NOTE
#2Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Darshana (30-03-2018 22:08:27)
Running from C:\Users\Darshana\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2018-01-21 16:52:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2438051969-607994775-1632804330-500 - Administrator - Disabled)
Darshana (S-1-5-21-2438051969-607994775-1632804330-1001 - Administrator - Enabled) => C:\Users\Darshana
DefaultAccount (S-1-5-21-2438051969-607994775-1632804330-503 - Limited - Disabled)
emani (S-1-5-21-2438051969-607994775-1632804330-1002 - Limited - Enabled) => C:\Users\emani
Guest (S-1-5-21-2438051969-607994775-1632804330-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2438051969-607994775-1632804330-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Intel(R) Chipset Device Software (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
PeaZip 6.5.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.5.1 - Giorgio Tani)
Plex Media Server (HKLM-x32\...\{763A44F9-11ED-4C90-B79F-01077108135B}) (Version: 1.7.4035 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{d30c30f4-3b8f-4a97-83a8-ade21eb5089e}) (Version: 1.7.5.4035 - Plex, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
SiudiDriver version 2.3 (HKLM\...\SiudiDriver_is1) (Version: 2.3 - LightingSoft AG)
SP C250SF/C252SF LAN (HKLM-x32\...\{FADBC704-00A7-45FD-A3CF-4B9F8D4DB234}) (Version: 1.00.0.0 - Ricoh)
Stopping Plex (HKLM-x32\...\{64DC32A4-FE15-4054-AC6C-421DE509BF51}) (Version: 1.7.4035 - Plex, Inc.) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
WPS Office (10.2.0.5978) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5978 - Kingsoft Corp.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2438051969-607994775-1632804330-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2438051969-607994775-1632804330-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Darshana\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438051969-607994775-1632804330-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Darshana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-13] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2438051969-607994775-1632804330-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {028B803A-DDD6-4692-A7DE-8FED1F772D84} - System32\Tasks\survivalists => C:\Program Files (x86)\Gibsons\peanut.exe [2018-03-08] ()
Task: {032A84A6-B790-4B6B-ADC3-D4F6FB0E56E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {0633D521-3A90-4A62-9A9F-0CF2CABB9ECF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-08] (Google Inc.)
Task: {2235892F-3104-40DB-9667-F2C1026EB46C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-08] (Google Inc.)
Task: {22B8FF2B-E4AB-4AA0-9161-362B51D749F1} - System32\Tasks\WpsExternal_Darshana_20170824182205 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {33FFDA57-8F5C-4F68-9C9F-23EED7DD1C38} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {45E9A4E8-5F47-4D69-A3FC-38FABE84AA71} - System32\Tasks\WpsUpdateTask_Darshana => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\wtoolex\wpsupdate.exe [2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {45EC44D9-9A75-4BC7-8DC7-35D8FAC38449} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {472C26AD-EDCE-4AEA-8FF5-566217A0455E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {50E702FD-9CBC-46F0-BF0B-A1CD93F521B8} - System32\Tasks\ck sime ironweed => C:\Users\Darshana\AppData\Local\peanut.exe [2018-03-08] ()
Task: {587012DB-1C06-4A1A-86BB-CB75982946F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {5BF4D871-81AB-4317-BA9D-D743B72CDDCC} - System32\Tasks\Sabickered_complementaritybickered_complementarity => C:\Program Files (x86)\Insley\peanut.exe [2018-03-08] ()
Task: {5D69DCAD-5124-4B5B-AF22-7B6B878014DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {61574E5C-8539-4DC4-BCB0-E46AC856107E} - System32\Tasks\Sakhartoum-marsonkhartoum-marson => C:\Program Files (x86)\mois\arto.exe [2018-03-08] ()
Task: {66164CF6-120D-49A2-A48D-9BFB5424C387} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {731250AF-2370-44CE-8250-687F480F5BF7} - System32\Tasks\Samaximum lauritzmaximum lauritz => C:\Program Files (x86)\Insley\arto.exe [2018-03-08] ()
Task: {777865EE-2151-442A-B97B-D3760487997A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {8C598C71-47D9-462C-A326-99A5781C0A16} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {8DC12FC5-701A-46F0-90F3-AFB14D3CAA3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {92437B38-88E9-47B5-8901-58414B01BDCD} - System32\Tasks\maximum lauritz => C:\Program Files (x86)\Insley\arto.exe [2018-03-08] ()
Task: {9B9A5371-E093-4959-9972-6962F871CAF1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] ()
Task: {9ECAE5EA-DA0D-4D86-A9D6-FE16116D51A0} - System32\Tasks\photos_polygamists => C:\Users\Darshana\AppData\Local\arto.exe [2018-03-08] ()
Task: {ACDC7B21-2BD4-4354-BF84-0D90C43FD9A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {AD3F1798-A7E6-45B3-8E62-FBBDDB7E9025} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {B555FEBC-B796-4E50-8068-299A5676EFCD} - System32\Tasks\Sasurvivalistssurvivalists => C:\Program Files (x86)\Gibsons\peanut.exe [2018-03-08] ()
Task: {B7843FED-BCB9-42C7-B355-EBFC8B4D2A20} - System32\Tasks\ja3VrQEySTpn => ja3vrqeystpn.exe <==== ATTENTION
Task: {B9A0E6B1-AC0A-459F-B074-E276C16D7D91} - System32\Tasks\khartoum-marson => C:\Program Files (x86)\mois\arto.exe [2018-03-08] ()
Task: {BA9E3162-574E-476A-BDCA-1E13A2E4C95B} - System32\Tasks\Saphotos_polygamistsphotos_polygamists => C:\Users\Darshana\AppData\Local\arto.exe [2018-03-08] ()
Task: {C17D03C8-8F57-416B-80F6-B7A6709512C3} - System32\Tasks\bickered_complementarity => C:\Program Files (x86)\Insley\peanut.exe [2018-03-08] ()
Task: {CD891CF5-136D-4640-9690-217A873C6D64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {D639D056-E413-42CD-84E6-06FF8AAC749B} - System32\Tasks\HPCeeScheduleForDarshana => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DD19DC59-10B3-48E4-8FD9-7A05E613ADBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {EB2DB453-3F4C-4F9E-878F-5EA1D50D6A5C} - System32\Tasks\Sack sime ironweedck sime ironweed => C:\Users\Darshana\AppData\Local\peanut.exe [2018-03-08] ()
Task: {EE0036E1-DE36-47F7-9726-EE6C0664F7A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {FEDB69FB-0A80-4A89-9301-C0AACA8791F1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDarshana.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () ->
hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=squareShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () ->
hxxp://www.vudu.com/==================== Loaded Modules (Whitelisted) ==============
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-08 15:22 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-09-11 15:03 - 2014-04-14 20:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\mois\arto.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\Insley\arto.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\arto.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\peanut.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\Insley\peanut.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\Gibsons\peanut.exe
2018-03-15 21:11 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-15 21:12 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-29 20:48 - 2018-03-20 01:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-29 20:48 - 2018-03-20 01:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-03-08 12:30 - 2018-03-08 12:30 - 000066832 _____ () C:\Program Files (x86)\mandarin\marathi.exe
2017-06-28 06:02 - 2017-06-28 06:02 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-06-28 06:01 - 2017-06-28 06:01 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-06-28 06:01 - 2017-06-28 06:01 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2015-09-11 14:53 - 2011-08-23 21:39 - 000081920 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_ctypes.pyd
2015-09-11 14:53 - 2011-08-23 21:39 - 000053248 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_socket.pyd
2015-09-11 14:53 - 2011-08-23 21:39 - 000655360 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_ssl.pyd
2015-09-11 14:54 - 2015-04-21 21:23 - 000057344 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\YouCam\XUControl.dll
2015-09-11 14:53 - 2015-07-01 02:42 - 000310712 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\YouCam\BlackCat.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kkqgcoip.sys:changelist [598]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 06:04 - 2018-03-19 19:22 - 000000850 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1090DEC9-877D-4CF0-AC67-6038891B061F}] => (Block) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [{9F407476-C0CC-4595-AC3B-03FF4CF1C17D}] => (Block) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [UDP Query User{AC7C03EC-17F9-435A-8572-8E3622CD551D}C:\program files (x86)\dvdfab\dvdfab.mhz] => (Allow) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [TCP Query User{A609C00C-D949-44C3-B87C-BF47104A7508}C:\program files (x86)\dvdfab\dvdfab.mhz] => (Allow) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [{F0CD494F-0087-421B-8D06-82546DAB817B}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\office6\wpscloudsvr.exe
FirewallRules: [{724CD163-AC25-4F1C-A1A5-187F2F91B138}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{3EB64617-0A17-4537-BA87-365B36927E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{E3F5E990-0F4F-4013-A25A-A2FBB3236D88}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{00FC4295-CF82-448B-BDBB-E51C08A36BF9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{A0B36239-A897-49C6-B7C1-F5118DAC12F3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{84C4F96F-AABB-4BE3-8CC0-94936EB5761C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6ADEBB71-EC4B-4F9B-84D2-45FD49C438E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3DC79B45-705B-4F32-9512-1AADE0AC18D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADEB731D-72D3-466F-8CC6-7D957A2A4C2E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D2D0097-5E45-42DA-AEA0-7FB59967AD86}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{BE90B70F-7A14-423E-882E-ADE53DF617B5}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{C563E6BE-0F1A-4F07-AEC6-C58C8F65FBA8}] => (Allow) C:\Users\Darshana\Downloads\WPUSetup-67956661.exe
FirewallRules: [{270A8B7A-5B2F-4371-BB95-082A77DD90D9}] => (Allow) C:\Users\Darshana\Downloads\WPUSetup-67956661.exe
FirewallRules: [TCP Query User{AE4540BB-0AA9-4A55-A1C0-BB8112559340}C:\mydmx\esa.exe] => (Allow) C:\mydmx\esa.exe
FirewallRules: [UDP Query User{C1A60432-DF2F-477D-8D4A-6BBC6F8F63EA}C:\mydmx\esa.exe] => (Allow) C:\mydmx\esa.exe
FirewallRules: [TCP Query User{ED86BA92-CDF5-4CBE-AE85-B5C672871C96}C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe] => (Block) C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe
FirewallRules: [UDP Query User{6CDD6B56-BB0E-49BD-B302-97117441D29E}C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe] => (Block) C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe
FirewallRules: [TCP Query User{8F4049FF-67D3-48A5-B1CD-980E904C73C7}C:\users\darshana\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\darshana\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{05900ACE-4BB7-488A-A765-53A1E36EA74B}C:\users\darshana\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\darshana\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{BA6B9CD5-7C23-4038-85CE-8BF09B4B18EF}C:\mydmx3\mydmx3\mydmx3.exe] => (Allow) C:\mydmx3\mydmx3\mydmx3.exe
FirewallRules: [UDP Query User{97A0E693-F43D-4FBD-996E-3B7FD66D1A77}C:\mydmx3\mydmx3\mydmx3.exe] => (Allow) C:\mydmx3\mydmx3\mydmx3.exe
FirewallRules: [{9CD4242C-A495-4041-8751-34860491ED73}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{D5F8657F-56D1-4619-BCCB-36D75A201FD4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{7B57BF21-19F6-4D92-8D5E-4215ABA54497}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{C7D01181-118C-4E8B-8CE4-1746EE467FC8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{3C250EBC-ADB3-42DD-B7DE-CE59160792A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E623B26E-ABE6-4860-90A1-BC6F9501C22A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DF269D7A-BAF2-4FF3-A130-8E67E015F60B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{704AF9EA-4E71-4AAB-AE13-C1CC5A86B3E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F650BFE8-59EB-4E15-BCDF-47BC028C7B8E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{64B48B3A-16BD-442E-B8F0-DC963E56DCCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{438298FB-A5EF-4F52-BE99-65993228D7C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{78A5CDDE-6261-4B77-93D3-4BBE7D64944B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{07CF182E-2807-4983-912B-70BFA615809F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{D360836B-F8DA-4470-B7C9-D379D15CD8F9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{E04203C5-987B-410B-9122-96097AEC0E79}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{43C35883-E9BD-4876-AE66-EBE91B960EE5}] => (Allow) C:\Program Files (x86)\Gibsons\peanut.exe
FirewallRules: [{200C5C59-7DDF-4960-AF83-97960DDD5CB0}] => (Allow) C:\Program Files (x86)\Insley\peanut.exe
FirewallRules: [{D6F70AAF-0DD8-4C5B-B712-CE1D0E40B030}] => (Allow) C:\Program Files (x86)\mois\arto.exe
FirewallRules: [{0DDE1C09-52DC-46C5-BEB4-98D8AC2067E3}] => (Allow) C:\Program Files (x86)\Insley\arto.exe
FirewallRules: [{31E3537E-8239-4320-9638-8A6A97CE4E72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
10-02-2018 12:20:16 Windows Update
16-02-2018 08:00:53 Windows Update
08-03-2018 15:07:28 Revo Uninstaller's restore point - AnonymizerGadget
15-03-2018 21:10:35 Windows Update
19-03-2018 06:42:51 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2018 03:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: KERNELBASE.dll, version: 6.2.16299.309, time stamp: 0x00000000
Exception code: 0x80004005
Fault offset: 0x0000000000014008
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5
Error: (03/30/2018 03:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: MSHTML.dll, version: 11.0.16299.309, time stamp: 0x72ae6379
Exception code: 0xc0000005
Fault offset: 0x00000000000c7439
Faulting process id: 0x34dc
Faulting application start time: 0x01d3c7d2cb02b05d
Faulting application path: C:\Program Files (x86)\Gibsons\peanut.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSHTML.dll
Report Id: 648f4b3e-85ac-48e0-b2d6-ccf4b065879a
Faulting package full name:
Faulting package-relative application ID:
Error: (03/30/2018 03:16:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x000000000005d8d6
Faulting process id: 0x6884
Faulting application start time: 0x01d3c855b645e6f1
Faulting application path: C:\Program Files (x86)\Gibsons\peanut.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6732f6c6-a5ca-490a-a88b-abe7c5995d62
Faulting package full name:
Faulting package-relative application ID:
Error: (03/30/2018 03:02:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: KERNELBASE.dll, version: 6.2.16299.309, time stamp: 0x90a96867
Exception code: 0x80004005
Fault offset: 0x0000000000014008
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5
Error: (03/30/2018 03:02:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: KERNELBASE.dll, version: 6.2.16299.309, time stamp: 0x90a96867
Exception code: 0x80004005
Fault offset: 0x0000000000014008
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5
Error: (03/30/2018 02:00:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5
Error: (03/30/2018 12:52:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: Flash.ocx, version: 29.0.0.113, time stamp: 0x5a90c6a2
Exception code: 0xc0000005
Fault offset: 0x000000000044be50
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5
Error: (03/30/2018 12:21:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1645359
System errors:
=============
Error: (03/30/2018 10:08:48 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (03/30/2018 10:06:48 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.
Error: (03/30/2018 10:06:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/30/2018 10:04:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9E175B68-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (03/30/2018 10:02:45 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.
Error: (03/30/2018 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} did not register with DCOM within the required timeout.
Error: (03/30/2018 09:59:56 PM) (Source: DCOM) (EventID: 10016) (User: PANCHALFAMILY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PANCHALFAMILY\Darshana SID (S-1-5-21-2438051969-607994775-1632804330-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/30/2018 09:57:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-03-19 19:19:29.885
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0Name: SoftwareBundler:Win32/Prepscram
ID: 226289
Severity: High
Category: Software Bundler
Path: file:_C:\Users\Darshana\AppData\Local\Temp\nsfC852.tmp\cpSetup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Signature Version: AV: 1.263.752.0, AS: 1.263.752.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS:
2.1.14202.0
Date: 2018-03-08 13:32:52.445
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanSpy:Win32/SocStealer!rfn&threatid=2147724296&enterprise=0Name: TrojanSpy:Win32/SocStealer!rfn
ID: 2147724296
Severity: Severe
Category: Trojan Monitoring Software
Path: file:_C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.ba745faa4220e.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.332.0, AS: 1.263.332.0, NIS: 118.
2.0.0
Engine Version: AM: 1.1.14600.4, NIS:
2.1.14202.0
Date: 2018-03-08 13:32:52.408
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\ff3840118776bf1765dcf32a7e449a2c\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.332.0, AS: 1.263.332.0, NIS: 118.
2.0.0
Engine Version: AM: 1.1.14600.4, NIS:
2.1.14202.0
Date: 2018-03-08 13:19:56.321
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.ba745faa4220e.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Darshana\AppData\Local\Temp\nsfC852.tmp\cpSetup.exe
Signature Version: AV: 1.263.75.0, AS: 1.263.75.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
Date: 2018-03-08 13:08:04.649
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BD74BAC8-4AD7-4D9B-92C8-119D19050F1A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-03-30 22:07:32.283
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1813.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-03-30 19:43:37.450
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1801.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-03-30 12:32:14.695
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
Date: 2018-03-29 17:48:44.118
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.800.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-03-29 17:48:44.118
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.8.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-03-30 22:07:07.656
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-30 22:07:07.654
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-30 22:02:37.857
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-30 22:02:37.854
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-30 22:01:30.325
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-30 22:01:30.322
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-30 21:57:59.288
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-30 21:57:59.284
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 63%
Total physical RAM: 6059.39 MB
Available physical RAM: 2182.82 MB
Total Virtual: 7019.39 MB
Available Virtual: 2186.5 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:909.07 GB) (Free:830.28 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.34 GB) (Free:2.37 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{b58a3f2c-24a7-4517-89ab-2feadddde9df}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
\\?\Volume{97a72501-73ba-450b-9551-4db74e27a4f9}\ () (Fixed) (Total:1.73 GB) (Free:1.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 491AFB52)
Partition: GPT.
==================== End of Addition.txt ============================