Skip to main content

Trojan.Malpack.GS, Trojan.Downloader, Trojan.Malpack - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

xmlns="http://www.w3.org/1999/xhtml" id="emailbody" style="margin:0 2em;font-family:Georgia,Helvetica,Arial,Sans-Serif;line-height:140%;font-size:13px;color:#000000;">

Trojan.Malpack.GS, Trojan.Downloader, Trojan.Malpack - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

xmlns="">

Trojan.Malpack.GS, Trojan.Downloader, Trojan.Malpack - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Posted: 16 Apr 2020 12:00 AM PDT

Tripitaka calling........

Just received another laptop, there were no reports of any strange behavior from the owner. He just asked me to clean it up and set up the security for him. So, of course, I ran Mbam and it came back with 3 trojans. Next I ran Sophos and that removed the 3 trojans. If I remember correctly, I didn't think to use FRST until a bit later, sorry for my bad memory I have been up all night making variousphone calls to the UK. Anyhow, here are the logs for your perusal. Thank you.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/17/20
Scan Time: 6:44 AM
Log File: cd4cca94-8033-11ea-9670-48e244001de0.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.875
Update Package Version: 1.0.22546
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: vasi\Dr.Vasikaran

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 235340
Threats Detected: 5
Threats Quarantined: 0
Time Elapsed: 8 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\FREE VIDEO TO AUDIO CONVERTER 2015\GOUP.EXE, No Action By User, 494, 334528, 1.0.22546, , ame,
Trojan.MalPack.GS, C:\USERS\DR.VASIKARAN\495060695030040\WINSVCS.EXE, No Action By User, 8186, 639145, 1.0.22546, 97FCF5B4D60FAECC056B6780, dds, 00679507
Trojan.Downloader, C:\USERS\DR.VASIKARAN\9400569603030405\WINSECMGR.EXE, No Action By User, 547, 639649, 1.0.22546, , ame,
Trojan.MalPack, C:\USERS\DR.VASIKARAN\9400595903035040\WINSVCS.EXE, No Action By User, 548, 619435, 1.0.22546, , ame,
Malware.Generic.3623742208, C:\USERS\DR.VASIKARAN\DESKTOP\NEIL\PRODUKEY_SETUP.EXE, No Action By User, 1000000, 0, 1.0.22546, D36DAC72FE159F16D7FDEB00, dds, 00679507

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2020
Ran by Dr.Vasikaran (administrator) on VASI (HP HP Notebook) (17-04-2020 08:07:29)
Running from C:\Users\Dr.Vasikaran\Desktop\NEiL
Loaded Profiles: Dr.Vasikaran (Available Profiles: Dr.Vasikaran)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Garena Online Pte Ltd -> Garena Online ) C:\Program Files (x86)\Garena\Garena\2.0.1902.0110\gxxsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2019-01-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020080217753\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\...\Run: [Google Update] => C:\Users\Dr.Vasikaran\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BD0C21-A4E8-49E3-89E5-639908A3F1A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-17] (Google Inc -> Google Inc.)
Task: {02AB17F3-7C3C-4880-B126-2980C5CA2AD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {20EBDE83-3EB0-41AB-88FC-1A2CBF2549DA} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [457600 2019-02-01] (Garena Online Pte Ltd -> Garena Online )
Task: {6A83022E-CA9D-45C0-8F32-1CBDF546D080} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6D7934F4-DFD5-4890-B527-FEDF718BEF09} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
Task: {89A638A6-B15D-473D-A6BB-A8BFC53C34BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2047828464-2798104583-2640265363-1001Core => C:\Users\Dr.Vasikaran\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2019-01-18] (Google Inc -> Google Inc.)
Task: {8C5ADB1D-C195-4741-A2C5-C7B52F734878} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-17] (Google Inc -> Google Inc.)
Task: {9280419F-3732-4A9D-9AC8-6A6A27C8E479} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2047828464-2798104583-2640265363-1001UA => C:\Users\Dr.Vasikaran\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2019-01-18] (Google Inc -> Google Inc.)
Task: {A4028B82-DF5A-4CED-B4C5-ECC7D6721D90} - System32\Tasks\WpsExternal_Dr.Vasikaran_20200404183617 => C:\Users\Dr.Vasikaran\AppData\Local\Kingsoft\WPS Office\11.2.0.9255\office6\wps.exe [1097472 2020-04-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {A88CC82E-80ED-4EB1-B2DB-22E960AA973F} - System32\Tasks\WpsUpdateTask_Dr.Vasikaran => C:\Users\Dr.Vasikaran\AppData\Local\Kingsoft\WPS Office\11.2.0.9255\office6\wpsupdate.exe [157952 2020-04-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {BEE04348-1254-44A9-9BEC-392494D45AB4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-03-21] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\gxx speed launcher.job => C:\Program Files (x86)\Garena\Garena\Garena.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{752743F9-9193-4F09-AB71-0FC201992AEE}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{8B92EB35-81DA-4A19-BBD3-78F06C7DD7E8}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2047828464-2798104583-2640265363-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

FireFox:
========
FF DefaultProfile: ydtboyzj.default
FF ProfilePath: C:\Users\Dr.Vasikaran\AppData\Roaming\Mozilla\Firefox\Profiles\ydtboyzj.default [2020-04-17]
FF ProfilePath: C:\Users\Dr.Vasikaran\AppData\Roaming\Mozilla\Firefox\Profiles\p9qerzfp.default-release [2020-04-17]
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN -> VideoLAN)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1419424 2019-01-16] (Intel® Software -> Intel Corporation)
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1902.0110\gxxsvc.exe [320512 2019-02-01] (Garena Online Pte Ltd -> Garena Online )
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370784 2018-11-14] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-17] (Malwarebytes Inc -> Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268368 2019-01-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [351784 2019-01-16] (Synaptics Incorporated -> Synaptics Incorporated)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-02-15] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
S3 wpscloudsvr; C:\Users\Dr.Vasikaran\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [790784 2020-04-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows ® Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52208 2019-01-16] (Intel® Software -> Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [50672 2019-01-16] (Intel® Software -> Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [260080 2019-01-16] (Intel® Software -> Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-04-17] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-04-17] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [195432 2020-04-17] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-04-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-04-17] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [124560 2020-04-17] (Malwarebytes Inc -> Malwarebytes)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38088 2019-01-28] (SoftEther Corporation -> SoftEther Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [745424 2019-07-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [7824720 2019-01-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [49864 2019-01-28] (SoftEther Corporation -> SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50888 2019-01-28] (SoftEther Corporation -> SoftEther Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [46632 2019-01-16] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2019-01-16] (Hewlett-Packard Company -> HP)
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-17 08:04 - 2020-04-17 08:07 - 000000000 ____D C:\FRST
2020-04-17 07:00 - 2020-04-17 07:00 - 000000000 ____D C:\ProgramData\Sophos
2020-04-17 06:58 - 2020-04-17 06:58 - 000195432 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-04-17 06:58 - 2020-04-17 06:58 - 000124560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-04-17 06:58 - 2020-04-17 06:58 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-04-17 06:55 - 2020-04-17 06:55 - 000001885 _____ C:\Users\Dr.Vasikaran\Desktop\mbam 170420.txt
2020-04-17 06:32 - 2020-04-17 06:58 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-04-17 06:32 - 2020-04-17 06:32 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-04-17 06:32 - 2020-04-17 06:32 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-04-17 06:32 - 2020-04-17 06:32 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-04-17 06:32 - 2020-04-17 06:32 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Local\mbamtray
2020-04-17 06:32 - 2020-04-17 06:32 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Local\mbam
2020-04-17 06:32 - 2020-04-17 06:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-04-17 06:32 - 2020-04-17 06:31 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-04-17 06:31 - 2020-04-17 06:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-04-17 06:27 - 2020-04-17 06:27 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2020-04-17 06:27 - 2020-04-17 06:27 - 000002775 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2020-04-17 06:27 - 2020-04-17 06:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2020-04-17 06:27 - 2020-04-17 06:27 - 000000000 ____D C:\Program Files\Malwarebytes
2020-04-17 06:27 - 2020-04-17 06:27 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-04-17 06:24 - 2015-08-22 21:42 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2020-04-17 06:24 - 2015-08-22 21:35 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2020-04-17 06:18 - 2020-04-17 06:18 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Roaming\vlc
2020-04-17 06:17 - 2020-04-17 06:17 - 000001086 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-04-17 06:17 - 2020-04-17 06:17 - 000001086 _____ C:\ProgramData\Desktop\VLC media player.lnk
2020-04-17 06:17 - 2020-04-17 06:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2020-04-17 06:16 - 2020-04-17 06:16 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2020-04-17 06:12 - 2020-04-17 06:12 - 000000000 ____D C:\Users\Public\Foxit Software
2020-04-17 06:12 - 2020-04-17 06:12 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Roaming\Foxit AgentInformation
2020-04-17 06:12 - 2020-04-17 06:12 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2020-04-17 06:11 - 2020-04-17 06:15 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Roaming\Foxit Software
2020-04-17 06:11 - 2020-04-17 06:11 - 000001371 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2020-04-17 06:11 - 2020-04-17 06:11 - 000001371 _____ C:\ProgramData\Desktop\Foxit Reader.lnk
2020-04-17 06:11 - 2020-04-17 06:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2020-04-17 06:11 - 2020-04-17 06:11 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2020-04-17 06:07 - 2020-04-17 06:35 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Roaming\foobar2000
2020-04-17 06:07 - 2020-04-17 06:07 - 000001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2020-04-17 06:07 - 2020-04-17 06:07 - 000001047 _____ C:\Users\Public\Desktop\foobar2000.lnk
2020-04-17 06:07 - 2020-04-17 06:07 - 000001047 _____ C:\ProgramData\Desktop\foobar2000.lnk
2020-04-17 06:07 - 2020-04-17 06:07 - 000000000 ____D C:\Program Files (x86)\foobar2000
2020-04-17 05:09 - 2020-04-17 05:09 - 000000808 _____ C:\Users\Public\Desktop\Speccy.lnk
2020-04-17 05:09 - 2020-04-17 05:09 - 000000808 _____ C:\ProgramData\Desktop\Speccy.lnk
2020-04-17 05:09 - 2020-04-17 05:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-04-17 05:09 - 2020-04-17 05:09 - 000000000 ____D C:\Program Files\Speccy
2020-04-17 04:10 - 2020-04-17 04:10 - 000000000 ____D C:\Users\Dr.Vasikaran\Downloads\PPT Presentation
2020-04-17 04:09 - 2020-04-17 04:43 - 000000000 ____D C:\Users\Dr.Vasikaran\Downloads\HP Notebook - 15-g207ax
2020-04-17 04:07 - 2020-04-17 04:09 - 000000000 ____D C:\Users\Dr.Vasikaran\Downloads\JPEG images
2020-04-17 04:05 - 2020-04-17 04:06 - 000000000 ____D C:\Users\Dr.Vasikaran\Downloads\DOCX Documents
2020-04-17 04:00 - 2020-04-17 04:08 - 000166400 ___SH C:\Users\Dr.Vasikaran\Downloads\Thumbs.db
2020-04-17 03:59 - 2020-04-17 04:02 - 000000000 ____D C:\Users\Dr.Vasikaran\Downloads\PNG Files
2020-04-17 03:58 - 2020-04-17 03:58 - 000000000 ____D C:\Users\Dr.Vasikaran\Downloads\WPS PDF Documents
2020-04-17 03:57 - 2020-04-17 04:05 - 000000000 ____D C:\Users\Dr.Vasikaran\Downloads\Apps Vasi
2020-04-17 03:44 - 2020-04-17 08:07 - 000000000 ____D C:\Users\Dr.Vasikaran\Desktop\NEiL
2020-04-17 02:43 - 2019-03-28 17:11 - 000029232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2020-04-17 02:43 - 2019-03-28 17:11 - 000017968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2020-04-17 02:43 - 2019-03-28 17:09 - 000032816 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2020-04-17 02:43 - 2019-03-28 17:09 - 000017968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2020-04-17 02:43 - 2019-02-21 10:53 - 000622832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_clr0400.dll
2020-04-17 02:43 - 2019-02-21 10:53 - 000433448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_clr0400.dll
2020-04-17 02:43 - 2019-02-21 10:53 - 000087296 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140_clr0400.dll
2020-04-17 02:43 - 2019-02-21 10:53 - 000083768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140_clr0400.dll
2020-04-17 02:42 - 2019-02-21 10:53 - 000772176 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_clr0400.dll
2020-04-17 02:42 - 2019-02-21 10:53 - 000702400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase_clr0400.dll
2020-04-17 02:19 - 2020-04-17 05:59 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\LocalLow\Mozilla
2020-04-17 02:19 - 2020-04-17 02:19 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-17 02:19 - 2020-04-17 02:19 - 000000936 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-04-17 02:19 - 2020-04-17 02:19 - 000000936 _____ C:\ProgramData\Desktop\Firefox.lnk
2020-04-17 02:19 - 2020-04-17 02:19 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-04-17 02:19 - 2020-04-17 02:19 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Roaming\Mozilla
2020-04-17 02:19 - 2020-04-17 02:19 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Local\Mozilla
2020-04-17 02:19 - 2020-04-17 02:19 - 000000000 ____D C:\ProgramData\Mozilla
2020-04-17 02:19 - 2020-04-17 02:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-17 02:19 - 2020-04-17 02:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-17 00:52 - 2020-04-17 00:53 - 000000000 ____D C:\Users\Dr.Vasikaran\Documents\CCleaner BackUps
2020-04-17 00:22 - 2020-04-17 08:04 - 000048640 ___SH C:\Users\Dr.Vasikaran\Desktop\Thumbs.db
2020-04-16 21:00 - 2020-04-16 21:00 - 000001093 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2020-04-16 21:00 - 2020-04-16 21:00 - 000001093 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2020-04-16 21:00 - 2020-04-16 21:00 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Local\VS Revo Group
2020-04-16 21:00 - 2020-04-16 21:00 - 000000000 ____D C:\ProgramData\VS Revo Group
2020-04-16 21:00 - 2020-04-16 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2020-04-16 21:00 - 2020-04-16 21:00 - 000000000 ____D C:\Program Files\VS Revo Group
2020-04-16 21:00 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2020-04-11 22:56 - 2020-04-16 21:06 - 000000000 ____D C:\Users\Dr.Vasikaran\Documents\Kaspersky Password Manager
2020-04-05 21:47 - 2020-04-05 09:48 - 001193016 _____ (Akeo Consulting) C:\Users\Dr.Vasikaran\Desktop\rufus-3.9.exe
2020-04-05 20:46 - 2020-04-05 20:46 - 000103488 _____ C:\Users\Dr.Vasikaran\Documents\cc_20200405_204627.reg
2020-04-05 20:35 - 2020-04-11 22:48 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-04-05 20:35 - 2020-04-05 20:35 - 000002814 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-04-05 20:35 - 2020-04-05 20:35 - 000000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-04-05 20:35 - 2020-04-05 20:35 - 000000834 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-04-05 20:35 - 2020-04-05 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-04-05 20:35 - 2020-04-05 20:35 - 000000000 ____D C:\Program Files\CCleaner
2020-04-05 09:48 - 2020-04-05 11:08 - 000000400 __RSH C:\ProgramData\ntuser.pol
2020-04-04 18:36 - 2020-04-16 21:16 - 000004246 _____ C:\Windows\system32\Tasks\WpsExternal_Dr.Vasikaran_20200404183617
2020-04-04 18:36 - 2020-04-04 18:36 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-17 07:59 - 2019-02-13 20:39 - 000000000 _RSHD C:\Users\Dr.Vasikaran\495060695030040
2020-04-17 07:59 - 2019-02-12 12:56 - 000000000 _RSHD C:\Users\Dr.Vasikaran\9400595903035040
2020-04-17 07:47 - 2019-01-16 09:20 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2047828464-2798104583-2640265363-1001
2020-04-17 06:58 - 2019-03-29 01:39 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Local\CrashDumps
2020-04-17 06:57 - 2019-01-16 09:38 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-04-17 06:57 - 2019-01-16 09:38 - 000000000 __SHD C:\Users\Dr.Vasikaran\IntelGraphicsProfiles
2020-04-17 06:57 - 2013-08-22 22:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-17 06:25 - 2019-01-27 19:26 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-17 06:24 - 2013-08-22 23:20 - 000000000 ____D C:\Windows\CbsTemp
2020-04-17 06:06 - 2013-09-30 12:14 - 000820208 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-17 06:06 - 2013-08-22 21:36 - 000000000 ____D C:\Windows\Inf
2020-04-17 05:59 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-04-17 04:09 - 2019-04-21 17:51 - 000000000 ____D C:\Users\Dr.Vasikaran\Downloads\NEET
2020-04-17 03:20 - 2013-08-22 22:44 - 000337840 _____ C:\Windows\system32\FNTCACHE.DAT
2020-04-17 01:59 - 2019-01-28 00:30 - 000000000 ___SD C:\Windows\system32\CompatTel
2020-04-17 01:59 - 2019-01-28 00:30 - 000000000 ____D C:\Windows\system32\appraiser
2020-04-17 01:59 - 2013-08-22 23:36 - 000000000 ___RD C:\Windows\ToastData
2020-04-17 01:59 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\system32\setup
2020-04-17 01:59 - 2013-08-22 23:36 - 000000000 ____D C:\Program Files\Windows Defender
2020-04-17 01:59 - 2013-08-22 23:36 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-04-17 01:59 - 2013-08-22 21:36 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-04-17 01:59 - 2013-08-22 21:36 - 000000000 ____D C:\Windows\system32\oobe
2020-04-17 01:59 - 2013-08-22 21:36 - 000000000 ____D C:\Windows\system32\Dism
2020-04-17 01:05 - 2013-08-22 21:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-04-17 00:51 - 2019-01-18 19:30 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2020-04-17 00:38 - 2019-01-16 09:28 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Local\Google
2020-04-17 00:38 - 2019-01-16 09:28 - 000000000 ____D C:\Program Files (x86)\Google
2020-04-16 23:38 - 2019-01-16 09:15 - 000000000 ____D C:\Users\Dr.Vasikaran\AppData\Local\Packages
2020-04-16 23:38 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\AppReadiness
2020-04-16 21:51 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\rescache
2020-04-16 21:30 - 2019-02-13 20:18 - 000000000 ____D C:\Windows\Minidump
2020-04-16 21:30 - 2019-01-17 14:42 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-16 21:16 - 2019-07-09 13:58 - 000003858 _____ C:\Windows\system32\Tasks\WpsUpdateTask_Dr.Vasikaran
2020-04-16 21:16 - 2019-01-27 23:51 - 000003414 _____ C:\Windows\system32\Tasks\gxx speed launcher
2020-04-16 21:03 - 2019-07-09 13:59 - 000000000 ____D C:\Program Files\Common Files\AV
2020-04-16 21:03 - 2013-08-22 23:36 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-04-16 21:03 - 2013-08-22 21:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2020-04-11 23:28 - 2019-01-16 09:15 - 000000000 ____D C:\Users\Dr.Vasikaran
2020-04-11 22:40 - 2019-01-27 23:52 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-04-05 20:40 - 2019-11-16 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2020-04-05 09:48 - 2013-08-22 23:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-04-05 09:48 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2020-04-02 07:49 - 2019-01-16 10:01 - 000744808 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-03-21 18:49 - 2019-01-17 14:39 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-21 18:49 - 2019-01-17 14:39 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-21 13:42 - 2019-01-18 19:18 - 000003526 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2047828464-2798104583-2640265363-1001UA
2020-03-21 13:42 - 2019-01-18 19:17 - 000003254 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2047828464-2798104583-2640265363-1001Core

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-04-17 02:17
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2020
Ran by Dr.Vasikaran (17-04-2020 08:08:39)
Running from C:\Users\Dr.Vasikaran\Desktop\NEiL
Windows 8.1 Pro (Update) (X64) (2019-01-16 01:15:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2047828464-2798104583-2640265363-500 - Administrator - Disabled)
Dr.Vasikaran (S-1-5-21-2047828464-2798104583-2640265363-1001 - Administrator - Enabled) => C:\Users\Dr.Vasikaran
Guest (S-1-5-21-2047828464-2798104583-2640265363-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2047828464-2798104583-2640265363-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Animiz Animation Maker 2.5.6 (HKLM\...\animizvideoen_is1) (Version: 2.5.6 - Animiz Video Solution)
Backup and Sync from Google (HKLM\...\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}) (Version: 3.47.7654.0300 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform)
foobar2000 v1.5.3 (HKLM-x32\...\foobar2000) (Version: 1.5.3 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.2.29539 - Foxit Software Inc.)
Free Video To Audio Converter 2015 6.5.5 (HKLM-x32\...\Free Video To Audio Converter 2015_is1) (Version:  - FAEMedia Co., Ltd.)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1902.0110 - Garena)
Google Photos Backup (HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Mozilla Firefox 75.0 (x64 en-US) (HKLM\...\Mozilla Firefox 75.0 (x64 en-US)) (Version: 75.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 75.0 - Mozilla)
PUBG Lite (HKLM-x32\...\PUBG Lite_is1) (Version: 1.0.0.2 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8597 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.2.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.2.3 - VS Revo Group, Ltd.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.69 - Synaptics Incorporated)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WhatsApp (HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\...\WhatsApp) (Version: 0.3.4679 - WhatsApp)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.2.1) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
WPS Office (11.2.0.9255) (HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\...\Kingsoft Office) (Version: 11.2.0.9255 - Kingsoft Corp.)
YTD Video Downloader 5.9.13 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.9.13 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2047828464-2798104583-2640265363-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020065813063_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Dr.Vasikaran\AppData\Local\Kingsoft\WPS Office\11.2.0.9255\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2047828464-2798104583-2640265363-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020065813063_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-2047828464-2798104583-2640265363-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020065813063_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dr.Vasikaran\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2047828464-2798104583-2640265363-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020065813063_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Dr.Vasikaran\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2047828464-2798104583-2640265363-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Dr.Vasikaran\AppData\Local\Kingsoft\WPS Office\11.2.0.9255\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2047828464-2798104583-2640265363-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-2047828464-2798104583-2640265363-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dr.Vasikaran\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2047828464-2798104583-2640265363-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Dr.Vasikaran\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-12-22] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-12-22] (Google LLC -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-11-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [          qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [          qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [          qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} =>  -> No File
ContextMenuHandlers1_S-1-5-21-2047828464-2798104583-2640265363-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Dr.Vasikaran\AppData\Local\Kingsoft\WPS Office\11.2.0.9255\office6\kwpsmenushellext64.dll [2020-04-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-2047828464-2798104583-2640265363-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Dr.Vasikaran\AppData\Local\Kingsoft\WPS Office\11.2.0.9255\office6\kwpsmenushellext64.dll [2020-04-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dr.Vasikaran\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Dr.Vasikaran\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2019-07-09 13:50 - 000000830 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dr.Vasikaran\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: SoftEther Lightweight Network Protocol -> selow (enabled)
VPN - VPN Client: SoftEther Lightweight Network Protocol -> selow (enabled)
Bluetooth Network Connection: SoftEther Lightweight Network Protocol -> selow (enabled)
Wi-Fi: SoftEther Lightweight Network Protocol -> selow (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\...\StartupApproved\StartupFolder: => "LtHgNeMqRB.url"
HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\...\StartupApproved\Run: => "VideoDownloadCapture"
HKU\S-1-5-21-2047828464-2798104583-2640265363-1001\...\StartupApproved\Run: => "Microsoft Windows Services"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{59777866-310F-4715-A744-3814F64A2ECF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C1DB938D-69EC-4B6B-B9C1-CC06814FCBD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9D6D9A80-5828-4B0B-B05D-BFD33C0D7B72}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BB07E065-185E-4B4F-A15A-3CFC96A2F424}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{47E8CAB6-3CE1-4579-9F9F-7F005A39A21A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{49982B53-61BD-4DB8-83BC-0D751A2D640C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{DAA8519D-D574-4AC5-B8C1-2D3B921B665C}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1812.2810\gxxsvc.exe (Garena Online Pte Ltd -> Garena Online )
FirewallRules: [TCP Query User{5BDBE620-856A-40C5-ADA9-0C00F5C86D87}F:\garena\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) F:\garena\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works)
FirewallRules: [UDP Query User{5B5A8110-A2FB-466D-9E92-A801034702AE}F:\garena\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) F:\garena\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works)
FirewallRules: [{A3379B69-62AE-4DE6-B315-455D49D0C2DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7A33F26C-CB93-48AC-BA93-3F9280319480}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

17-04-2020 05:54:29 before april updates

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/17/2020 06:58:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.620, time stamp: 0x5e8e029e
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xf44
Faulting application start time: 0x01d614428eb966c0
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: KERNELBASE.dll
Report Id: d0d010cb-8035-11ea-82a0-48e244001de0
Faulting package full name:
Faulting package-relative application ID:

Error: (04/17/2020 06:58:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.0.27, time stamp: 0x5d9e0573
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d
Exception code: 0xc0000142
Fault offset: 0x0009d3c2
Faulting process id: 0xf5c
Faulting application start time: 0x01d614428bab6145
Faulting application path: C:\Users\Dr.Vasikaran\AppData\LocalLow\IGDump\lftrlgadcjwztxktxewzgqrovazjduwz\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: cd3c87b5-8035-11ea-82a0-48e244001de0
Faulting package full name:
Faulting package-relative application ID:

Error: (04/17/2020 05:09:18 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (348) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb001C3.log.

Error: (04/17/2020 04:55:23 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Backup and Sync from Google -- Error 1714. The older version of Backup and Sync from Google cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (04/16/2020 11:06:03 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Backup and Sync from Google -- Error 1714. The older version of Backup and Sync from Google cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (04/16/2020 09:01:00 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (04/11/2020 10:56:43 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (04/11/2020 10:40:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.17931, time stamp: 0x55a006b9
Exception code: 0xc0000005
Fault offset: 0x0000000000049b49
Faulting process id: 0x4f8
Faulting application start time: 0x01d6100e6bbc3a77
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 53bfae8d-7c02-11ea-8297-48e244001de0
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (04/17/2020 06:57:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetGroup Packet Filter Driver service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/17/2020 06:57:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/17/2020 06:02:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetGroup Packet Filter Driver service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/17/2020 06:02:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/17/2020 03:21:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/17/2020 03:21:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (04/17/2020 03:20:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetGroup Packet Filter Driver service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/17/2020 03:20:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Windows Defender:
===================================
Date: 2019-02-28 00:31:33.544
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {BAA8D540-D09A-4A36-A253-D21168044D1A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-26 10:21:49.095
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {C84F79A1-2FD6-4EE1-A71E-1D8008F23815}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-26 10:15:54.753
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {E8937324-BAB6-41D2-895A-36DDCA9C1322}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-26 07:30:49.673
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {E564D470-39A2-4E54-B5F0-F9ACE995167F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-26 06:47:06.598
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {DD9B00BE-A4C6-4995-974F-1EEC05C9D2D7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-14 23:11:38.403
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1501.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-02-14 23:11:38.402
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1501.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-02-14 23:11:38.375
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1501.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-02-13 21:06:34.965
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.836.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2019-02-13 21:06:34.964
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.836.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

CodeIntegrity:
===================================

Date: 2020-04-11 23:20:35.952
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 23:20:35.444
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 22:57:22.002
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 22:57:21.421
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 22:46:25.619
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 22:41:15.665
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 22:41:15.260
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 22:39:31.561
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde F.1A 09/11/2015
Motherboard: HP 80C1
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 23%
Total physical RAM: 8107.39 MB
Available physical RAM: 6197.75 MB
Total Virtual: 16299.39 MB
Available Virtual: 14533.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:495.31 GB) (Free:368.35 GB) NTFS
Drive d: (study materials) (Fixed) (Total:488.28 GB) (Free:483.17 GB) NTFS
Drive f: (my gadgets) (Fixed) (Total:390.62 GB) (Free:376.49 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:488.28 GB) (Free:486.98 GB) NTFS

\\?\Volume{b63416d8-1970-4880-85f8-b5ffbcd7af49}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0BF0C7E0)

Partition: GPT.

==================== End of Addition.txt =======================

Comments

Post a Comment

Popular posts from this blog

Apple's new iCloud feature for iPhone, iPad and Mac will have you kissing Dropbox goodbye - CNET

xmlns="http://www.w3.org/1999/xhtml" id="emailbody" style="margin:0 2em;font-family:Georgia,Helvetica,Arial,Sans-Serif;line-height:140%;font-size:13px;color:#000000;"> Apple&#039;s new iCloud feature for iPhone, iPad and Mac will have you kissing Dropbox goodbye - CNET xmlns=""> Apple&#039;s new iCloud feature for iPhone, iPad and Mac will have you kissing Dropbox goodbye - CNET Posted: 13 Apr 2020 03:29 PM PDT Jason Cipriani/CNET At the end of March , Apple gave  iPhone , iPad  and  Mac owners yet another option to share folders of important documents and photos. Instead of relying on third-party service such as Dropbox , a software update from Apple  added the ability to use your iCloud Drive storage to share a folder, whether it's a work presentation, a collection of GIFs between friends or your kid's remote learning homework.  Not too long ago, Dropbox ...
Post a Comment
Read more

HPAPI Drug Manufacturing Trends - Contract Pharma

Highly potent API (HPAPI) drugs make up a growing percentage of the small molecule drug development pipeline and this group of products is growing faster than the overall small molecule segment, 1 largely due to their usefulness in cancer treatments. Many of these drugs have accelerated timelines for approval and commercial development, which can be challenging for drug developers to keep up with. On the front-end, new technologies such as in-silico prediction tools contribute to shortening candidate selection, 2 while Artificial Intelligence (AI) has already brought a first candidate into clinical development. 3 On the back-end, regulatory drug approval timelines are being increasingly shortened: when analyzing drug approvals in 2019, almost three-quarters of drugs approved (71%) were approved under Priority Review. 4 A related trend is increasing competition in the oncology field, with 80% of new IND’s now belonging to small, emerging or virtual biotech companies. 5 These firms o...
Post a Comment
Read more

“How to make your Google/Nest smart speakers, displays, and cameras listen for suspicious sounds - TechHive” plus 4 more

xmlns="http://www.w3.org/1999/xhtml" id="emailbody" style="margin:0 2em;font-family:Georgia,Helvetica,Arial,Sans-Serif;line-height:140%;font-size:13px;color:#000000;"> “How to make your Google/Nest smart speakers, displays, and cameras listen for suspicious sounds - TechHive” plus 4 more How to make your Google/Nest smart speakers, displays, and cameras listen for suspicious sounds - TechHive NOAA&#039;s Cloud Systems Help Manage Telework Capabilities - MeriTalk Google Launches Fully Integrated Google Cloud VMware Engine - Solutions Review Facebook&#039;s voice synthesis AI generates speech in 500 milliseconds - VentureBeat Systemware, Inc. Brings Enhanced Content Services Capabilities to the Cloud With New Platform Update - EnterpriseTalk xmlns=""> How to make your Google/Nest smart speakers, displays, and cameras listen for suspicious sounds - TechHive P...
Post a Comment
Read more