Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2021 Ran by Admin (administrator) on PINKYPC (Acer Aspire E5-573) (17-03-2021 14:39:10) Running from D:\Users\Hari\Desktop Loaded Profiles: Admin & HKP Platform: Windows 10 Pro Version 20H2 19042.867 (X64) Language: English (United States) Default browser not detected! Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\avp.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\avpui.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\plugins_nms.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksdeui.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.860_none_e73d0c67262f5c28\TiWorker.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7> (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14049536 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [710528 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-09-23] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {23BB1C95-11C8-4569-86B0-E37C0807DC2A} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2020-11-07] (Kaspersky Lab -> AO Kaspersky Lab) Task: {659FA745-4E68-444F-B1C5-308A4A0A1F52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {86FC3E9E-4270-4B9B-A0C6-05E4285690E4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) Task: {8C521C9F-0484-4C95-A22E-C5FA08DC9F99} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [131005360 2021-03-17] (Microsoft Windows -> Microsoft Corporation) Task: {97C23C0E-EE0D-4F50-8CE2-CB694C69A2BE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-16] (Mozilla Corporation -> Mozilla Foundation) Task: {B2929C97-4FA9-48E4-B6BB-ABFC746824CF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{204c116b-6fd7-4c3b-9e48-c2e7e4617036}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{81111830-bb22-49f9-aff4-e32e13b38852}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{c067a4dd-f811-4316-a90f-837316aaa5d4}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-17] Edge Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-02-07] Edge Extension: (myTube! Companion) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cbfmaiojcgociaafdiagpdhhhflgmnch [2020-12-07] Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-03-11] Edge HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: utnvbqjy.default FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\utnvbqjy.default [2021-03-13] FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bk6gdjjl.default-release-1612322717294 [2021-03-17] FF Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bk6gdjjl.default-release-1612322717294\Extensions\light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com.xpi [2021-03-11] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bk6gdjjl.default-release-1612322717294\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-03-17] FF HKLM-x32\...\Firefox\Extensions: [helper-sig@savefrom.net] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\utnvbqjy.default\extensions\staged\helper-sig@savefrom.net.xpi => not found FF HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\Firefox\Extensions: [helper-sig@savefrom.net] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\utnvbqjy.default\extensions\staged\helper-sig@savefrom.net.xpi => not found FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-03-13] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-03-13] <==== ATTENTION Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2021-03-15] CHR DownloadDir: D:\Users\Hari\Desktop\Downloads Chrome CHR Notifications: Default -> hxxps://babylonbee.com; hxxps://deadstate.org; hxxps://listenmusic.fun; hxxps://matswhyask.cam; hxxps://mewe.com; hxxps://nypost.com; hxxps://thepiratebay.org; hxxps://thewire.in; hxxps://web.whatsapp.com; hxxps://www.accuweather.com; hxxps://www.hindustantimes.com; hxxps://www.ndtv.com; hxxps://www.rawstory.com; hxxps://www.telegraphindia.com; hxxps://www.thenewsminute.com; hxxps://www.thewrap.com CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/" CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-23] CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-02-21] CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-23] CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29] CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-03-15] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-23] CHR Extension: (OpenERP) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapopdbfnfhcgfdldoielojfiidmecaj [2020-10-31] CHR Extension: (Volume Booster) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkiikneibegknkgimmihdpcbcedgmpo [2021-03-07] CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2021-01-22] CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-23] CHR Extension: (Sound Booster) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncadplkibohomhpfeefbcohaooabokm [2020-10-31] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-27] CHR Extension: (Ultimate Volume Booster) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfnhafpadfnabbnjnhdfdacolpmdbjo [2020-12-26] CHR Extension: (Save to Facebook) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2020-10-31] CHR Extension: (Anti-Phishing & Authenticity Checker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggehmlfnempkheebgikhmemhnnpacle [2020-10-31] CHR Extension: (Video Downloader PLUS) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgehaondchbmjmajphnhlojfnbfokng [2021-02-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Smallpdf - Edit, Compress and Convert PDF) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfgljdgelakfkefopgklcohadegdpjf [2021-02-10] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29] CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-07] CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo] CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH) R2 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\avp.exe [381928 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) S4 DialogBlockingService; C:\WINDOWS\System32\DialogBlockingService.dll [76288 2021-03-17] (Microsoft Windows -> Microsoft Corporation) R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S3 klvssbridge64_21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\x64\vssbridge64.exe [467352 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [357272 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 KSDE5.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe [644264 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-13] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-17] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wpscloudsvr; C:\ProgramData\Kingsoft\office6\wpscloudsvr.exe [1482496 2020-10-28] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.52\elevation_service.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [251608 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110392 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [212280 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [127288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37496 2020-10-21] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab) R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [523576 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [657176 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1400600 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.2\Bases\klids.sys [245280 2021-02-16] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1025336 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [95544 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [97080 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2020-10-21] (AnchorFree Inc -> The OpenVPN Project) R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [257208 2020-10-26] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2020-09-23] (Kaspersky Lab -> AO Kaspersky Lab) R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2021-01-18] (Kaspersky Lab JSC -> AO Kaspersky Lab) R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116888 2021-01-14] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2020-10-28] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [153400 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [250168 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300856 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-13] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-14] (Malwarebytes Inc -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-13] (Malwarebytes Inc -> Malwarebytes) R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2020-05-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [55904 2019-06-26] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated) S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.) S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.) S3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20496 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-15] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-15] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-17 10:39 - 2021-03-16 21:45 - 000000000 ____D C:\Windows.old 2021-03-17 10:35 - 2021-03-17 10:39 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-03-17 10:33 - 2021-03-17 10:33 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-03-17 10:18 - 2021-03-17 10:18 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-03-17 10:18 - 2021-03-17 10:18 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-03-17 10:18 - 2021-03-17 10:18 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-03-17 10:18 - 2021-03-17 10:18 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-03-17 10:18 - 2021-03-17 10:18 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-03-17 10:18 - 2021-03-17 10:18 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll 2021-03-17 10:18 - 2021-03-17 10:18 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll 2021-03-17 10:18 - 2021-03-17 10:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-03-17 10:18 - 2021-03-17 10:18 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll 2021-03-17 10:18 - 2021-03-17 10:18 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-03-17 10:18 - 2021-03-17 10:18 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-03-17 10:18 - 2021-03-17 10:18 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-03-17 10:17 - 2021-03-17 10:17 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-03-17 10:17 - 2021-03-17 10:17 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-03-17 10:17 - 2021-03-17 10:17 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-03-17 10:17 - 2021-03-17 10:17 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-03-17 10:17 - 2021-03-17 10:17 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-03-17 10:17 - 2021-03-17 10:17 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-03-17 10:17 - 2021-03-17 10:17 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-03-17 10:17 - 2021-03-17 10:17 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-03-17 10:17 - 2021-03-17 10:17 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-03-17 10:17 - 2021-03-17 10:17 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-03-17 10:16 - 2021-03-17 10:16 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-03-17 10:16 - 2021-03-17 10:16 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-03-17 10:16 - 2021-03-17 10:16 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-03-17 10:16 - 2021-03-17 10:16 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-03-17 10:16 - 2021-03-17 10:16 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2021-03-17 10:16 - 2021-03-17 10:16 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-03-17 10:16 - 2021-03-17 10:16 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-03-17 10:15 - 2021-03-17 10:15 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-03-17 10:15 - 2021-03-17 10:15 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-03-17 10:15 - 2021-03-17 10:15 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-03-17 10:15 - 2021-03-17 10:15 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-03-17 10:15 - 2021-03-17 10:15 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-03-17 10:15 - 2021-03-17 10:15 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-03-17 10:15 - 2021-03-17 10:15 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-03-17 10:15 - 2021-03-17 10:15 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2021-03-17 10:15 - 2021-03-17 10:15 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-03-17 10:15 - 2021-03-17 10:15 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-03-17 10:15 - 2021-03-17 10:15 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2021-03-17 10:14 - 2021-03-17 10:14 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-03-17 10:14 - 2021-03-17 10:14 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2021-03-17 10:14 - 2021-03-17 10:14 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-03-17 10:14 - 2021-03-17 10:14 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-03-17 10:13 - 2021-03-17 10:13 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-03-17 10:13 - 2021-03-17 10:13 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-03-17 10:13 - 2021-03-17 10:13 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-03-17 10:13 - 2021-03-17 10:13 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-03-17 10:13 - 2021-03-17 10:13 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-03-17 10:13 - 2021-03-17 10:13 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-03-17 10:13 - 2021-03-17 10:13 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-03-17 10:13 - 2021-03-17 10:13 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-03-17 10:13 - 2021-03-17 10:13 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2021-03-17 10:12 - 2021-03-17 10:12 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-03-17 10:12 - 2021-03-17 10:12 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-03-17 10:12 - 2021-03-17 10:12 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-03-17 10:12 - 2021-03-17 10:12 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-03-17 10:12 - 2021-03-17 10:12 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-03-17 10:12 - 2021-03-17 10:12 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-03-17 10:11 - 2021-03-17 10:11 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-03-17 10:11 - 2021-03-17 10:11 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-03-17 10:11 - 2021-03-17 10:11 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-03-17 10:11 - 2021-03-17 10:11 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-03-17 10:11 - 2021-03-17 10:11 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2021-03-17 10:11 - 2021-03-17 10:11 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-03-17 10:11 - 2021-03-17 10:11 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2021-03-17 10:11 - 2021-03-17 10:11 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-03-17 09:53 - 2021-03-17 09:53 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-03-17 09:53 - 2021-03-17 09:53 - 000000000 ____D C:\Program Files\MSBuild 2021-03-17 09:53 - 2021-03-17 09:53 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-03-17 09:53 - 2021-03-17 09:53 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-03-17 05:54 - 2021-03-17 05:54 - 000000020 ___SH C:\Users\Admin\ntuser.ini 2021-03-16 21:43 - 2021-03-16 21:43 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3076391084-2480122960-4283986350-500 2021-03-16 21:42 - 2021-03-16 21:43 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-03-16 21:42 - 2021-03-16 21:42 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-03-16 21:42 - 2021-03-16 21:42 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-03-16 21:42 - 2021-03-16 21:42 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3076391084-2480122960-4283986350-1002 2021-03-16 21:42 - 2021-03-16 21:42 - 000002486 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2021-03-16 21:42 - 2021-03-16 21:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform 2021-03-16 21:42 - 2021-03-16 21:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-16 21:42 - 2021-03-16 21:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2021-03-16 21:39 - 2021-03-16 21:42 - 000011433 _____ C:\WINDOWS\diagwrn.xml 2021-03-16 21:39 - 2021-03-16 21:42 - 000011433 _____ C:\WINDOWS\diagerr.xml 2021-03-16 21:17 - 2021-03-17 05:54 - 000000000 ____D C:\Users\Admin 2021-03-16 21:17 - 2021-03-16 21:27 - 000000000 ____D C:\Users\HKP 2021-03-16 21:17 - 2019-12-07 14:40 - 000001105 _____ C:\Users\HKP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-16 21:17 - 2019-12-07 14:40 - 000001105 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-16 21:14 - 2017-09-25 01:03 - 000099816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2021-03-16 16:47 - 2021-03-17 05:54 - 000000000 ___DC C:\WINDOWS\Panther 2021-03-16 14:50 - 2021-03-16 16:00 - 000000000 ____D C:\ESD 2021-03-16 14:48 - 2021-03-16 14:48 - 000000000 ___HD C:\$Windows.~WS 2021-03-14 09:48 - 2021-03-14 17:52 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET 2021-03-14 09:48 - 2021-03-14 09:49 - 000000687 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-03-14 09:09 - 2021-03-14 09:09 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-03-13 16:36 - 2021-03-13 16:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-03-13 16:36 - 2021-03-13 16:36 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-03-13 16:36 - 2021-03-13 16:36 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-03-13 16:36 - 2021-03-13 16:36 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-03-13 16:36 - 2021-03-13 16:36 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-03-13 16:36 - 2021-03-13 16:36 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-03-13 16:36 - 2021-03-13 16:36 - 000001981 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-03-13 16:13 - 2021-03-13 16:13 - 000000000 ____D C:\Program Files\Malwarebytes 2021-03-13 16:04 - 2021-03-14 09:04 - 000000000 ____D C:\AdwCleaner 2021-02-20 12:05 - 2021-02-27 08:33 - 000000000 ____D C:\ProgramData\Package Cache 2021-02-20 10:52 - 2021-03-17 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN 2021-02-20 10:52 - 2021-02-20 10:52 - 000001155 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk 2021-02-20 10:52 - 2021-02-20 10:52 - 000001155 _____ C:\ProgramData\Desktop\Kaspersky VPN.lnk ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-17 14:40 - 2020-01-11 18:17 - 000000000 ____D C:\FRST 2021-03-17 14:37 - 2019-12-07 14:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-03-17 14:30 - 2020-11-19 13:24 - 000840830 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-03-17 14:30 - 2019-12-07 14:43 - 000000000 ____D C:\WINDOWS\INF 2021-03-17 14:28 - 2020-08-25 10:32 - 000000000 ____D C:\Program Files\CCleaner 2021-03-17 14:28 - 2020-07-14 10:45 - 000000000 ____D C:\ProgramData\Mozilla 2021-03-17 14:27 - 2019-06-10 08:10 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla 2021-03-17 14:24 - 2020-07-14 09:45 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2021-03-17 14:24 - 2019-06-09 20:01 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles 2021-03-17 14:22 - 2020-11-19 13:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-03-17 14:22 - 2020-10-18 11:07 - 000008192 ___SH C:\DumpStack.log.tmp 2021-03-17 14:21 - 2019-12-07 14:33 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-03-17 14:21 - 2019-12-07 14:33 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-03-17 14:19 - 2020-11-19 13:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-03-17 14:02 - 2020-07-17 15:52 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-03-17 13:54 - 2020-07-17 15:52 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-03-17 13:54 - 2019-12-07 14:33 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-17 11:49 - 2021-01-14 19:14 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Signal 2021-03-17 10:39 - 2020-12-12 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2021-03-17 10:39 - 2020-11-19 13:18 - 000000000 ____D C:\ProgramData\Packages 2021-03-17 10:39 - 2020-11-19 13:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-03-17 10:39 - 2020-11-10 10:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2021-03-17 10:39 - 2020-10-28 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicut 2021-03-17 10:39 - 2020-10-01 08:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager 2021-03-17 10:39 - 2020-09-24 08:55 - 000000000 ____D C:\WINDOWS\system32\appmgmt 2021-03-17 10:39 - 2020-09-23 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk 2021-03-17 10:39 - 2020-09-21 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2021-03-17 10:39 - 2020-09-21 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2021-03-17 10:39 - 2020-09-21 17:30 - 000000000 ____D C:\WINDOWS\SHELLNEW 2021-03-17 10:39 - 2020-08-25 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2021-03-17 10:39 - 2020-07-15 08:35 - 000000000 ____D C:\Program Files\UNP 2021-03-17 10:39 - 2020-07-14 22:45 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-03-17 10:39 - 2020-07-14 22:45 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-03-17 10:39 - 2020-01-08 10:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters 2021-03-17 10:39 - 2019-12-07 14:48 - 000000000 ____D C:\WINDOWS\Setup 2021-03-17 10:39 - 2019-12-07 14:44 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-03-17 10:39 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-03-17 10:39 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-03-17 10:39 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-03-17 10:39 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\catroot2.bak 2021-03-17 10:39 - 2019-12-07 14:44 - 000000000 ____D C:\ProgramData\USOPrivate 2021-03-17 10:39 - 2019-12-07 14:44 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-03-17 10:39 - 2019-11-22 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security 2021-03-17 10:39 - 2019-06-17 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer 2021-03-17 10:39 - 2019-06-10 19:27 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.6 2021-03-17 10:38 - 2019-12-07 14:44 - 000000000 __RHD C:\Users\Public\Libraries 2021-03-17 10:35 - 2020-07-14 09:44 - 000000000 ____D C:\Program Files\Realtek 2021-03-17 10:35 - 2020-07-14 09:44 - 000000000 ____D C:\Program Files\Intel 2021-03-17 10:35 - 2019-07-08 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit 2021-03-17 10:28 - 2019-12-07 15:24 - 000000000 ___SD C:\WINDOWS\system32\AppV 2021-03-17 10:28 - 2019-12-07 15:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-03-17 10:28 - 2019-12-07 15:24 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-03-17 10:28 - 2019-12-07 15:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\SystemResources 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\setup 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\Com 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\Provisioning 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\IME 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\Program Files\Common Files\System 2021-03-17 10:28 - 2019-12-07 14:44 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-03-17 10:28 - 2019-12-07 14:33 - 000000000 ____D C:\WINDOWS\servicing 2021-03-17 10:11 - 2020-11-19 13:15 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-03-17 09:59 - 2019-12-07 15:22 - 000000000 ____D C:\WINDOWS\OCR 2021-03-17 06:39 - 2020-07-14 10:40 - 000000000 ____D C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder 2021-03-17 06:13 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-03-17 06:11 - 2019-12-07 14:44 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-03-17 05:55 - 2020-11-19 13:18 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-03-17 05:55 - 2019-12-07 14:44 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-03-16 21:44 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-03-16 21:42 - 2020-11-19 13:16 - 000003406 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-03-16 21:42 - 2020-11-19 13:16 - 000003182 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-03-16 21:42 - 2019-12-07 14:44 - 000000000 ____D C:\Program Files\Windows Defender 2021-03-16 21:38 - 2019-12-07 14:44 - 000000000 ___HD C:\Program Files\WindowsApps 2021-03-16 21:31 - 2019-12-07 14:44 - 000000000 __RSD C:\WINDOWS\Media 2021-03-16 21:21 - 2020-07-21 09:52 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2021-03-16 21:21 - 2020-05-24 09:47 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake 2021-03-16 21:21 - 2019-06-10 09:08 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2021-03-16 21:19 - 2020-07-14 10:34 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages 2021-03-16 21:18 - 2020-10-18 09:07 - 000000000 ____D C:\Users\HKP\AppData\Local\Packages 2021-03-16 21:15 - 2020-11-19 13:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-03-16 21:15 - 2020-11-19 13:16 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-03-16 21:15 - 2020-11-19 13:16 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-03-16 21:15 - 2020-07-14 22:54 - 000000000 ____D C:\WINDOWS\SysWOW64\sda 2021-03-16 21:15 - 2020-07-14 09:45 - 032931716 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip 2021-03-16 21:15 - 2020-07-14 09:45 - 000000000 ____D C:\WINDOWS\system32\DAX2 2021-03-16 21:14 - 2020-07-14 09:45 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2021-03-16 21:14 - 2020-07-14 09:44 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2021-03-16 21:10 - 2020-11-19 13:13 - 000348696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-03-16 18:15 - 2019-06-10 08:09 - 000000000 ___RD C:\Users\Admin\OneDrive 2021-03-16 17:52 - 2019-08-29 12:19 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2021-03-16 16:10 - 2020-07-22 15:32 - 000000000 ___HD C:\$WinREAgent 2021-03-16 12:22 - 2020-09-02 06:35 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-03-16 12:22 - 2020-07-14 10:45 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-16 12:22 - 2020-07-14 10:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-15 16:06 - 2020-07-17 16:50 - 000000000 ____D C:\Program Files (x86)\Google 2021-03-14 14:42 - 2020-07-18 07:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\qBittorrent 2021-03-13 16:14 - 2020-08-24 12:47 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-03-13 09:43 - 2020-07-15 08:45 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Temp 2021-03-13 09:00 - 2020-07-25 14:38 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps 2021-03-11 09:44 - 2020-07-21 09:52 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Telegram Desktop 2021-03-09 08:09 - 2020-09-23 15:03 - 000000000 ____D C:\Program Files (x86)\AnyDesk 2021-03-05 17:38 - 2020-07-14 12:44 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache 2021-03-05 10:46 - 2020-10-28 10:29 - 000000794 _____ C:\Users\Public\Desktop\Bandicut.lnk 2021-03-05 10:46 - 2020-10-28 10:29 - 000000794 _____ C:\ProgramData\Desktop\Bandicut.lnk 2021-03-05 10:45 - 2020-10-28 10:29 - 000000000 ____D C:\Program Files\Bandicut 2021-02-27 15:39 - 2020-07-14 11:25 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc 2021-02-27 09:07 - 2020-08-25 10:32 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk 2021-02-27 09:07 - 2020-08-25 10:32 - 000000823 _____ C:\ProgramData\Desktop\CCleaner.lnk 2021-02-22 18:30 - 2020-12-07 10:47 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-02-20 10:52 - 2020-09-23 20:41 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2021-02-20 10:52 - 2020-08-18 10:04 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2021-02-20 10:52 - 2020-07-24 07:48 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2021-02-16 12:47 - 2020-08-24 12:45 - 000000000 ____D C:\Program Files (x86)\Adobe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================