infected laptop

Few weeks ago i tried to install downloaded DVDFab and i noticed it started popping unusual things so i stopped the installation and ran malwarebytes and wind defender, both apps found threats and quarantined. I am not sure if laptop is fully clean so need help coz it is kind of running slow. Thank you in advance.

NOTE #1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Darshana (administrator) on PANCHALFAMILY (30-03-2018 22:05:56)
Running from C:\Users\Darshana\Downloads
Loaded Profiles: Darshana (Available Profiles: Darshana & emani)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\arto.exe
() C:\Users\Darshana\AppData\Local\arto.exe
() C:\Users\Darshana\AppData\Local\peanut.exe
() C:\Program Files (x86)\Insley\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Insley\arto.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\Insley\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Users\Darshana\AppData\Local\peanut.exe
() C:\Users\Darshana\AppData\Local\arto.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\peanut.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\peanut.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\mandarin\marathi.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\peanut.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\Youcam6_webcam_camera_video.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.263.1801.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\Gibsons\peanut.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-15] (Realtek Semiconductor)
HKLM\...\Run: [reckoned] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
HKLM\...\Run: [reckonedclinics] => C:\Program Files (x86)\mois\arto.exe [139776 2018-03-08] ()
HKLM\...\Run: [reckonedreckoned] => C:\Program Files (x86)\Insley\peanut.exe [139776 2018-03-08] ()
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [trumpets] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
HKLM-x32\...\Run: [trumpetsdiorama] => C:\Program Files (x86)\mois\arto.exe [139776 2018-03-08] ()
HKLM-x32\...\Run: [trumpetstrumpets] => C:\Program Files (x86)\Insley\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15947752 2017-06-28] (Plex, Inc.)
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [diorama] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [dioramatrumpets] => C:\Program Files (x86)\mois\arto.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [dioramadiorama] => C:\Program Files (x86)\Insley\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [clinics] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [clinicsreckoned] => C:\Program Files (x86)\mois\arto.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [clinicsclinics] => C:\Program Files (x86)\Insley\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [marathi] => C:\Program Files (x86)\mandarin\marathi.exe [66832 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [kinship] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
Startup: C:\Users\Darshana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\commendably.lnk [2018-03-08]
ShortcutTarget: commendably.lnk -> C:\Program Files (x86)\Gibsons\peanut.exe ()
Startup: C:\Users\Darshana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\commendablycommendably.lnk [2018-03-08]
ShortcutTarget: commendablycommendably.lnk -> C:\Program Files (x86)\mois\arto.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b6ff9527-1a31-46c5-bd98-ca3176acb48d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b6ff9527-1a31-46c5-bd98-ca3176acb48d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c2b9313f-cbae-45ca-a98c-c7b6017bacb4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{faf1cc92-181e-40eb-8977-a2aa961609eb}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{fbf30311-849a-43e8-aa3b-60e7a3a3f519}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {D30033F5-8C51-4E4A-B401-13293E04B767} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2438051969-607994775-1632804330-1001 -> {D30033F5-8C51-4E4A-B401-13293E04B767} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2438051969-607994775-1632804330-1001 -> hxxp://google.com/

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Profile: C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default [2018-03-30]
CHR Extension: (Slides) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-08]
CHR Extension: (Docs) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-08]
CHR Extension: (Google Drive) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-08]
CHR Extension: (YouTube) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-19]
CHR Extension: (Sheets) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-08]
CHR Extension: (Gmail) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2016-05-06] (Intel Corporation)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-30] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-13] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1995240 2017-06-28] (Plex, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [326656 2016-10-15] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-08] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-08] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [177800 2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2016-05-06] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2016-05-06] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2016-05-06] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-19] (Malwarebytes)
R1 MpKsl2cac190a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{64F7DADC-D7C9-46DB-AF9D-59B38E283875}\MpKsl2cac190a.sys [58120 2018-03-19] (Microsoft Corporation)
R1 MpKslc22aa6d3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DECCA136-D2CF-48C8-AA14-542C1042DC83}\MpKslc22aa6d3.sys [58120 2018-03-19] (Microsoft Corporation)
R1 MpKsld4c78389; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A49F1DD-00E7-4CAB-B14F-DC1BFD2A5A04}\MpKsld4c78389.sys [58120 2018-03-30] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-08] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-08] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-08] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 22:05 - 2018-03-30 22:07 - 000019430 _____ C:\Users\Darshana\Downloads\FRST.txt
2018-03-30 22:05 - 2018-03-30 22:05 - 002403328 _____ (Farbar) C:\Users\Darshana\Downloads\FRST64.exe
2018-03-30 22:05 - 2018-03-30 22:05 - 000000000 ____D C:\FRST
2018-03-30 19:38 - 2018-03-30 19:38 - 000000000 ___HD C:\OneDriveTemp
2018-03-19 19:30 - 2018-03-19 19:30 - 000000000 ____D C:\Users\Darshana\AppData\Local\CEF
2018-03-19 19:29 - 2018-03-19 19:29 - 000000000 ____D C:\Users\Darshana\AppData\LocalLow\Adobe
2018-03-19 19:25 - 2018-03-19 20:59 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-19 19:06 - 2018-03-02 16:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-19 19:06 - 2018-03-02 16:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-19 18:43 - 2018-03-19 21:02 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-19 18:43 - 2018-03-19 19:22 - 000002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-03-19 18:36 - 2018-03-19 18:36 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-19 18:33 - 2018-03-19 19:31 - 000000000 ____D C:\ProgramData\Adobe
2018-03-19 18:31 - 2018-03-19 19:30 - 000000000 ____D C:\Users\Darshana\AppData\Local\Adobe
2018-03-19 06:44 - 2018-03-19 06:44 - 000026246 _____ C:\Users\Darshana\Downloads\SHRM Roster 2018 (1).xlsx
2018-03-19 06:43 - 2018-03-19 06:44 - 000026246 _____ C:\Users\Darshana\Downloads\SHRM Roster 2018.xlsx
2018-03-15 21:19 - 2018-03-15 21:19 - 000195377 _____ C:\Users\Darshana\Desktop\OkOKP.pdf
2018-03-15 21:12 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-15 21:12 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-15 21:12 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-15 21:12 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-15 21:12 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-15 21:12 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-15 21:12 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-15 21:12 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-15 21:12 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-15 21:12 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-15 21:12 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-15 21:12 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-15 21:12 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-15 21:12 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-15 21:12 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-15 21:12 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-15 21:12 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-15 21:12 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-15 21:12 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-15 21:12 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-15 21:12 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-15 21:12 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-15 21:12 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-15 21:12 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-15 21:12 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-15 21:12 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-15 21:12 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-15 21:12 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-15 21:12 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-15 21:12 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-15 21:12 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-15 21:12 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-15 21:12 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-15 21:12 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-15 21:12 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-15 21:12 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-15 21:12 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-15 21:12 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-15 21:12 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-15 21:12 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-15 21:12 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-15 21:12 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-15 21:12 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-15 21:12 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-15 21:12 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-15 21:12 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-15 21:12 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-15 21:12 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-15 21:12 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-15 21:12 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-15 21:12 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-15 21:12 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-15 21:12 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-15 21:12 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-15 21:12 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-15 21:12 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-15 21:12 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-15 21:12 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-15 21:12 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-15 21:12 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-15 21:12 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-15 21:12 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-15 21:12 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-15 21:12 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-15 21:12 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-15 21:12 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-15 21:12 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-15 21:12 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-15 21:12 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-15 21:12 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-15 21:12 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-15 21:12 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-15 21:12 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-15 21:12 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-15 21:12 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-15 21:12 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-15 21:12 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-15 21:12 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-15 21:12 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-15 21:12 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-15 21:12 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-15 21:12 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-15 21:12 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-15 21:12 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-15 21:12 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-15 21:12 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-15 21:12 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-15 21:12 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-15 21:12 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-15 21:12 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-15 21:12 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-15 21:12 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-15 21:12 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-15 21:12 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-15 21:12 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-15 21:12 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-15 21:12 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-15 21:12 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-15 21:12 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-15 21:12 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-15 21:12 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-15 21:12 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-15 21:11 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-15 21:11 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-15 21:11 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-15 21:11 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-15 21:11 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-15 21:11 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-15 21:11 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-15 21:11 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-15 21:11 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-15 21:11 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-15 21:11 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-15 21:11 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-15 21:11 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-15 21:11 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-15 21:11 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-15 21:11 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-15 21:11 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-15 21:11 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-15 21:11 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-15 21:11 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-15 21:11 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-15 21:11 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-15 21:11 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-15 21:11 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-15 21:11 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-15 21:11 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-15 21:11 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-15 21:11 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-15 21:11 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-15 21:11 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-15 21:11 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-15 21:11 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-15 21:11 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-15 21:11 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-15 21:11 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-15 21:11 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-15 21:11 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-15 21:11 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-15 21:11 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-15 21:11 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-15 21:11 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-15 21:11 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-15 21:11 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-15 21:11 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-15 21:11 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-15 21:11 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-15 21:11 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-15 21:11 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-15 21:11 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-15 21:11 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-15 21:11 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-15 21:11 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-15 21:11 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-15 21:11 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-15 21:11 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-15 21:11 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-15 21:11 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-15 21:11 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-15 21:11 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-15 21:11 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-15 21:11 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-15 21:11 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-15 21:11 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-15 21:11 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-15 21:11 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-15 21:11 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-15 21:11 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-15 21:11 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-15 21:11 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-15 21:11 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-15 21:11 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-15 21:11 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-15 21:11 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-15 21:11 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-15 21:11 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-15 21:01 - 2018-03-15 21:01 - 000165649 _____ C:\Users\Darshana\Desktop\Payment Receipt.pdf
2018-03-08 20:54 - 2018-03-08 20:54 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\11756
2018-03-08 20:41 - 2018-03-08 20:41 - 000000000 ____D C:\Cinavia
2018-03-08 16:21 - 2018-03-19 19:04 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-08 16:16 - 2018-03-08 16:16 - 000000832 _____ C:\Users\Darshana\Desktop\PeaZip.lnk
2018-03-08 16:16 - 2018-03-08 16:16 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\PeaZip
2018-03-08 16:16 - 2018-03-08 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2018-03-08 16:16 - 2018-03-08 16:16 - 000000000 ____D C:\Program Files\PeaZip
2018-03-08 16:14 - 2018-03-08 16:14 - 007785353 _____ (Giorgio Tani ) C:\Users\Darshana\Downloads\peazip-6.5.1.WIN64.exe
2018-03-08 16:10 - 2018-03-29 20:48 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-08 16:10 - 2018-03-29 20:48 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-08 16:09 - 2018-03-08 16:15 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-08 16:09 - 2018-03-08 16:15 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-08 15:22 - 2018-03-08 15:22 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-08 15:22 - 2018-03-08 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-08 15:22 - 2018-03-08 15:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-08 15:22 - 2018-03-08 15:22 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-08 15:22 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-08 14:50 - 2018-03-08 14:50 - 069033984 _____ (Malwarebytes ) C:\Users\Darshana\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4246.exe
2018-03-08 14:49 - 2018-03-08 21:02 - 000000000 ____D C:\Users\Darshana\Desktop\revouninstaller-portable
2018-03-08 14:21 - 2018-03-08 14:21 - 000004012 _____ C:\WINDOWS\System32\Tasks\bickered_complementarity
2018-03-08 14:21 - 2018-03-08 14:21 - 000003976 _____ C:\WINDOWS\System32\Tasks\photos_polygamists
2018-03-08 14:21 - 2018-03-08 14:21 - 000003968 _____ C:\WINDOWS\System32\Tasks\ck sime ironweed
2018-03-08 14:21 - 2018-03-08 14:21 - 000003950 _____ C:\WINDOWS\System32\Tasks\maximum lauritz
2018-03-08 14:21 - 2018-03-08 14:21 - 000003950 _____ C:\WINDOWS\System32\Tasks\khartoum-marson
2018-03-08 14:21 - 2018-03-08 14:21 - 000003942 _____ C:\WINDOWS\System32\Tasks\survivalists
2018-03-08 14:21 - 2018-03-08 14:21 - 000003918 _____ C:\WINDOWS\System32\Tasks\Sabickered_complementaritybickered_complementarity
2018-03-08 14:21 - 2018-03-08 14:21 - 000003870 _____ C:\WINDOWS\System32\Tasks\Saphotos_polygamistsphotos_polygamists
2018-03-08 14:21 - 2018-03-08 14:21 - 000003858 _____ C:\WINDOWS\System32\Tasks\Sack sime ironweedck sime ironweed
2018-03-08 14:21 - 2018-03-08 14:21 - 000003842 _____ C:\WINDOWS\System32\Tasks\Samaximum lauritzmaximum lauritz
2018-03-08 14:21 - 2018-03-08 14:21 - 000003838 _____ C:\WINDOWS\System32\Tasks\Sakhartoum-marsonkhartoum-marson
2018-03-08 14:21 - 2018-03-08 14:21 - 000003824 _____ C:\WINDOWS\System32\Tasks\Sasurvivalistssurvivalists
2018-03-08 14:20 - 2018-03-08 15:43 - 000000000 ____D C:\Program Files (x86)\curvaceous
2018-03-08 14:20 - 2018-03-08 14:20 - 000000000 ___HD C:\Program Files (x86)\mandarin
2018-03-08 14:20 - 2018-03-08 14:20 - 000000000 ___HD C:\Program Files (x86)\Insley
2018-03-08 14:20 - 2018-03-08 14:20 - 000000000 ____D C:\Program Files (x86)\mois
2018-03-08 14:20 - 2018-03-08 14:20 - 000000000 ____D C:\Program Files (x86)\Gibsons
2018-03-08 14:19 - 2018-03-08 14:19 - 000003418 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2018-03-08 14:19 - 2018-03-08 14:19 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\AGData
2018-03-08 14:19 - 2018-03-08 14:19 - 000000000 ____D C:\Users\Darshana\AppData\Local\AdvinstAnalytics
2018-03-08 14:19 - 2018-03-08 14:19 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-03-08 14:18 - 2018-03-08 14:18 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\SystemHealer
2018-03-08 14:17 - 2018-03-08 14:17 - 000003072 _____ C:\Users\Darshana\AppData\Local\removeHN.exe
2018-03-08 14:16 - 2018-03-08 15:42 - 000000000 ____D C:\Program Files\ff3840118776bf1765dcf32a7e449a2c
2018-03-08 14:16 - 2018-03-08 14:16 - 001223168 _____ C:\WINDOWS\f70448de34f9dc77c4c8d8934a0e0eb2.dll
2018-03-08 14:16 - 2018-03-08 14:16 - 000021604 _____ C:\WINDOWS\System32\Tasks\ja3VrQEySTpn
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ C:\WINDOWS\greer.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ C:\Users\Darshana\AppData\Local\peanut.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ C:\Users\Darshana\AppData\Local\arto.exe
2018-03-07 12:51 - 2018-03-07 12:51 - 000038434 _____ C:\WINDOWS\uninstaller.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 22:05 - 2015-11-29 22:27 - 000000000 ____D C:\Users\Darshana\Documents\YouCam
2018-03-30 22:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-30 22:03 - 2018-01-21 11:26 - 001345108 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-30 22:00 - 2015-11-29 22:30 - 000000000 ___RD C:\Users\Darshana\OneDrive
2018-03-30 21:57 - 2017-08-10 06:40 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-30 21:57 - 2015-11-29 22:26 - 000000000 __SHD C:\Users\Darshana\IntelGraphicsProfiles
2018-03-30 21:56 - 2018-01-21 11:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-30 21:56 - 2018-01-21 11:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-30 19:43 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-30 19:43 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-30 19:38 - 2018-01-21 11:49 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2438051969-607994775-1632804330-1001
2018-03-30 19:38 - 2015-11-29 22:30 - 000002379 _____ C:\Users\Darshana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-30 19:33 - 2018-01-21 11:27 - 000000000 ____D C:\Users\Darshana
2018-03-29 21:29 - 2015-11-29 22:26 - 000000000 ____D C:\Users\Darshana\AppData\Local\VirtualStore
2018-03-29 17:58 - 2018-01-21 11:49 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{14CAFCA3-2B72-4C1E-BB49-E3FBE5E0FE9B}
2018-03-19 19:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-19 19:29 - 2015-11-29 22:26 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\Adobe
2018-03-19 19:25 - 2017-07-08 08:03 - 000000000 ____D C:\ProgramData\Freemake
2018-03-19 19:09 - 2018-01-21 12:24 - 000000000 ___RD C:\Users\Darshana\3D Objects
2018-03-19 19:09 - 2015-07-16 01:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-19 19:06 - 2018-01-21 11:21 - 000405536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-19 19:06 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-19 19:03 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-19 19:02 - 2017-05-23 19:48 - 000000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDarshana.job
2018-03-19 19:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-19 19:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-19 19:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-19 18:11 - 2018-01-21 11:49 - 000003276 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDarshana
2018-03-19 06:47 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-15 21:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-15 21:16 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-15 21:16 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-08 16:09 - 2017-08-09 22:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-08 15:15 - 2018-01-21 11:29 - 000000000 ____D C:\Users\Darshana\AppData\Local\Packages
2018-03-08 14:17 - 2018-02-26 08:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-08 14:17 - 2017-09-29 08:46 - 000000000 ___RD C:\Program Files\Windows Defender

==================== Files in the root of some directories =======

2017-01-26 21:32 - 2017-01-26 21:32 - 022803992 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\arto.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\peanut.exe
2018-03-08 14:17 - 2018-03-08 14:17 - 000003072 _____ () C:\Users\Darshana\AppData\Local\removeHN.exe

Some files in TEMP:
====================
2018-02-23 08:22 - 2018-02-23 08:22 - 016163316 _____ () C:\Users\Darshana\AppData\Local\Temp\setup.dll
2018-01-21 14:23 - 2013-10-17 15:15 - 000450560 ____R (Macrovision Corporation) C:\Users\Darshana\AppData\Local\Temp\_isEC3F.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-08 14:06

==================== End of FRST.txt ============================

NOTE #2
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Darshana (30-03-2018 22:08:27)
Running from C:\Users\Darshana\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2018-01-21 16:52:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2438051969-607994775-1632804330-500 - Administrator - Disabled)
Darshana (S-1-5-21-2438051969-607994775-1632804330-1001 - Administrator - Enabled) => C:\Users\Darshana
DefaultAccount (S-1-5-21-2438051969-607994775-1632804330-503 - Limited - Disabled)
emani (S-1-5-21-2438051969-607994775-1632804330-1002 - Limited - Enabled) => C:\Users\emani
Guest (S-1-5-21-2438051969-607994775-1632804330-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2438051969-607994775-1632804330-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Intel(R) Chipset Device Software (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
PeaZip 6.5.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.5.1 - Giorgio Tani)
Plex Media Server (HKLM-x32\...\{763A44F9-11ED-4C90-B79F-01077108135B}) (Version: 1.7.4035 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{d30c30f4-3b8f-4a97-83a8-ade21eb5089e}) (Version: 1.7.5.4035 - Plex, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
SiudiDriver version 2.3 (HKLM\...\SiudiDriver_is1) (Version: 2.3 - LightingSoft AG)
SP C250SF/C252SF LAN (HKLM-x32\...\{FADBC704-00A7-45FD-A3CF-4B9F8D4DB234}) (Version: 1.00.0.0 - Ricoh)
Stopping Plex (HKLM-x32\...\{64DC32A4-FE15-4054-AC6C-421DE509BF51}) (Version: 1.7.4035 - Plex, Inc.) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
WPS Office (10.2.0.5978) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5978 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2438051969-607994775-1632804330-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2438051969-607994775-1632804330-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Darshana\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438051969-607994775-1632804330-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Darshana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-13] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2438051969-607994775-1632804330-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {028B803A-DDD6-4692-A7DE-8FED1F772D84} - System32\Tasks\survivalists => C:\Program Files (x86)\Gibsons\peanut.exe [2018-03-08] ()
Task: {032A84A6-B790-4B6B-ADC3-D4F6FB0E56E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {0633D521-3A90-4A62-9A9F-0CF2CABB9ECF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-08] (Google Inc.)
Task: {2235892F-3104-40DB-9667-F2C1026EB46C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-08] (Google Inc.)
Task: {22B8FF2B-E4AB-4AA0-9161-362B51D749F1} - System32\Tasks\WpsExternal_Darshana_20170824182205 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {33FFDA57-8F5C-4F68-9C9F-23EED7DD1C38} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {45E9A4E8-5F47-4D69-A3FC-38FABE84AA71} - System32\Tasks\WpsUpdateTask_Darshana => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\wtoolex\wpsupdate.exe [2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {45EC44D9-9A75-4BC7-8DC7-35D8FAC38449} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {472C26AD-EDCE-4AEA-8FF5-566217A0455E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {50E702FD-9CBC-46F0-BF0B-A1CD93F521B8} - System32\Tasks\ck sime ironweed => C:\Users\Darshana\AppData\Local\peanut.exe [2018-03-08] ()
Task: {587012DB-1C06-4A1A-86BB-CB75982946F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {5BF4D871-81AB-4317-BA9D-D743B72CDDCC} - System32\Tasks\Sabickered_complementaritybickered_complementarity => C:\Program Files (x86)\Insley\peanut.exe [2018-03-08] ()
Task: {5D69DCAD-5124-4B5B-AF22-7B6B878014DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {61574E5C-8539-4DC4-BCB0-E46AC856107E} - System32\Tasks\Sakhartoum-marsonkhartoum-marson => C:\Program Files (x86)\mois\arto.exe [2018-03-08] ()
Task: {66164CF6-120D-49A2-A48D-9BFB5424C387} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {731250AF-2370-44CE-8250-687F480F5BF7} - System32\Tasks\Samaximum lauritzmaximum lauritz => C:\Program Files (x86)\Insley\arto.exe [2018-03-08] ()
Task: {777865EE-2151-442A-B97B-D3760487997A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {8C598C71-47D9-462C-A326-99A5781C0A16} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {8DC12FC5-701A-46F0-90F3-AFB14D3CAA3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {92437B38-88E9-47B5-8901-58414B01BDCD} - System32\Tasks\maximum lauritz => C:\Program Files (x86)\Insley\arto.exe [2018-03-08] ()
Task: {9B9A5371-E093-4959-9972-6962F871CAF1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] ()
Task: {9ECAE5EA-DA0D-4D86-A9D6-FE16116D51A0} - System32\Tasks\photos_polygamists => C:\Users\Darshana\AppData\Local\arto.exe [2018-03-08] ()
Task: {ACDC7B21-2BD4-4354-BF84-0D90C43FD9A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {AD3F1798-A7E6-45B3-8E62-FBBDDB7E9025} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {B555FEBC-B796-4E50-8068-299A5676EFCD} - System32\Tasks\Sasurvivalistssurvivalists => C:\Program Files (x86)\Gibsons\peanut.exe [2018-03-08] ()
Task: {B7843FED-BCB9-42C7-B355-EBFC8B4D2A20} - System32\Tasks\ja3VrQEySTpn => ja3vrqeystpn.exe <==== ATTENTION
Task: {B9A0E6B1-AC0A-459F-B074-E276C16D7D91} - System32\Tasks\khartoum-marson => C:\Program Files (x86)\mois\arto.exe [2018-03-08] ()
Task: {BA9E3162-574E-476A-BDCA-1E13A2E4C95B} - System32\Tasks\Saphotos_polygamistsphotos_polygamists => C:\Users\Darshana\AppData\Local\arto.exe [2018-03-08] ()
Task: {C17D03C8-8F57-416B-80F6-B7A6709512C3} - System32\Tasks\bickered_complementarity => C:\Program Files (x86)\Insley\peanut.exe [2018-03-08] ()
Task: {CD891CF5-136D-4640-9690-217A873C6D64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {D639D056-E413-42CD-84E6-06FF8AAC749B} - System32\Tasks\HPCeeScheduleForDarshana => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DD19DC59-10B3-48E4-8FD9-7A05E613ADBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {EB2DB453-3F4C-4F9E-878F-5EA1D50D6A5C} - System32\Tasks\Sack sime ironweedck sime ironweed => C:\Users\Darshana\AppData\Local\peanut.exe [2018-03-08] ()
Task: {EE0036E1-DE36-47F7-9726-EE6C0664F7A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {FEDB69FB-0A80-4A89-9301-C0AACA8791F1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForDarshana.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-08 15:22 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-09-11 15:03 - 2014-04-14 20:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\mois\arto.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\Insley\arto.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\arto.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\peanut.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\Insley\peanut.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\Gibsons\peanut.exe
2018-03-15 21:11 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-15 21:12 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-29 20:48 - 2018-03-20 01:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-29 20:48 - 2018-03-20 01:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-03-08 12:30 - 2018-03-08 12:30 - 000066832 _____ () C:\Program Files (x86)\mandarin\marathi.exe
2017-06-28 06:02 - 2017-06-28 06:02 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-06-28 06:01 - 2017-06-28 06:01 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-06-28 06:01 - 2017-06-28 06:01 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2015-09-11 14:53 - 2011-08-23 21:39 - 000081920 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_ctypes.pyd
2015-09-11 14:53 - 2011-08-23 21:39 - 000053248 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_socket.pyd
2015-09-11 14:53 - 2011-08-23 21:39 - 000655360 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_ssl.pyd
2015-09-11 14:54 - 2015-04-21 21:23 - 000057344 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\YouCam\XUControl.dll
2015-09-11 14:53 - 2015-07-01 02:42 - 000310712 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\YouCam\BlackCat.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\kkqgcoip.sys:changelist [598]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2018-03-19 19:22 - 000000850 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2438051969-607994775-1632804330-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1090DEC9-877D-4CF0-AC67-6038891B061F}] => (Block) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [{9F407476-C0CC-4595-AC3B-03FF4CF1C17D}] => (Block) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [UDP Query User{AC7C03EC-17F9-435A-8572-8E3622CD551D}C:\program files (x86)\dvdfab\dvdfab.mhz] => (Allow) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [TCP Query User{A609C00C-D949-44C3-B87C-BF47104A7508}C:\program files (x86)\dvdfab\dvdfab.mhz] => (Allow) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [{F0CD494F-0087-421B-8D06-82546DAB817B}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\office6\wpscloudsvr.exe
FirewallRules: [{724CD163-AC25-4F1C-A1A5-187F2F91B138}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{3EB64617-0A17-4537-BA87-365B36927E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{E3F5E990-0F4F-4013-A25A-A2FBB3236D88}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{00FC4295-CF82-448B-BDBB-E51C08A36BF9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{A0B36239-A897-49C6-B7C1-F5118DAC12F3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{84C4F96F-AABB-4BE3-8CC0-94936EB5761C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6ADEBB71-EC4B-4F9B-84D2-45FD49C438E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3DC79B45-705B-4F32-9512-1AADE0AC18D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADEB731D-72D3-466F-8CC6-7D957A2A4C2E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D2D0097-5E45-42DA-AEA0-7FB59967AD86}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{BE90B70F-7A14-423E-882E-ADE53DF617B5}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{C563E6BE-0F1A-4F07-AEC6-C58C8F65FBA8}] => (Allow) C:\Users\Darshana\Downloads\WPUSetup-67956661.exe
FirewallRules: [{270A8B7A-5B2F-4371-BB95-082A77DD90D9}] => (Allow) C:\Users\Darshana\Downloads\WPUSetup-67956661.exe
FirewallRules: [TCP Query User{AE4540BB-0AA9-4A55-A1C0-BB8112559340}C:\mydmx\esa.exe] => (Allow) C:\mydmx\esa.exe
FirewallRules: [UDP Query User{C1A60432-DF2F-477D-8D4A-6BBC6F8F63EA}C:\mydmx\esa.exe] => (Allow) C:\mydmx\esa.exe
FirewallRules: [TCP Query User{ED86BA92-CDF5-4CBE-AE85-B5C672871C96}C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe] => (Block) C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe
FirewallRules: [UDP Query User{6CDD6B56-BB0E-49BD-B302-97117441D29E}C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe] => (Block) C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe
FirewallRules: [TCP Query User{8F4049FF-67D3-48A5-B1CD-980E904C73C7}C:\users\darshana\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\darshana\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{05900ACE-4BB7-488A-A765-53A1E36EA74B}C:\users\darshana\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\darshana\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{BA6B9CD5-7C23-4038-85CE-8BF09B4B18EF}C:\mydmx3\mydmx3\mydmx3.exe] => (Allow) C:\mydmx3\mydmx3\mydmx3.exe
FirewallRules: [UDP Query User{97A0E693-F43D-4FBD-996E-3B7FD66D1A77}C:\mydmx3\mydmx3\mydmx3.exe] => (Allow) C:\mydmx3\mydmx3\mydmx3.exe
FirewallRules: [{9CD4242C-A495-4041-8751-34860491ED73}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{D5F8657F-56D1-4619-BCCB-36D75A201FD4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{7B57BF21-19F6-4D92-8D5E-4215ABA54497}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{C7D01181-118C-4E8B-8CE4-1746EE467FC8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{3C250EBC-ADB3-42DD-B7DE-CE59160792A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E623B26E-ABE6-4860-90A1-BC6F9501C22A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DF269D7A-BAF2-4FF3-A130-8E67E015F60B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{704AF9EA-4E71-4AAB-AE13-C1CC5A86B3E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F650BFE8-59EB-4E15-BCDF-47BC028C7B8E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{64B48B3A-16BD-442E-B8F0-DC963E56DCCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{438298FB-A5EF-4F52-BE99-65993228D7C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{78A5CDDE-6261-4B77-93D3-4BBE7D64944B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{07CF182E-2807-4983-912B-70BFA615809F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{D360836B-F8DA-4470-B7C9-D379D15CD8F9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{E04203C5-987B-410B-9122-96097AEC0E79}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{43C35883-E9BD-4876-AE66-EBE91B960EE5}] => (Allow) C:\Program Files (x86)\Gibsons\peanut.exe
FirewallRules: [{200C5C59-7DDF-4960-AF83-97960DDD5CB0}] => (Allow) C:\Program Files (x86)\Insley\peanut.exe
FirewallRules: [{D6F70AAF-0DD8-4C5B-B712-CE1D0E40B030}] => (Allow) C:\Program Files (x86)\mois\arto.exe
FirewallRules: [{0DDE1C09-52DC-46C5-BEB4-98D8AC2067E3}] => (Allow) C:\Program Files (x86)\Insley\arto.exe
FirewallRules: [{31E3537E-8239-4320-9638-8A6A97CE4E72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-02-2018 12:20:16 Windows Update
16-02-2018 08:00:53 Windows Update
08-03-2018 15:07:28 Revo Uninstaller's restore point - AnonymizerGadget
15-03-2018 21:10:35 Windows Update
19-03-2018 06:42:51 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2018 03:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: KERNELBASE.dll, version: 6.2.16299.309, time stamp: 0x00000000
Exception code: 0x80004005
Fault offset: 0x0000000000014008
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 03:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: MSHTML.dll, version: 11.0.16299.309, time stamp: 0x72ae6379
Exception code: 0xc0000005
Fault offset: 0x00000000000c7439
Faulting process id: 0x34dc
Faulting application start time: 0x01d3c7d2cb02b05d
Faulting application path: C:\Program Files (x86)\Gibsons\peanut.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSHTML.dll
Report Id: 648f4b3e-85ac-48e0-b2d6-ccf4b065879a
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/30/2018 03:16:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x000000000005d8d6
Faulting process id: 0x6884
Faulting application start time: 0x01d3c855b645e6f1
Faulting application path: C:\Program Files (x86)\Gibsons\peanut.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6732f6c6-a5ca-490a-a88b-abe7c5995d62
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/30/2018 03:02:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: KERNELBASE.dll, version: 6.2.16299.309, time stamp: 0x90a96867
Exception code: 0x80004005
Fault offset: 0x0000000000014008
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 03:02:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: KERNELBASE.dll, version: 6.2.16299.309, time stamp: 0x90a96867
Exception code: 0x80004005
Fault offset: 0x0000000000014008
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 02:00:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 12:52:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: Flash.ocx, version: 29.0.0.113, time stamp: 0x5a90c6a2
Exception code: 0xc0000005
Fault offset: 0x000000000044be50
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 12:21:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1645359


System errors:
=============
Error: (03/30/2018 10:08:48 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (03/30/2018 10:06:48 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Error: (03/30/2018 10:06:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/30/2018 10:04:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9E175B68-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (03/30/2018 10:02:45 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Error: (03/30/2018 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} did not register with DCOM within the required timeout.

Error: (03/30/2018 09:59:56 PM) (Source: DCOM) (EventID: 10016) (User: PANCHALFAMILY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user PANCHALFAMILY\Darshana SID (S-1-5-21-2438051969-607994775-1632804330-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/30/2018 09:57:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-03-19 19:19:29.885
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0
Name: SoftwareBundler:Win32/Prepscram
ID: 226289
Severity: High
Category: Software Bundler
Path: file:_C:\Users\Darshana\AppData\Local\Temp\nsfC852.tmp\cpSetup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Signature Version: AV: 1.263.752.0, AS: 1.263.752.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 13:32:52.445
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanSpy:Win32/SocStealer!rfn&threatid=2147724296&enterprise=0
Name: TrojanSpy:Win32/SocStealer!rfn
ID: 2147724296
Severity: Severe
Category: Trojan Monitoring Software
Path: file:_C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.ba745faa4220e.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.332.0, AS: 1.263.332.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 13:32:52.408
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\ff3840118776bf1765dcf32a7e449a2c\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.332.0, AS: 1.263.332.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 13:19:56.321
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.ba745faa4220e.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Darshana\AppData\Local\Temp\nsfC852.tmp\cpSetup.exe
Signature Version: AV: 1.263.75.0, AS: 1.263.75.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 13:08:04.649
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BD74BAC8-4AD7-4D9B-92C8-119D19050F1A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-30 22:07:32.283
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1813.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-03-30 19:43:37.450
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1801.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-03-30 12:32:14.695
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2018-03-29 17:48:44.118
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.800.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-03-29 17:48:44.118
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.8.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===================================

Date: 2018-03-30 22:07:07.656
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:07:07.654
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:02:37.857
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:02:37.854
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:01:30.325
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:01:30.322
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 21:57:59.288
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 21:57:59.284
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 63%
Total physical RAM: 6059.39 MB
Available physical RAM: 2182.82 MB
Total Virtual: 7019.39 MB
Available Virtual: 2186.5 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:909.07 GB) (Free:830.28 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.34 GB) (Free:2.37 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b58a3f2c-24a7-4517-89ab-2feadddde9df}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
\\?\Volume{97a72501-73ba-450b-9551-4db74e27a4f9}\ () (Fixed) (Total:1.73 GB) (Free:1.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 491AFB52)

Partition: GPT.

==================== End of Addition.txt ============================

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please run a scan with Windows Defender. I know you already ran a scan with MBAM. Please run another and post the log.

Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Download and install: Please download Malwarebytes' scanner to your desktop.
Double Click mbam-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
  
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)
  

*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Malwarebyte 4/1/18 scan result

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/1/18
Scan Time: 1:01 PM
Log File: c0cfb79e-35d6-11e8-bd65-b05ada9b9dda.json
Administrator: Yes
 
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4578
License: Free
 
-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: PANCHALFAMILY\Darshana
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333823
Threats Detected: 111
Threats Quarantined: 111
Time Elapsed: 5 min, 18 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 30
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\LOCAL\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\LOCAL\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MANDARIN\MARATHI.EXE, Quarantined, [11702], [502188],1.0.4578
 
Module: 30
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\LOCAL\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\LOCAL\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MANDARIN\MARATHI.EXE, Quarantined, [11702], [502188],1.0.4578
 
Registry Key: 19
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ck sime ironweed, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{50E702FD-9CBC-46F0-BF0B-A1CD93F521B8}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{50E702FD-9CBC-46F0-BF0B-A1CD93F521B8}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sack sime ironweedck sime ironweed, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB2DB453-3F4C-4F9E-878F-5EA1D50D6A5C}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{EB2DB453-3F4C-4F9E-878F-5EA1D50D6A5C}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sasurvivalistssurvivalists, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B555FEBC-B796-4E50-8068-299A5676EFCD}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B555FEBC-B796-4E50-8068-299A5676EFCD}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\survivalists, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{028B803A-DDD6-4692-A7DE-8FED1F772D84}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{028B803A-DDD6-4692-A7DE-8FED1F772D84}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bickered_complementarity, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C17D03C8-8F57-416B-80F6-B7A6709512C3}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{C17D03C8-8F57-416B-80F6-B7A6709512C3}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sabickered_complementaritybickered_complementarity, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5BF4D871-81AB-4317-BA9D-D743B72CDDCC}, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5BF4D871-81AB-4317-BA9D-D743B72CDDCC}, Quarantined, [0], [392686],1.0.4578
Adware.Vitruvian.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [12692], [-1],0.0.0
 
Registry Value: 13
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|reckoned, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|trumpets, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|clinics, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|diorama, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kinship, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|reckonedreckoned, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|trumpetstrumpets, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|clinicsclinics, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dioramadiorama, Quarantined, [0], [392686],1.0.4578
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|marathi, Quarantined, [11702], [502188],1.0.4578
Adware.Vitruvian.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [12692], [-1],0.0.0
Adware.Vitruvian.PrxySvrRST, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [12692], [-1],0.0.0
Adware.Vitruvian.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [12692], [-1],0.0.0
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 19
Generic.Malware/Suspicious, C:\WINDOWS\GREER.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\ck sime ironweed, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\Sack sime ironweedck sime ironweed, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\LOCAL\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\Sasurvivalistssurvivalists, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\survivalists, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\commendably.lnk, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\bickered_complementarity, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\Sabickered_complementaritybickered_complementarity, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\INSLEY\PEANUT.EXE, Quarantined, [0], [392686],1.0.4578
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MANDARIN\MARATHI.EXE, Quarantined, [11702], [502188],1.0.4578
Adware.Vitruvian.PrxySvrRST, C:\USERS\DARSHANA\APPDATA\ROAMING\AGDATA\BIN\AGLOADER.DLL, Quarantined, [12692], [505115],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\GIBSONS.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\GIBSONS\PEANUT.DLL, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\LOCAL\TEMP\NSN8234.TMP\KK4I5R5RSH.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\LOCAL\TEMP\NSN8234.TMP\DKK4I5R5RSH.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\LOCAL\TEMP\NSN8234.TMP\DI5C0Q55.EXE, Quarantined, [0], [392686],1.0.4578
Generic.Malware/Suspicious, C:\USERS\DARSHANA\APPDATA\LOCAL\TEMP\NSN8234.TMP\I5C0Q55.EXE, Quarantined, [0], [392686],1.0.4578
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Malwarebyte 3/8/18 scan result
This is the date when i think my laptop got infected

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/8/18
Scan Time: 2:25 PM
Log File: df80c1c2-230e-11e8-9c69-b05ada9b9dda.json
Administrator: Yes
 
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4246
License: Free
 
-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: PANCHALFAMILY\Darshana
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343384
Threats Detected: 194
Threats Quarantined: 183
Time Elapsed: 7 min, 21 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 8
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\3d1d661d4d24d666314daf47d97d7645.exe, Quarantined, [7970], [415982],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.AnonymizerGadget.PrxySvrRST, C:\USERS\DARSHANA\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Quarantined, [14926], [490737],1.0.4246
 
Module: 9
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\3d1d661d4d24d666314daf47d97d7645.exe, Quarantined, [7970], [415982],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [8050], [399420],1.0.4246
Adware.Wajam.TskLnk, C:\WINDOWS\F70448DE34F9DC77C4C8D8934A0E0EB2.DLL, Quarantined, [667], [478565],1.0.4246
Adware.AnonymizerGadget.PrxySvrRST, C:\USERS\DARSHANA\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Quarantined, [14926], [490737],1.0.4246
 
Registry Key: 58
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G1, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5ED38FB6-FF7A-489D-B1E3-458D20552E93}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5ED38FB6-FF7A-489D-B1E3-458D20552E93}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G2, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F9FDCAFD-EB56-4DE7-ABD7-2531180B41B0}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F9FDCAFD-EB56-4DE7-ABD7-2531180B41B0}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G3, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F5E29022-009E-4E01-B9F3-A6A0C94765A2}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F5E29022-009E-4E01-B9F3-A6A0C94765A2}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G4, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{52B9008E-AFDB-424D-8B17-530B2F223B56}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{52B9008E-AFDB-424D-8B17-530B2F223B56}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATER_ONLINE_APPLICATION, Quarantined, [515], [391429],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11D6CB7B-7969-4FF0-8C16-B97210033D68}, Quarantined, [515], [391429],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{11D6CB7B-7969-4FF0-8C16-B97210033D68}, Quarantined, [515], [391429],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G5, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{573349B5-F6B7-430E-9E6A-FFBEF18FDD29}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{573349B5-F6B7-430E-9E6A-FFBEF18FDD29}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G6, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{70366657-B477-428D-A03E-110438244224}, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{70366657-B477-428D-A03E-110438244224}, Quarantined, [515], [317314],1.0.4246
Adware.Social2Search.EncJob, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ff3840118776bf1765dcf32a7e449a2c, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ff3840118776bf1765dcf32a7e449a2c, Quarantined, [7970], [-1],0.0.0
Adware.Social2Search.EncJob, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB92DD9-713E-4129-9BEB-5D92999FDF17}, Quarantined, [7970], [-1],0.0.0
Adware.Social2Search.EncJob, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4DB92DD9-713E-4129-9BEB-5D92999FDF17}, Quarantined, [7970], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [5051], [425124],1.0.4246
PUP.Optional.SystemHealer, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\SYSTEM HEALER, Quarantined, [786], [261796],1.0.4246
Adware.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564, Quarantined, [1659], [424293],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [515], [398592],1.0.4246
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\CONSOLE\TASKENG.EXE, Quarantined, [5051], [425125],1.0.4246
PUP.Optional.Wajam, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\WajIEnhance, Quarantined, [73], [244670],1.0.4246
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [73], [-1],0.0.0
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [9329], [246387],1.0.4246
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Quarantined, [4383], [424837],1.0.4246
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [9329], [246387],1.0.4246
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Quarantined, [4383], [424837],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Quarantined, [515], [360190],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Quarantined, [515], [317312],1.0.4246
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [20], [260247],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [515], [339688],1.0.4246
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [20], [260247],1.0.4246
Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ff3840118776bf1765dcf32a7e449a2c, Quarantined, [4383], [424836],1.0.4246
Adware.Wajam.TskLnk, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\f70448de34f9dc77c4c8d8934a0e0eb2, Quarantined, [667], [478565],1.0.4246
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\paperless, Quarantined, [5793], [490876],1.0.4246
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5AD4936-0461-451B-9FD7-08DF366DF43A}, Quarantined, [5793], [490876],1.0.4246
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{E5AD4936-0461-451B-9FD7-08DF366DF43A}, Quarantined, [5793], [490876],1.0.4246
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sapaperlesspaperless, Quarantined, [5793], [490876],1.0.4246
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F51E357F-E550-4D74-85B3-D1C2865EA227}, Quarantined, [5793], [490876],1.0.4246
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F51E357F-E550-4D74-85B3-D1C2865EA227}, Quarantined, [5793], [490876],1.0.4246
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paperless, Quarantined, [5793], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5AD4936-0461-451B-9FD7-08DF366DF43A}, Quarantined, [5793], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5AD4936-0461-451B-9FD7-08DF366DF43A}, Quarantined, [5793], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sapaperlesspaperless, Quarantined, [5793], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F51E357F-E550-4D74-85B3-D1C2865EA227}, Quarantined, [5793], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F51E357F-E550-4D74-85B3-D1C2865EA227}, Quarantined, [5793], [-1],0.0.0
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [73], [170024],1.0.4246
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [73], [170024],1.0.4246
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [73], [170024],1.0.4246
 
Registry Value: 21
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [5051], [425124],1.0.4246
PUP.Optional.SystemHealer, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\SYSTEM HEALER|CARTURL, Quarantined, [786], [261796],1.0.4246
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [5051], [425126],1.0.4246
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [5051], [425125],1.0.4246
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2438051969-607994775-1632804330-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2438051969-607994775-1632804330-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11D6CB7B-7969-4FF0-8C16-B97210033D68}|PATH, Quarantined, [515], [391427],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{52B9008E-AFDB-424D-8B17-530B2F223B56}|PATH, Quarantined, [515], [317311],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{573349B5-F6B7-430E-9E6A-FFBEF18FDD29}|PATH, Quarantined, [515], [317311],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5ED38FB6-FF7A-489D-B1E3-458D20552E93}|PATH, Quarantined, [515], [317311],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{70366657-B477-428D-A03E-110438244224}|PATH, Quarantined, [515], [317311],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F5E29022-009E-4E01-B9F3-A6A0C94765A2}|PATH, Quarantined, [515], [317311],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F9FDCAFD-EB56-4DE7-ABD7-2531180B41B0}|PATH, Quarantined, [515], [317311],1.0.4246
Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ff3840118776bf1765dcf32a7e449a2c|DISPLAYNAME, Quarantined, [4383], [424836],1.0.4246
Adware.SearchAwesome.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ff3840118776bf1765dcf32a7e449a2c|PUBLISHER, Quarantined, [8263], [437519],1.0.4246
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{faf1cc92-181e-40eb-8977-a2aa961609eb}|NAMESERVER, Quarantined, [5307], [260227],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Quarantined, [515], [333852],1.0.4246
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Quarantined, [515], [321304],1.0.4246
Adware.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AnonymizerGadget, Quarantined, [14926], [490737],1.0.4246
 
Registry Data: 8
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, [1659], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [1659], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}|NameServer, Replaced, [1659], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b6ff9527-1a31-46c5-bd98-ca3176acb48d}|NameServer, Replaced, [1659], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c2b9313f-cbae-45ca-a98c-c7b6017bacb4}|NameServer, Replaced, [1659], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{faf1cc92-181e-40eb-8977-a2aa961609eb}|NameServer, Replaced, [1659], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{faf1cc92-181e-40eb-8977-a2aa961609eb}|DhcpNameServer, Replaced, [1659], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{fbf30311-849a-43e8-aa3b-60e7a3a3f519}|NameServer, Replaced, [1659], [-1],0.0.0
 
Data Stream: 0
(No malicious items detected)
 
Folder: 13
Adware.Social2Search.EncJob, C:\PROGRAM FILES\ff3840118776bf1765dcf32a7e449a2c, Removal Failed, [7970], [415982],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0, Removal Failed, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application, Removal Failed, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES, Removal Failed, [8050], [399420],1.0.4246
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL, Removal Failed, [17], [479103],1.0.4246
PUP.Optional.BundleInstaller, C:\USERS\DARSHANA\APPDATA\LOCAL\TEMP\886423906, Quarantined, [18], [463480],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [515], [391425],1.0.4246
Adware.OnlineIO, C:\Users\Darshana\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1, Quarantined, [8050], [399763],1.0.4246
Adware.OnlineIO, C:\Users\Darshana\AppData\Roaming\Microleaves\Online Application 2.7.0\install, Quarantined, [8050], [399763],1.0.4246
Adware.OnlineIO, C:\Users\Darshana\AppData\Roaming\Microleaves\Online Application 2.7.0, Quarantined, [8050], [399763],1.0.4246
Adware.OnlineIO, C:\USERS\DARSHANA\APPDATA\ROAMING\MICROLEAVES, Quarantined, [8050], [399763],1.0.4246
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\d4625c22-6ea1-0, Quarantined, [7855], [407181],1.0.4246
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\d4625c22-7991-1, Quarantined, [7855], [407181],1.0.4246
 
File: 77
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\d4625c22-6ea1-0\BITB7BF.tmp, Quarantined, [13385], [257931],1.0.4246
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\d4625c22-7991-1\BITB780.tmp, Quarantined, [13385], [257931],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G1, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G1.job, Quarantined, [515], [382506],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G2.job, Quarantined, [515], [382506],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G2, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G3, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G3.job, Quarantined, [515], [382506],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G4.job, Quarantined, [515], [382506],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G5.job, Quarantined, [515], [382506],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G6.job, Quarantined, [515], [382506],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G4, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\UPDATER_ONLINE_APPLICATION, Quarantined, [515], [391429],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G5, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G6, Quarantined, [515], [317314],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\UPDATER_ONLINE_APPLICATION.JOB, Quarantined, [515], [391430],1.0.4246
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [515], [391431],1.0.4246
Adware.Social2Search.EncJob, C:\PROGRAM FILES\ff3840118776bf1765dcf32a7e449a2c\WBE_uninstall.dat, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\279def48118a37216ad4dbc29a940e3c, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\3d1d661d4d24d666314daf47d97d7645.exe, Removal Failed, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\4ccbb0c8eae65567f94dea2d7f741d83.ico, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\acf8284e6cba7d70a3e33795496b6d65.exe, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\f463b329ae3535db42b13ace720f9f21.exe, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\mozcrt19.dll, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\nspr4.dll, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\nss3.dll, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\plc4.dll, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\plds4.dll, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\service.dat, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\service_64.dat, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c\softokn3.dll, Quarantined, [7970], [415982],1.0.4246
Adware.Social2Search.EncJob, C:\WINDOWS\SYSTEM32\TASKS\ff3840118776bf1765dcf32a7e449a2c, Quarantined, [7970], [-1],0.0.0
Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\Online Application\Online Application Updater.exe, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Removal Failed, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk, Quarantined, [8050], [399420],1.0.4246
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini, Quarantined, [8050], [399420],1.0.4246
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL\XV.DB, Quarantined, [17], [479103],1.0.4246
Trojan.Agent, C:\Windows\SysWOW64\SSL\a3e0f6c287bf6c17 2.cer, Quarantined, [17], [479103],1.0.4246
Trojan.Agent, C:\Windows\SysWOW64\SSL\cert.db, Removal Failed, [17], [479103],1.0.4246
Trojan.Agent, C:\Windows\SysWOW64\SSL\x.db, Quarantined, [17], [479103],1.0.4246
PUP.Optional.BundleInstaller, C:\USERS\DARSHANA\APPDATA\LOCAL\TEMP\886423906\ic-0.6d0d81db168068.exe, Quarantined, [18], [463480],1.0.4246
PUP.Optional.BundleInstaller, C:\Users\Darshana\AppData\Local\Temp\886423906\1vpRPvXDXc9GG.exe, Quarantined, [18], [463480],1.0.4246
PUP.Optional.BundleInstaller, C:\Users\Darshana\AppData\Local\Temp\886423906\dlreport, Quarantined, [18], [463480],1.0.4246
PUP.Optional.BundleInstaller, C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.7b0c845e8baaa4.exe, Quarantined, [18], [463480],1.0.4246
PUP.Optional.BundleInstaller, C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.943a9c6fe603d.exe, Quarantined, [18], [463480],1.0.4246
PUP.Optional.BundleInstaller, C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.a1018b3ade9aa8.exe, Quarantined, [18], [463480],1.0.4246
PUP.Optional.BundleInstaller, C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.a24db1821b045.exe, Quarantined, [18], [463480],1.0.4246
PUP.Optional.BundleInstaller, C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.d78a23fdd8dd4.exe, Quarantined, [18], [463480],1.0.4246
PUP.Optional.BundleInstaller, C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.e6968daeb671f8.exe, Quarantined, [18], [463480],1.0.4246
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [515], [391425],1.0.4246
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [515], [391425],1.0.4246
Adware.OnlineIO, C:\Users\Darshana\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, Quarantined, [8050], [399763],1.0.4246
PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [2717], [352008],1.0.4246
PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Removal Failed, [2717], [352008],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476105],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476106],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476106],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476106],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476106],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476106],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476106],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476106],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476106],1.0.4246
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1057], [476106],1.0.4246
Adware.Wajam.TskLnk, C:\WINDOWS\F70448DE34F9DC77C4C8D8934A0E0EB2.DLL, Removal Failed, [667], [478565],1.0.4246
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\paperless, Quarantined, [5793], [490876],1.0.4246
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Sapaperlesspaperless, Quarantined, [5793], [490876],1.0.4246
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\CURVACEOUS\CURVACEOUS.EXE, Quarantined, [5793], [490876],1.0.4246
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\paperless, Quarantined, [5793], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Sapaperlesspaperless, Quarantined, [5793], [-1],0.0.0
Adware.AnonymizerGadget.PrxySvrRST, C:\USERS\DARSHANA\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Removal Failed, [14926], [490737],1.0.4246
PUP.Optional.ConvertAd, C:\USERS\DARSHANA\APPDATA\LOCAL\TEMP\NSFC852.TMP\SEVENSETUP.EXE, Quarantined, [349], [107221],1.0.4246
Adware.DotDo.Generic.TskLnk, C:\USERS\DARSHANA\APPDATA\LOCAL\TEMP\NSN8234.TMP\51401766.EXE, Quarantined, [5793], [490876],1.0.4246
PUP.Optional.WinWrapper, C:\USERS\DARSHANA\DOWNLOADS\WPUSETUP-67956661.EXE, Quarantined, [7259], [103747],1.0.4246
Adware.Zdengo.Generic, C:\WINDOWS\ACF8284E6CBA7D70A3E33795496B6D65.EXE, Quarantined, [7727], [487934],1.0.4246
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Result from security check

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (65.0.3325.181) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Result from Adwcleaner

# AdwCleaner 7.0.8.0 - Logfile created on Sun Apr 01 18:31:44 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-30.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Darshana\AppData\Local\AdvinstAnalytics
PUP.Optional.SystemHealer, C:\Users\Darshana\AppData\Roaming\SystemHealer
Adware.OnlineIO, C:\Program Files (x86)\Microleaves
PUP.Adware.Heuristic, C:\Program Files\ff3840118776bf1765dcf32a7e449a2c


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.AnonymizerGadget.PrxySvrRST, AGProxyCheck


***** [ Registry ] *****

Adware.OnlineIO, [Key] - HKLM\SOFTWARE\Microleaves
PUP.Optional.FreeMakeConverter, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | ProductUpdater
PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Sorry for the images for win defender but i couldn't get scan report in txt or any other format

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

  

    After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
   

    Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
   

    After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
   


    Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
   


    Once you're done, click on the Back button;
    Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

C:\Program Files (x86)\Insley\arto.exe a variant of MSIL/TrojanClicker.Agent.NTD trojan
C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\wtoolex\wpsupdate.exe a variant of Win32/KingSoft.D potentially unwanted application
C:\Program Files (x86)\mois\arto.dll a variant of MSIL/TrojanClicker.Agent.NTD trojan
C:\Program Files (x86)\mois\arto.exe a variant of MSIL/TrojanClicker.Agent.NTD trojan
C:\Program Files (x86)\mois\mois.exe a variant of MSIL/TrojanClicker.Agent.NTD trojan
C:\Users\Darshana\AppData\Local\arto.exe a variant of MSIL/TrojanClicker.Agent.NTD trojan
C:\Users\Darshana\AppData\Local\Temp\is-N4OPB.tmp\gztit.dll a variant of Win32/Adware.Adposhel.AU application
C:\Users\Darshana\AppData\Local\Temp\nspEE2C.tmp\NMoona.exe a variant of MSIL/Adware.Dotdo.CM application
C:\Users\Darshana\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\fpdata_1.0.0.0\download.7z a variant of Win32/KingSoft.D potentially unwanted application
C:\Users\Darshana\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\fpdata_1.0.0.0\wpsupdate.exe a variant of Win32/KingSoft.D potentially unwanted application
Autostart locations multiple threats,a variant of Win32/KingSoft.D potentially unwanted application,a variant of MSIL/TrojanClicker.Agent.NTD trojan

I still keep getting notification about Skeeyah.G in win defender i have attached the screenshot and i hope the location is in quarantined files.

i have attached the screenshot and i hope the location is in quarantined files.

Go into Windows Defender and clear the quarantine files and then we'll see if it shows again.

i did that and right now i am running full scan instead of quick scan if i find anything than I'll post it. Please let me know if any more steps are needed unless after running eset laptop should be clean.

If the scan comes up clean and there are no other problems we'll be done.

Thank you for the help, really appreciate it.

Darshmeet wrote:

Thank you for the help, really appreciate it.

Please let me know the results of the scan.

Image above is yesterday's full scan with win defender

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************


I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Thought I'd run the scan to see if anything is there and.....it was there... . Quarantined and deleted them

Malwarebytes
www.malwarebytes.com
.
-Log Details-
Scan Date: 4/5/18
Scan Time: 4:32 PM
Log File: d91af9ea-3918-11e8-aa24-b05ada9b9dda.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4630
License: Free

-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: PANCHALFAMILY\Darshana

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335627
Threats Detected: 3
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\INSLEY\ARTO.VEXE, No Action By User, [11717], [506907],1.0.4630
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MOIS\ARTO.VEXE, No Action By User, [11717], [506907],1.0.4630
Adware.DotDo.Generic.TskLnk, C:\USERS\DARSHANA\APPDATA\LOCAL\ARTO.VEXE, No Action By User, [11717], [506907],1.0.4630

Physical Sector: 0
(No malicious items detected)


(end)

That looks good. Is there anything else before I lock this thread?

Did a check with eset again and it found 1 threat and deleted it so hope now laptop is all clean. Go ahead and lock the thread. Thank you again for the help

Darshmeet wrote:

Did a check with eset again and it found 1 threat and deleted it so hope now laptop is all clean. Go ahead and lock the thread. Thank you again for the help

You're welcome. Stay safe.