 - 2018-11-03 23:11 - 001903456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-12 07:56 - 2018-11-03 20:55 - 002348032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-12 07:56 - 2018-11-03 20:41 - 001556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-12 07:56 - 2018-10-06 22:13 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-12 07:56 - 2018-10-06 21:43 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-12-12 07:56 - 2018-10-05 22:36 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-12-12 07:56 - 2018-10-05 21:50 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-12-12 07:56 - 2018-10-05 20:48 - 000513376 _____ C:\Windows\SysWOW64\locale.nls
2018-12-12 07:56 - 2018-10-05 20:48 - 000513376 _____ C:\Windows\system32\locale.nls
2018-12-12 07:55 - 2018-11-13 09:30 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-12-12 07:55 - 2018-11-13 09:22 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-12 07:55 - 2018-11-13 09:13 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-12-12 07:55 - 2018-11-13 09:12 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-12 07:55 - 2018-11-13 09:08 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-12 07:55 - 2018-11-13 09:07 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-12-12 07:55 - 2018-11-13 08:57 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-12 07:55 - 2018-11-13 08:48 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-12 07:55 - 2018-11-13 08:46 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-12 07:55 - 2018-11-13 08:45 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-12-12 07:55 - 2018-11-13 08:44 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-12-12 07:55 - 2018-10-05 22:36 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-12-12 07:55 - 2018-10-05 21:50 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-12-10 19:57 - 2018-12-10 19:57 - 000000012 _____ C:\Users\admin\Desktop\mstick.txt
2018-12-10 09:37 - 2018-12-10 09:37 - 000051782 _____ C:\Users\admin\Desktop\nietsche.html
2018-12-09 15:04 - 2018-12-09 15:05 - 025887840 _____ C:\Users\admin\Desktop\BM1.mp4
2018-12-06 10:43 - 2018-12-10 09:53 - 000000557 _____ C:\Users\admin\Desktop\Compassion.txt
2018-12-04 16:56 - 2018-12-04 16:56 - 000001096 _____ C:\Users\admin\Desktop\TGD.txt
2018-12-04 15:59 - 2018-12-04 16:00 - 040210008 _____ C:\Users\admin\Downloads\vlc-3.0.4-win32.exe
2018-11-27 10:10 - 2018-11-27 10:11 - 101642892 _____ C:\Users\admin\Desktop\Menaka Guruswamy.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-15 10:45 - 2017-04-20 07:19 - 000000466 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2018-12-15 10:44 - 2017-04-25 09:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-12-15 10:41 - 2017-04-20 07:19 - 000000302 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
2018-12-15 10:41 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-15 10:40 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-12-15 08:04 - 2017-04-21 08:36 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4A6C8BA-157C-4671-970D-5A9A13D3CC10}
2018-12-15 08:01 - 2017-04-20 07:19 - 000003438 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2018-12-14 14:01 - 2017-04-21 14:18 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2018-12-14 13:58 - 2018-11-13 12:01 - 000000000 ____D C:\Users\admin\Desktop\Pics
2018-12-12 11:47 - 2013-08-22 20:14 - 000483952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-12 11:47 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
2018-12-12 08:49 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM
2018-12-12 08:47 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp
2018-12-12 07:38 - 2017-04-20 06:50 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-844090339-168977430-2555540811-1001
2018-12-11 19:02 - 2017-04-21 08:01 - 000000000 ____D C:\Users\admin\AppData\Roaming\IrfanView
2018-12-09 11:18 - 2014-03-18 15:34 - 000820208 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-09 11:16 - 2017-06-24 08:00 - 000000000 ____D C:\Windows\system32\MRT
2018-12-09 11:11 - 2017-06-24 08:00 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-07 10:43 - 2018-10-27 19:08 - 001113696 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-12-07 10:42 - 2018-10-27 19:08 - 000219744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-12-07 10:42 - 2018-10-09 20:03 - 000176976 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2018-12-05 17:34 - 2018-10-29 12:20 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-05 17:34 - 2017-09-19 05:09 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-12-05 17:34 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-12-05 17:34 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-04 16:35 - 2017-07-12 08:33 - 000000000 ____D C:\Users\admin\Desktop\Hari
2018-12-04 16:01 - 2017-06-30 08:20 - 000001082 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-12-02 14:45 - 2018-11-05 16:20 - 000000000 ____D C:\Users\admin\Desktop\phone
2018-12-01 05:13 - 2017-06-21 08:03 - 000835688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:13 - 2017-06-21 08:03 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-30 07:57 - 2017-04-21 08:35 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2018-11-30 07:49 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\AppReadiness
2018-11-28 12:19 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\LiveKernelReports
2018-11-27 07:49 - 2017-04-21 12:17 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-27 07:49 - 2017-04-21 12:17 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-26 16:47 - 2018-11-13 12:03 - 000000000 ____D C:\Users\admin\Desktop\Video
2018-11-19 09:46 - 2017-04-19 19:10 - 000000000 ____D C:\Users\admin\AppData\Roaming\Atheros
2018-11-18 17:20 - 2017-04-20 07:01 - 000000000 ____D C:\Users\admin\Documents\Bluetooth Folder
2018-11-18 17:08 - 2017-04-30 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-16 10:46 - 2017-04-30 09:51 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-16 10:46 - 2017-04-30 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Files in the root of some directories =======
2017-05-08 13:26 - 2017-09-09 13:54 - 000005120 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-11 19:12 - 2017-05-11 19:12 - 000000000 _____ () C:\Users\admin\AppData\Local\{D0478A62-141E-4DB0-823C-FBA3EF766F66}
Some files in TEMP:
====================
2017-10-14 14:28 - 2017-04-21 08:01 - 000036312 _____ (Irfan Skiljan, IrfanView) C:\Users\admin\AppData\Local\Temp\iv_uninstall.exe
2018-12-02 15:14 - 2018-12-02 15:15 - 040210008 _____ () C:\Users\admin\AppData\Local\Temp\vlc-3.0.4-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-09 11:47
==================== End of FRST.txt
#3
Posted 14 December 2018 - 11:41 PM
Hari Prahlad
- Topic Starter
-
- Member
-
- 301 posts
Member
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by admin (15-12-2018 10:59:03)
Running from C:\Users\admin\Desktop
Windows 8.1 Pro (Update) (X64) (2017-04-20 01:13:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
admin (S-1-5-21-844090339-168977430-2555540811-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-844090339-168977430-2555540811-500 - Administrator - Disabled)
Guest (S-1-5-21-844090339-168977430-2555540811-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Backup and Sync from Google (HKLM\...\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}) (Version: 3.43.1584.4446 - Google, Inc.)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version: - )
iBall Face2Face Webcam C8.0 (HKLM-x32\...\{D20DAFCD-D58E-44EC-99CA-BB1FD7387F5C}) (Version: 1.0.0.0 - VideoCap)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{B2913DAE-3EBC-4C88-8245-0AA34B2E461D}) (Version: 17.1.1450.0402 - Intel Corporation)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Lenovo Moto Smart Assistant (HKLM-x32\...\{C050AF2D-DD41-455E-A65E-628637B4A9CC}) (Version: 3.0.0.6 - Lenovo)
LenovoUsbDriver 1.1.33 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.33 - Lenovo)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Assistant (HKLM-x32\...\{AEF3BF36-8B82-4E43-8291-81EF9E01C65B}) (Version: 1.4.1.10123 - Lenovo)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.177L - Qualcomm Atheros)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.47 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39063 - Realtek Semiconductor Corp.)
UC Browser (HKLM-x32\...\UCBrowser) (Version: 7.0.185.1002 - UCWeb Inc.) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vodafone Mobile Connect (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.3 - ZTE Corporation)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
Windows Driver Package - MediaTek Inc. (wdm_usb) Ports (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinZip (HKLM-x32\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)
Youtube Downloader HD v. 2.9.9.41 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-12-01] (Qualcomm®Atheros®)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-25] (Nero AG)
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (AO Kaspersky Lab)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (AO Kaspersky Lab)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-12-01] (Qualcomm®Atheros®)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (AO Kaspersky Lab)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-03-11] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-12-07] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DCDEB5C-2A7C-48A4-A53B-EC4FB36A6600} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-21] (Google Inc.)
Task: {0EE47038-C6ED-4F4F-B514-A10B7EB711BE} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2016-01-12] (@ByELDI)
Task: {13A8C07B-CBA2-43FD-9BF3-CFE030D1C5C0} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-12-20] (UCWeb Inc) <==== ATTENTION
Task: {3FC3F079-6081-49FF-916A-1F0D51593867} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-21] (Google Inc.)
Task: {69DBB2D3-CDFE-44DE-965A-C049476056F8} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-30] ()
Task: {718B462D-642E-4D71-A58A-130FB25AC2FA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-10-27] (AO Kaspersky Lab)
Task: {723F3A83-6C29-47A9-BD81-CEADA00A2C4F} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-12-20] (UCWeb Inc) <==== ATTENTION
Task: {7520ACC7-D2C2-42C4-8543-2CAE9F797492} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {B2E2873B-3113-4057-8A01-9FEF9E84AFCB} - System32\Tasks\{496F90B5-C9B5-4A27-9AFE-955D281DC2B0} => C:\Windows\system32\pcalua.exe -a G:\LenovoUsbDriver_autorun_1.0.17.exe -d G:\
Task: {BD06ECF5-8E2D-4779-83A0-0D6A3018A920} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {C1756FA7-79FF-482E-8DCF-9D817165F379} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2015-06-11] (Lenovo)
Task: {CE05F840-39B2-4BC0-8553-57BBCEEAA31A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-09] (Acer Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bahmni Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nlejgcccohmalhjkncfcbnbekihgnnmg
ShortcutWithArgument: C:\Users\Public\Desktop\Vodafone.lnk -> C:\Program Files (x86)\Vodafone Mobile Connect\LaunchWebUI.exe () -> hxxp://vodafonemobileconnect.4G
==================== Loaded Modules (Whitelisted) ==============
2015-01-27 04:12 - 2015-01-27 04:12 - 000139264 _____ () C:\Windows\system32\ihvmanager\AthIHVManager.dll
2017-06-21 15:42 - 2012-09-18 15:27 - 000192512 _____ () C:\Windows\System32\zlhp1020.dll
2017-06-21 15:42 - 2012-09-18 15:27 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2017-08-12 06:50 - 2014-08-20 12:57 - 000242256 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2017-04-20 07:19 - 2017-12-20 11:25 - 000656784 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2014-12-01 06:58 - 2014-12-01 06:58 - 000011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-12-01 06:54 - 2014-12-01 06:54 - 000086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-12-01 07:00 - 2014-12-01 07:00 - 000012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2018-11-27 07:49 - 2018-11-16 11:13 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-11-27 07:49 - 2018-11-16 11:13 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2017-04-20 06:56 - 2015-03-11 20:37 - 017761872 _____ () C:\Windows\SYSTEM32\igd11dxva64.dll
2018-10-30 11:17 - 2017-12-20 11:33 - 002171280 _____ () C:\Program Files (x86)\UCBrowser\Application\7.0.185.1002\UCAgent.exe
2018-10-27 19:09 - 2018-10-27 19:09 - 000864112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\kpcengine.2.3.dll
2015-06-11 14:32 - 2015-06-11 14:32 - 000109704 _____ () C:\Program Files (x86)\MagicPlus\crashreport.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 000354440 _____ () C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2017-07-27 14:31 - 2017-07-27 14:31 - 000667520 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-11-04 11:16 - 2018-11-04 11:32 - 001104528 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\KasperskyLab.Ksde.NativeInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 18:55 - 2017-09-19 06:32 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: AVP16.0.1 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: UCBrowserSvc => 2
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPort55ac29"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D5DFED29-5BDB-4EBD-A88A-E8E9EC786A5D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{1C75D450-F131-4784-BA7C-51829BF375F4}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F3791660-E337-4F8E-8B50-B065B489997E}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{1D5FFC58-EBB8-46CC-BC10-80AA0EFAF0B6}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{0A687043-A69C-4264-8F6A-16D83821C55F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{3698853D-E40D-4AA0-A66F-DBB0E4A80524}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{979C6659-B283-474F-9332-CA4EA9849FC7}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{1D4FFDEC-F244-4E52-9A5D-F84660DFEB33}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{2329B13E-F392-47A4-A531-EF93F6D5C6E9}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{9CD57FE8-5678-4B44-B11B-1AC7B199F2CE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{5F0835EF-2261-4EE3-AE91-A805F4D5B536}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
23-11-2018 11:04:56 Windows Update
07-12-2018 10:40:07 Windows Update
12-12-2018 07:38:48 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/15/2018 10:43:41 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (12/15/2018 10:43:39 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (12/15/2018 09:04:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).
Error: (12/15/2018 08:01:51 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=5
Error: (12/15/2018 08:01:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (12/14/2018 01:56:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=6
Error: (12/14/2018 01:56:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (12/14/2018 01:56:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (12/09/2018 12:37:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (12/09/2018 12:37:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (12/09/2018 11:48:30 AM) (Source: DCOM) (EventID: 10010) (User: user)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (12/09/2018 11:48:00 AM) (Source: DCOM) (EventID: 10010) (User: user)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (12/09/2018 09:26:16 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device #4, {3D22F6EB-7D48-4581-8A4A-7761F8E75A76}, had event 74
Error: (12/09/2018 09:26:11 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.
Error: (12/09/2018 06:40:18 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.
Error: (12/09/2018 06:40:17 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.
Windows Defender:
===================================
Date: 2017-04-25 09:28:04.158
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2017-04-25 09:28:04.158
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2017-04-24 19:54:26.943
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 106.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2017-04-24 19:54:26.938
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.155.266.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2017-04-24 19:54:26.938
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.155.266.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 4016.42 MB
Available physical RAM: 1893.01 MB
Total Virtual: 5424.42 MB
Available Virtual: 3202.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:243.8 GB) (Free:193.4 GB) NTFS
Drive d: (Data) (Fixed) (Total:341.8 GB) (Free:323.61 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:299.11 GB) NTFS
\\?\Volume{b5d81129-2565-11e7-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F7B2ADD7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#4
Posted 25 February 2019 - 09:44 PM
iMacg3
-
- GeekU Moderator
-
- 1,921 posts
GeekU PowerPC G3
Duplicate topic - see here: http://www.geekstogo...ay-be-infexted/
Similar Topics
Also tagged with one or more of these keywords: System slow, malware doubt
 
|
Security →
Virus, Spyware, Malware Removal →
Error Code 0x80004002 [Solved]Started by Hari Prahlad , 22 Jul 2020  Malware, Ransomeware, System slow
|
|
![Error Code 0x80004002 [Solved] - last post by JSntgRvr](https://www.geekstogo.com/forum/uploads/av-143426.jpg?_r=0)
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
