WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Requested help on suspected Crypto mining malware infection [Closed]

Started by addverma , Nov 01 2018 12:59 AM

Crypto-mining malware Crypto

This topic is locked

7 replies to this topic

#1 addverma

New Member

New Member
3 posts

Posted 01 November 2018 - 12:59 AM

I have a old Windows 7 laptop. Over the past few months I have observed that the laptop got progressively slower. So I started to dig into the matter. What I found was that when I open my browser and have a few tabs open my laptop would slow down substantially. I then decided to have a look at the network traffic originating from my browser by using the NirSoft's TCP Log View. In that I found that my browser was trying to connect to a known crypto mining software website cnhv.co. So I went and blocked the access to this hostname in my laptop. But then to my horror I found that it was not only my browser that was trying to connect to this hostname rather it was my Internet Security suite and also the System process and few SVCHost services. Please see the attached screen shot for more details. Further I also came to realize that the connection to cnhv.co is attempted when the Wifi is turned on or off on my laptop OR when I connect and disconnect to the Wired LAN.

Then I tried other browsers on my laptop and they did not exhibit the same behavior, i.e. no connection was attempted to be made to the cnhv.co website. So this lead me to believe that the probable infection is specific to my default browser only. My default browser is Firefox and it has 3 addons and 2 extensions running. The Addons are uOrigin Block, CanvasBlocker and Kaspersky Internet Security.

My Internet Security tool has not detected anything malicious. I have also run Malware Bytes on my laptop and still Firefox, system process, SVCHost try to connect to the cnhv.co. So my question is as follows

1) How do I check if my laptop has been infected with a Malware? I think that it is a Crypt mining malware because of hostname that is being attempted to be connected to.

2) How do I identify which malware it is?

3) How do I clean the malware from my laptop?

Attached Thumbnails

DSchwartz likes this

Advertisements

Register to Remove

#2 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 01 November 2018 - 03:42 AM

Hello addverma and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

run AdwCleaner by clicking on Scan
when it has finished, leave everything that was found checked, (ticked), then click on Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
press Scan button
it will produce a log called Frst.txt in the same directory the tool is run from
please copy and paste log back here.
the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
Frst.txt
Addition.txt

Thanks

Satchfan

DSchwartz likes this

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 addverma

New Member

New Member
3 posts

Posted 01 November 2018 - 01:39 PM

I have the AdwCleaner logs and they are given below. However for the FRST logs including the addition.log, can I obsfucate the User IDs and their folder names only before I post the logs over here. I am a bit concerned about posting the logs with such personal details on an open forum like this. Please let me know what your views on that and I will then post the FRST logs as well as addition logs.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-02-2018
# Duration: 00:03:15
# OS:       Windows 7 Starter
# Scanned: 32026
# Detected: 13

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic            C:\Windows\System32\Tasks\FreeDownloadManagerNetworkMonitor

***** [ Registry ] *****

PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeDownloadManagerNetworkMonitor
PUP.Optional.Blabbers           HKCU\Software\BrowserCompanion
PUP.Optional.Blabbers           HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2838827301-4226670208-1364805098-1002\Software\bbrs_002.tb
PUP.Optional.FaceMoods          HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2838827301-4226670208-1364805098-1002\Software\facemoods.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2838827301-4226670208-1364805098-1002\Software\Blabbers
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             Ask

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

#4 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 01 November 2018 - 03:54 PM

I can assure you that there will be nothing in the logs that can be traced back to you. Also, if you change any details in the logs then our 'fixes' may not be effective.

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 addverma

New Member

New Member
3 posts

Posted 03 November 2018 - 02:56 AM

Output of FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24.10.2018
Ran by User5 (administrator) on ALKAPURI (02-11-2018 00:40:14)
Running from E:\Setups & Installations
Loaded Profiles: User5 & User2 (Available Profiles: User5 & User3 & User4 & User2 & User1)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(D-Link Corportation) C:\Program Files\D-Link LTE Mobile Hotspot\InstallService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9734760 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CLVirtualDrive] => C:\Program Files\CyberLink\Power2Go8\VirtualDrive.exe [499640 2015-07-06] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer_For_P2G8] => C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-07-06] (CyberLink)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [266552 2018-08-23] (Apple Inc.)
HKU\S-1-5-21-2838827301-4226670208-1364805098-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-18\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [8490184 2017-03-17] (FreeDownloadManager.org)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{097EB1D2-CB37-46D6-8BE0-334852A85E60}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{220EC7D0-533D-4906-ACBF-A739BBA17C10}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{56C4C9EA-A6DF-4BE8-ABAB-3BC2617D23B0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9E03E967-8A4B-47C0-BE76-2057356C4DB0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AB37BCC2-9E12-4914-8767-BACB032CB5AE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AB37BCC2-9E12-4914-8767-BACB032CB5AE}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B484C25A-B5D3-4424-8A29-076D67355851}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F2962774-18FD-49AD-ABE7-CF0C3AD0EB39}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2838827301-4226670208-1364805098-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2838827301-4226670208-1364805098-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKU\S-1-5-21-2838827301-4226670208-1364805098-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
HKU\S-1-5-21-2838827301-4226670208-1364805098-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2838827301-4226670208-1364805098-1002 -> DefaultScope {1F503FDE-A25A-4851-8A7F-737AA32D9429} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2838827301-4226670208-1364805098-1002 -> {0D3AC0FC-C036-4663-8D1B-90BD9C9BDA34} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2838827301-4226670208-1364805098-1002 -> {1F503FDE-A25A-4851-8A7F-737AA32D9429} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2838827301-4226670208-1364805098-1005 -> DefaultScope {1F503FDE-A25A-4851-8A7F-737AA32D9429} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2838827301-4226670208-1364805098-1005 -> {0D3AC0FC-C036-4663-8D1B-90BD9C9BDA34} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2838827301-4226670208-1364805098-1005 -> {1F503FDE-A25A-4851-8A7F-737AA32D9429} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\IEExt\ie_plugin.dll [2018-07-25] (AO Kaspersky Lab)
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-18] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\IEExt\ie_plugin.dll [2018-07-25] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2838827301-4226670208-1364805098-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2838827301-4226670208-1364805098-1002 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
Toolbar: HKU\S-1-5-21-2838827301-4226670208-1364805098-1005 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

FireFox:
========
FF DefaultProfile: vh0y4pcr.default
FF ProfilePath: C:\Users\User5\AppData\Roaming\Mozilla\Firefox\Profiles\vh0y4pcr.default [2018-10-30]
FF Extension: (CanvasBlocker) - C:\Users\User5\AppData\Roaming\Mozilla\Firefox\Profiles\vh0y4pcr.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2018-10-19]
FF Extension: (uBlock Origin) - C:\Users\User5\AppData\Roaming\Mozilla\Firefox\Profiles\vh0y4pcr.default\Extensions\uBlock0@raymondhill.net.xpi [2018-10-19]
FF Extension: (Firefox Monitor) - C:\Users\User5\AppData\Roaming\Mozilla\Firefox\Profiles\vh0y4pcr.default\features\{3c95c260-e785-4d99-b517-48cd9ae34e3c}\fxmonitor@mozilla.org.xpi [2018-09-16]
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-25]
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default [2018-09-23]
CHR Extension: (Slides) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-18]
CHR Extension: (Docs) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-18]
CHR Extension: (Google Drive) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-27]
CHR Extension: (YouTube) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Google Search) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-27]
CHR Extension: (Sheets) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-18]
CHR Extension: (Google Docs Offline) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-16]
CHR Extension: (Kaspersky Protection) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-20]
CHR Extension: (Gmail) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]
CHR Extension: (Chrome Media Router) - C:\Users\User5\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-16]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKU\S-1-5-21-2838827301-4226670208-1364805098-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP18.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 CrypKey License; C:\windows\system32\crypserv.exe [126976 2011-10-20] (CrypKey (Canada) Ltd.) [File not signed]
S3 KSDE2.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-10] (Samsung Electronics CO., LTD.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 Wireless Modem Service; C:\Program Files\D-Link LTE Mobile Hotspot\InstallService.exe [1480632 2016-09-23] (D-Link Corportation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bmfilter; C:\Windows\System32\DRIVERS\qcusbfilter.sys [36936 2016-09-23] (QUALCOMM Incorporated)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [75528 2013-11-12] (CyberLink)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [176864 2016-12-26] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [94208 2010-08-10] (ELAN Microelectronics Corp.)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [145032 2015-10-21] (GenesysLogic)
R2 giveio; C:\windows\system32\giveio.sys [5248 1996-04-04] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [62184 2017-12-25] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [98592 2018-10-19] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [74432 2018-07-25] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [164032 2018-05-14] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [680232 2018-10-19] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [836392 2018-10-19] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49344 2018-05-14] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [50400 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [51424 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45552 2017-12-25] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75760 2017-12-25] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [121544 2018-07-25] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165088 2017-12-25] (AO Kaspersky Lab)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [23360 2010-03-19] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [816792 2018-07-07] () [File not signed]
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-10-10] (Windows ® 2003 DDK 3790 provider)
R2 speedfan; C:\windows\system32\speedfan.sys [24184 2012-12-30] (Almico Software)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ute0oty4; C:\Windows\system32\Drivers\ute0oty4.sys [7168 2018-10-30] () [File not signed]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-02 00:39 - 2018-11-02 00:40 - 000000000 ____D C:\FRST
2018-11-02 00:24 - 2018-11-02 00:29 - 000000000 ____D C:\AdwCleaner
2018-10-31 22:51 - 2018-10-31 22:51 - 000005858 _____ C:\Users\User2\Downloads\Yello.aup
2018-10-31 22:51 - 2018-10-31 22:51 - 000000000 ____D C:\Users\User2\Downloads\Yello_data
2018-10-31 22:46 - 2018-10-31 23:02 - 000012060 _____ C:\Users\User2\Downloads\Rajyotsava 2019 1.aup
2018-10-31 22:46 - 2018-10-31 22:46 - 000000000 ____D C:\Users\User2\Downloads\Rajyotsava 2019 1_data
2018-10-31 00:02 - 2018-10-31 00:02 - 000000000 _____ C:\Users\User1\Downloads\ChromeSetup.exe
2018-10-30 23:42 - 2018-10-30 23:43 - 002409878 _____ C:\Users\User1\Desktop\GSI6_ALKAPURI_User5_10_30_2018_23_11_46.zip
2018-10-30 23:42 - 2018-10-30 23:43 - 000000000 ____D C:\ProgramData\s63s
2018-10-30 23:23 - 2018-10-30 23:23 - 000000000 ____D C:\ProgramData\s3ps
2018-10-30 23:23 - 2018-10-30 23:23 - 000000000 ____D C:\ProgramData\s1ro
2018-10-30 23:11 - 2018-10-30 23:11 - 000000000 ____D C:\ProgramData\s5ak
2018-10-30 23:11 - 2018-10-30 23:11 - 000000000 ____D C:\ProgramData\s56k
2018-10-30 23:11 - 2018-10-30 23:11 - 000000000 ____D C:\ProgramData\s208
2018-10-30 23:08 - 2018-10-30 23:08 - 000000000 ____D C:\Users\User1\Downloads\GetSystemInfo6.2
2018-10-30 23:03 - 2018-10-30 23:04 - 011028367 _____ C:\Users\User1\Downloads\GetSystemInfo6.2.zip
2018-10-30 15:47 - 2018-10-30 15:47 - 000001818 _____ C:\Users\Public\Desktop\Dell OS Recovery Tool.lnk
2018-10-30 15:47 - 2018-10-30 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-10-30 15:47 - 2018-10-30 15:47 - 000000000 ____D C:\Program Files\Dell
2018-10-30 15:45 - 2018-10-30 15:48 - 000000000 ____D C:\ProgramData\Dell
2018-10-30 15:30 - 2018-10-30 15:30 - 000000000 ____D C:\Users\User3\AppData\Local\mbamtray
2018-10-30 14:50 - 2018-10-30 14:50 - 000000000 ____D C:\Users\User5\AppData\Local\mbamtray
2018-10-30 12:32 - 2018-10-30 12:32 - 000000456 _____ C:\Users\User1\Documents\Kaspersky full scan report dated 30Oct2018.txt
2018-10-29 10:45 - 2018-10-29 10:45 - 000137299 _____ C:\Users\Public\Documents\9535239231 Recharge Unlimited data and calls Amount Rs 448 Dated 29Oct2018.pdf
2018-10-28 19:54 - 2018-10-28 19:54 - 019193248 _____ (Dell Inc.) C:\Users\User1\Downloads\Dell-USB-Recovery-Tool_N4TX3_WIN_2.2.4049.0_A00.EXE
2018-10-28 10:58 - 2018-10-28 10:59 - 000001229 _____ C:\Users\User1\Desktop\Firefox Safe Mode.lnk
2018-10-27 19:34 - 2018-10-27 19:34 - 000077000 _____ C:\Users\User1\Downloads\tcplogview.zip
2018-10-26 09:50 - 2018-10-26 09:50 - 000001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-10-26 09:50 - 2018-10-26 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-10-26 09:48 - 2018-10-26 09:50 - 000000000 ____D C:\Program Files\iTunes
2018-10-23 22:24 - 2018-10-23 22:24 - 000158327 _____ C:\Users\Public\Documents\DELL_Invoice_I3_CNS_CNR_1410199386_2018-10-23.pdf
2018-10-21 16:28 - 2018-10-21 16:28 - 000173276 ____N C:\Users\User1\Documents\Document1.tif
2018-10-21 16:26 - 2018-10-21 16:27 - 000201149 _____ C:\Users\User1\Desktop\print.xps
2018-10-21 16:23 - 2018-10-21 16:23 - 002322004 _____ C:\Users\User1\eeeevv.xps
2018-10-21 16:21 - 2018-10-21 16:22 - 000008334 _____ C:\Users\User1\durga puja delete after print.pdf
2018-10-21 16:13 - 2018-10-21 16:13 - 000000000 ____D C:\Users\User1\AppData\LocalLow\Temp
2018-10-21 16:09 - 2018-10-21 16:09 - 000104267 _____ C:\Users\User1\Downloads\Happy-Durga-Puja-HD-Wallpaper-free-Download.pdf
2018-10-19 15:50 - 2018-10-19 15:50 - 000000455 _____ C:\Users\Public\Documents\SBI Credit Card request for deactivation of International Usage.txt
2018-10-19 14:58 - 2018-10-19 14:58 - 001984715 _____ C:\Users\User1\Documents\DELL 5578 Repair Authorization Letter for HDD and Palm Rest along with HDFC Bank Transfer Receipt.pdf
2018-10-19 14:54 - 2018-10-19 14:54 - 001846905 _____ C:\Users\User1\Documents\HDFC Payment Receipt for Dell.pdf
2018-10-19 14:50 - 2018-10-19 14:50 - 000140992 _____ C:\Users\User1\Documents\DELL 5578 Repair Authorization Letter for HDD and Palm Rest_0001.pdf
2018-10-19 14:43 - 2018-10-19 14:43 - 001256576 _____ C:\Users\User1\Documents\Transfer to Dell Citibank CA Account for Dell Laptop Repair Dated 19Oct2018 Amount Rs 10272.pdf
2018-10-19 12:16 - 2018-10-19 12:16 - 001093982 _____ C:\Users\User1\Documents\HSBC Credit Card Statement Sept-2018 Payment Receipt.pdf
2018-10-19 11:54 - 2018-10-19 11:54 - 000337198 _____ C:\Users\User1\Documents\HSBC Credit Card Statement Sept2018.pdf
2018-10-19 11:02 - 2018-10-19 11:02 - 000000000 ____D C:\Users\User1\Documents\Property
2018-10-18 18:49 - 2018-10-18 18:49 - 000199443 _____ C:\Users\User2\Downloads\4639XXXXXXXXXX36_25-09-2018 (1).PDF
2018-10-18 11:11 - 2018-10-18 11:11 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-10-18 11:08 - 2018-10-18 11:08 - 000000000 ____D C:\Program Files\Common Files\Java
2018-10-13 01:43 - 2018-10-13 01:43 - 000199443 _____ C:\Users\User2\Downloads\4639XXXXXXXXXX36_25-09-2018.PDF
2018-10-13 01:08 - 2018-10-13 01:08 - 002307352 _____ C:\Users\User1\Documents\SBI Card Sept-2018 Payment Receipt.pdf
2018-10-13 00:57 - 2018-10-13 00:57 - 000871096 _____ C:\Users\User1\Documents\SBI Card Sept-2018.pdf
2018-10-13 00:56 - 2018-10-13 00:56 - 000000000 ____D C:\Users\User1\Documents\Bills
2018-10-11 22:58 - 2018-10-12 09:46 - 000000000 ____D C:\Users\User2\Documents\Phone
2018-10-11 22:56 - 2018-10-19 15:59 - 000000000 ____D C:\Users\User2\AppData\Local\PDFCreator
2018-10-11 00:24 - 2018-09-19 13:38 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2018-10-11 00:24 - 2018-09-18 23:40 - 000348976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-11 00:24 - 2018-09-18 10:03 - 020278784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-11 00:24 - 2018-09-18 10:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-11 00:24 - 2018-09-18 10:01 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-11 00:24 - 2018-09-18 09:51 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-11 00:24 - 2018-09-18 09:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-11 00:24 - 2018-09-18 09:50 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-11 00:24 - 2018-09-18 09:50 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-11 00:24 - 2018-09-18 09:49 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-11 00:24 - 2018-09-18 09:48 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-11 00:24 - 2018-09-18 09:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-11 00:24 - 2018-09-18 09:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-11 00:24 - 2018-09-18 09:44 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-11 00:24 - 2018-09-18 09:43 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-11 00:24 - 2018-09-18 09:43 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-11 00:24 - 2018-09-18 09:43 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-11 00:24 - 2018-09-18 09:42 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-11 00:24 - 2018-09-18 09:39 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-11 00:24 - 2018-09-18 09:36 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-11 00:24 - 2018-09-18 09:33 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-11 00:24 - 2018-09-18 09:32 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-11 00:24 - 2018-09-18 09:32 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-11 00:24 - 2018-09-18 09:30 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-11 00:24 - 2018-09-18 09:29 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-11 00:24 - 2018-09-18 09:28 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-11 00:24 - 2018-09-18 09:27 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-11 00:24 - 2018-09-18 09:27 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-11 00:24 - 2018-09-18 09:23 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-11 00:24 - 2018-09-18 09:22 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-11 00:24 - 2018-09-18 09:21 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-11 00:24 - 2018-09-18 09:21 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-11 00:24 - 2018-09-18 09:20 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-11 00:24 - 2018-09-18 09:20 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-11 00:24 - 2018-09-18 09:07 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-11 00:24 - 2018-09-18 09:04 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-11 00:24 - 2018-09-18 09:01 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-11 00:24 - 2018-09-11 23:53 - 002404864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-11 00:24 - 2018-09-11 23:50 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-11 00:24 - 2018-09-11 23:50 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-11 00:24 - 2018-09-09 06:16 - 004054216 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-10-11 00:24 - 2018-09-09 06:16 - 003959496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-11 00:24 - 2018-09-09 06:16 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-11 00:24 - 2018-09-09 06:16 - 001214152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-11 00:24 - 2018-09-09 06:16 - 000730824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-11 00:24 - 2018-09-09 06:16 - 000219336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-11 00:24 - 2018-09-09 06:16 - 000189640 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-10-11 00:24 - 2018-09-09 06:16 - 000189640 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-11 00:24 - 2018-09-09 06:16 - 000137928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-11 00:24 - 2018-09-09 06:16 - 000136392 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-10-11 00:24 - 2018-09-09 06:16 - 000067272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-11 00:24 - 2018-09-09 06:14 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-11 00:24 - 2018-09-09 06:14 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-11 00:24 - 2018-09-09 06:14 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-11 00:24 - 2018-09-09 06:14 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-11 00:24 - 2018-09-09 06:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-11 00:24 - 2018-09-09 06:14 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-11 00:24 - 2018-09-09 06:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-11 00:24 - 2018-09-09 06:12 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-11 00:24 - 2018-09-09 06:12 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-11 00:24 - 2018-09-09 06:12 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-11 00:24 - 2018-09-09 06:12 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-11 00:24 - 2018-09-09 06:12 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-11 00:24 - 2018-09-09 06:12 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-11 00:24 - 2018-09-09 05:48 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-11 00:24 - 2018-09-09 05:48 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-11 00:24 - 2018-09-09 05:48 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-11 00:24 - 2018-09-09 05:48 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-11 00:24 - 2018-09-09 05:48 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-11 00:24 - 2018-09-09 05:46 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-11 00:24 - 2018-09-09 05:45 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-11 00:24 - 2018-09-09 05:43 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-11 00:24 - 2018-09-09 05:42 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-11 00:24 - 2018-09-09 05:42 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-11 00:24 - 2018-09-09 05:42 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-11 00:24 - 2018-09-09 05:42 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-10-11 00:24 - 2018-09-09 05:42 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-11 00:24 - 2018-09-09 05:42 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-11 00:24 - 2018-09-09 05:42 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-11 00:24 - 2018-09-09 05:42 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-11 00:24 - 2018-09-09 05:42 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-11 00:24 - 2018-08-28 11:39 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-11 00:24 - 2018-08-28 11:39 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-11 00:24 - 2018-08-28 11:22 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-11 00:24 - 2018-08-28 11:22 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-11 00:24 - 2018-08-28 11:22 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-11 00:12 - 2018-10-11 00:12 - 000003397 _____ C:\Users\User1\Documents\PaymentReceipt_sm_a302_47108.pdf
2018-10-10 18:04 - 2018-10-10 18:05 - 000000000 ____D C:\Users\Public\Documents\Property
2018-10-10 10:59 - 2018-10-10 10:59 - 001256570 _____ C:\Users\User1\Documents\Transfer to IDBI SB Account for Oct-Nov 2018 Madhuram Maintenance Dated 10Oct2018 Amount Rs 21500.pdf
2018-10-10 09:24 - 2018-10-10 09:24 - 000000000 ____D C:\Users\User4\AppData\Local\Apple
2018-10-08 21:02 - 2018-10-08 21:02 - 000244190 _____ C:\Users\User2\Documents\Lensekart Order Summary.pdf
2018-10-08 08:52 - 2018-10-08 08:52 - 000344387 _____ C:\Users\User1\Documents\DELL 5578 Repair Authorization Letter for HDD and Palm Rest.pdf
2018-10-08 08:23 - 2018-11-02 00:31 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-05 07:10 - 2018-10-05 07:10 - 000000840 _____ C:\Users\User2\Documents\Goa Hotel Booking.txt
2018-10-04 08:49 - 2018-10-04 08:49 - 001256536 _____ C:\Users\User1\Documents\Transfer to IDBI SB Account for Oct-2018 Bill Payments Dated 04Oct2018 Amount Rs 10000.pdf
2018-10-03 09:23 - 2018-10-03 09:23 - 000000000 ____D C:\ProgramData\s7a8
2018-10-03 09:10 - 2018-10-03 09:10 - 000017329 _____ C:\Users\User1\Documents\Malware Bytes Log.txt
2018-10-03 09:09 - 2018-10-03 09:09 - 000000000 ____D C:\Users\User1\AppData\Local\mbam
2018-10-03 09:02 - 2018-10-30 23:24 - 000007168 _____ C:\Windows\system32\Drivers\ute0oty4.sys
2018-10-03 09:02 - 2018-10-03 09:02 - 000000000 ____D C:\ProgramData\s52k
2018-10-03 09:02 - 2018-10-03 09:02 - 000000000 ____D C:\ProgramData\s380
2018-10-03 08:54 - 2018-10-03 08:54 - 000000000 ____D C:\ProgramData\sqg
2018-10-03 08:54 - 2018-10-03 08:54 - 000000000 ____D C:\ProgramData\s4do
2018-10-03 08:54 - 2018-10-03 08:54 - 000000000 ____D C:\ProgramData\s3go
2018-10-03 00:04 - 2018-10-03 00:04 - 000000000 ____D C:\Users\User5\AppData\Local\mbam
2018-10-03 00:04 - 2018-10-03 00:04 - 000000000 ____D C:\Users\User1\AppData\Local\mbamtray
2018-10-03 00:01 - 2018-10-03 00:01 - 000002030 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-03 00:01 - 2018-10-03 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-03 00:01 - 2018-09-11 13:18 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-10-03 00:00 - 2018-10-03 00:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-03 00:00 - 2018-10-03 00:00 - 000000000 ____D C:\Program Files\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-02 00:40 - 2009-07-27 01:36 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-02 00:40 - 2009-07-14 10:04 - 000010272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-02 00:40 - 2009-07-14 10:04 - 000010272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-02 00:40 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2018-11-02 00:34 - 2017-01-03 23:05 - 000000000 ____D C:\Users\User2\AppData\LocalLow\Mozilla
2018-11-02 00:33 - 2015-10-25 11:56 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-11-02 00:30 - 2017-10-02 09:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-02 00:09 - 2016-03-26 22:54 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-11-01 14:20 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\rescache
2018-10-31 23:09 - 2017-01-03 22:20 - 000000000 ____D C:\Users\User2\AppData\Roaming\Audacity
2018-10-31 22:56 - 2018-01-22 20:03 - 000000000 ____D C:\Users\User2\Downloads\Shyba
2018-10-31 22:50 - 2015-10-17 22:38 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-31 01:45 - 2016-12-16 22:11 - 000000000 ____D C:\Users\User1\AppData\LocalLow\Mozilla
2018-10-30 23:39 - 2018-06-30 10:59 - 000001504 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-10-30 16:22 - 2015-10-18 19:28 - 000000000 ____D C:\Users\User5\AppData\Local\CrashDumps
2018-10-30 15:47 - 2018-09-26 07:35 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-30 15:43 - 2017-06-28 20:28 - 000000000 ____D C:\Users\User3\AppData\LocalLow\Mozilla
2018-10-30 15:29 - 2017-01-26 18:48 - 000000000 ____D C:\Users\User5\AppData\LocalLow\Mozilla
2018-10-30 12:42 - 2017-02-20 08:35 - 000000000 ____D C:\Program Files\Nitro PDF
2018-10-28 11:54 - 2015-10-30 23:02 - 000000000 ____D C:\Users\User1\My Shortcuts
2018-10-28 10:34 - 2015-10-30 23:32 - 000000000 ____D C:\Users\User1\AppData\Roaming\Notepad++
2018-10-27 19:34 - 2015-10-19 08:29 - 000000000 ____D C:\bin
2018-10-26 09:50 - 2016-09-24 23:36 - 000000000 ____D C:\Program Files\iPod
2018-10-26 09:14 - 2017-06-24 15:22 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-21 16:23 - 2015-10-25 13:45 - 000000000 ____D C:\Users\User1
2018-10-20 16:32 - 2018-09-17 00:02 - 000000000 ____D C:\Users\User4\AppData\LocalLow\Mozilla
2018-10-19 19:47 - 2017-12-25 00:10 - 000836392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-10-19 19:46 - 2017-12-25 00:10 - 000098592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2018-10-19 19:45 - 2017-12-25 00:10 - 000680232 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-10-19 15:59 - 2018-10-02 21:56 - 000000000 ____D C:\Users\User2\AppData\Roaming\Notepad++
2018-10-18 19:00 - 2016-08-01 17:03 - 000000000 ____D C:\Users\User2\Documents\HDFC Credit card
2018-10-18 11:11 - 2015-10-18 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-18 11:11 - 2010-12-09 12:49 - 000000000 ____D C:\Program Files\Java
2018-10-18 11:06 - 2015-10-18 08:09 - 000096632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-10-11 22:58 - 2017-07-22 11:31 - 000000000 ____D C:\Users\User2\AppData\LocalLow\Adobe
2018-10-11 01:51 - 2017-11-18 13:17 - 000357192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-11 00:46 - 2015-10-18 00:10 - 000000000 ____D C:\Windows\system32\MRT
2018-10-11 00:26 - 2011-03-25 20:02 - 133674168 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-06 14:55 - 2018-09-17 00:02 - 000000000 ____D C:\Users\User4\AppData\Local\Mozilla

==================== Files in the root of some directories =======

2015-10-19 11:42 - 2016-01-03 19:33 - 000007600 _____ () C:\Users\User5\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-27 19:05

==================== End of FRST.txt ============================

The Addition.txt file

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24.10.2018
Ran by User5 (02-11-2018 00:46:42)
Running from E:\Setups & Installations
Microsoft Windows 7 Starter Service Pack 1 (X86) (2010-11-10 16:54:38)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2838827301-4226670208-1364805098-500 - Administrator - Disabled)
User1 (S-1-5-21-2838827301-4226670208-1364805098-1006 - Limited - Enabled) => C:\Users\User1
User2 (S-1-5-21-2838827301-4226670208-1364805098-1005 - Limited - Enabled) => C:\Users\User2
User3 (S-1-5-21-2838827301-4226670208-1364805098-1003 - Limited - Enabled) => C:\Users\User3
User5 (S-1-5-21-2838827301-4226670208-1364805098-1002 - Administrator - Enabled) => C:\Users\User5
Guest (S-1-5-21-2838827301-4226670208-1364805098-501 - Limited - Disabled)
User4 (S-1-5-21-2838827301-4226670208-1364805098-1004 - Limited - Enabled) => C:\Users\User4

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3EF2AB0E-A0BD-42CE-BF5E-D817527C9B6F}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
Audacity 2.2.2 (HKLM\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Bonbon Quest (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}) (Version: - Oberon Media)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
Dell OS Recovery Tool (HKLM\...\{16d2a6c4-6015-4ed4-8dda-692240633e3f}) (Version: 2.2.4049 - Dell Inc.)
Dell OS Recovery Tool (HKLM\...\{B423A8E0-9EDD-4E13-9657-1630EB20FA31}) (Version: 2.2.4049.0 - Dell) Hidden
D-Link LTE Mobile Hotspot v3.0.2EU (HKLM\...\Broad Mobi HSPA Modem Normal Version_is1) (Version: - )
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}) (Version: 4.4.1 - Samsung)
Easy Resolution Manager (HKLM\...\{18AA278D-E0B9-4F99-ACCC-070978A38453}) (Version: 1.0.9 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)
ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
Flip Words (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version: - Oberon Media)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Game Pack (HKLM\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.)
Gem Shop (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}) (Version: - Oberon Media)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HandBrake 0.9.5 (HKLM\...\HandBrake) (Version: 0.9.5 - )
Image Resizer for Windows (HKLM\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson)
Insaniquarium Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}) (Version: - Oberon Media)
Intel AppUp(SM) center (HKLM\...\Intel AppUp(SM) center 1173) (Version: 1173 - Intel)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2567 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{73824AE9-6DAB-441E-A1E6-CBC2FDE1036D}) (Version: 12.9.0.167 - Apple Inc.)
Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
MediaInfo 0.7.83 (HKLM\...\MediaInfo) (Version: 0.7.83 - MediaArea.net)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{3A2B13EE-0CCA-47C5-B9A7-C8BB4EFBF6B9}) (Version: 15.8.8308.920 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Color Enhancer (HKLM\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 63.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 63.0.1 (x86 en-GB)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
MPC-HC 1.7.13 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.13 - MPC-HC Team)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141666}) (Version: 4.0.19 - dotPDN LLC)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
PDFTK Builder 3.9.4 (HKLM\...\PDFTK Builder_is1) (Version: - )
PM FASTrack PMP v8 (HKLM\...\PM FASTrack PMP v8-v8002) (Version: 8.0.0.2 - RMC Project Management, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
Samsung AnyWeb Print (HKLM\...\{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung Data Migration (HKLM\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center 1.0 (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Slingo (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}) (Version: - Oberon Media)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.09.0800 - SRS Labs, Inc.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
XMedia Recode version 3.3.2.2 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.2.2 - XMedia Recode)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-07-23] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-07] (Cyberlink)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Brice Lambson)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\shellex.dll [2018-10-19] (AO Kaspersky Lab)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-07] (Cyberlink)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\shellex.dll [2018-10-19] (AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\shellex.dll [2018-10-19] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-10-30] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\shellex.dll [2018-10-19] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10DEF452-04EC-4669-BDA9-05A0FC8BD5C7} - System32\Tasks\UMonitor Task => C:\windows\System32\UMonit.exe [2015-10-21] ()
Task: {26F53FD8-B85D-4AEA-B4EB-B9FFA5D89254} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {29189F73-9F11-4A0C-A120-92DA29E17DF1} - System32\Tasks\SamsungMagician => C:\Program Files\Samsung\Samsung Magician\SamsungMagician.exe [2017-02-22] (Samsung Electronics Co. Ltd.)
Task: {2D6D7C60-245A-4BFB-AF3B-FDB6E0E121D9} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {2FE6CEB6-E873-44AC-9AE3-B5B5EC0753B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {39C748AF-5CDB-49D6-9226-62428A4C2A44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-17] (Google Inc.)
Task: {4B516088-B9C0-46C0-98F3-753AC1E8833F} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {50C161FE-B202-412E-BA56-A626D0B684CA} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {5244F531-546E-4B25-B370-B2472D196E2E} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe [2010-10-20] (SRS Labs, Inc.)
Task: {64C8C1CE-F06C-429A-B460-57129BDA09EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {6FC5E683-1D37-44AD-94D9-7A5A7CF310AA} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {94891824-FC6D-4733-AEEE-D8AC5DFD3EEC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {94B455C1-53DF-4250-9684-B3E549A30DC6} - System32\Tasks\IdlePowerSave => C:\Windows\Idle\DetectIdleTask.exe [2010-07-31] (TODO: <회사 이름>)
Task: {A1B7E540-2777-4504-A156-B960A1EA92A1} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {B335BCFA-48B3-4EE2-AC66-023E173A0B48} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {BB463799-E04A-4495-A246-DE346955C341} - \FreeDownloadManagerNetworkMonitor -> No File <==== ATTENTION
Task: {C164D15B-92AD-4004-8415-8A3B0A2D3657} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-17] (Google Inc.)
Task: {C7B60273-4264-4A82-87F4-0F4485F9C2BB} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {CE63CDCA-9F5E-442D-853F-A47A7B9BBF96} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {DBD7BBA6-DDDB-4300-891A-9D289697E5E7} - System32\Tasks\AdwCleaner_onReboot => E:\Setups & Installations\adwcleaner_7.2.4.0.exe [2018-11-02] (Malwarebytes)
Task: {EA292097-F74A-4EC4-93CC-AB0150DA7E94} - System32\Tasks\EasySpeedUpManager => Command(1): "%programfiles%\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe" -> /s
Task: {EA292097-F74A-4EC4-93CC-AB0150DA7E94} - System32\Tasks\EasySpeedUpManager => Command(2): C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {FE6CFEC2-1AC8-422C-AA96-00034BBCA7D1} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-03-03] (AO Kaspersky Lab)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-22 11:34 - 2013-04-15 11:49 - 000176128 _____ () C:\Windows\System32\HP1006LM.DLL
2010-11-10 22:26 - 2008-06-05 05:23 - 000026624 _____ () C:\Windows\System32\spd__l.dll
2015-10-22 11:34 - 2013-04-15 11:49 - 000059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1006PP.dll
2018-08-22 22:19 - 2018-08-22 22:19 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-03 09:16 - 2018-03-03 09:16 - 000836968 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 18.0.0\kpcengine.2.3.dll
2010-11-10 22:27 - 2010-04-21 05:15 - 000552960 _____ () C:\windows\system32\SnMinDrv.dll
2018-07-23 05:44 - 2018-07-23 05:44 - 000267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-01-04 09:43 - 2014-12-08 12:58 - 000627672 _____ () C:\Program Files\CyberLink\Power2Go8\CLMediaLibrary.dll
2014-12-08 15:28 - 2014-12-08 15:28 - 000016856 _____ () C:\Program Files\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-08-28 10:47 - 2018-08-28 10:47 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2018-08-28 10:47 - 2018-08-28 10:47 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2010-09-01 08:52 - 2006-08-12 09:18 - 000049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2430E4FC [132]
AlternateDataStreams: C:\ProgramData\Temp:268F887D [144]
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 [130]
AlternateDataStreams: C:\ProgramData\Temp:5C270C64 [280]
AlternateDataStreams: C:\ProgramData\Temp:6FB93194 [138]
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [126]
AlternateDataStreams: C:\ProgramData\Temp:8530A643 [250]
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8 [124]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [282]
AlternateDataStreams: C:\ProgramData\Temp:E7BA7168 [123]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-08-13 14:22 - 2018-10-28 10:48 - 000014609 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cnhv.co
127.0.0.1 coin-hive.com
127.0.0.1 coinhive.com
127.0.0.1 authedmine.com
127.0.0.1 api.jsecoin.com
127.0.0.1 load.jsecoin.com
127.0.0.1 server.jsecoin.com
127.0.0.1 miner.pr0gramm.com
127.0.0.1 minemytraffic.com
127.0.0.1 ppoi.org
127.0.0.1 projectpoi.com
127.0.0.1 crypto-loot.com
127.0.0.1 cryptaloot.pro
127.0.0.1 cryptoloot.pro
127.0.0.1 coinerra.com
127.0.0.1 coin-have.com
127.0.0.1 minero.pw
127.0.0.1 minero-proxy-01.now.sh
127.0.0.1 minero-proxy-02.now.sh
127.0.0.1 minero-proxy-03.now.sh
127.0.0.1 api.inwemo.com
127.0.0.1 rocks.io
127.0.0.1 adminer.com
127.0.0.1 ad-miner.com
127.0.0.1 jsccnn.com
127.0.0.1 jscdndel.com
127.0.0.1 coinhiveproxy.com
127.0.0.1 coinblind.com
127.0.0.1 coinnebula.com
127.0.0.1 monerominer.rocks

There are 449 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2838827301-4226670208-1364805098-1002\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2838827301-4226670208-1364805098-1003\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2838827301-4226670208-1364805098-1005\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A1136EBD-79A5-4580-A3E1-F27E9C5A005B}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{C5541A11-36BA-4DD9-A0A6-4DB0C693968C}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{AE72060E-5CCB-4769-A86F-B80804BD8C61}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{366AA7FA-828A-4AB9-9A4F-974C6F639E04}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{1384D098-0C10-4507-9366-98DFF7112281}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{D2A56739-C273-43B9-BB24-FB9323D0211A}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{14658010-4904-4822-AA86-532B49728AC5}] => (Allow) svchost.exe
FirewallRules: [{878FD25E-E37B-4F06-AC79-3E13E59936D6}] => (Allow) C:\Users\beenu\Downloads\Facemoods.exe
FirewallRules: [{481CD664-8FCF-46A8-B86A-434DFB3218BA}] => (Allow) C:\Users\beenu\Downloads\Facemoods.exe
FirewallRules: [{4E6145EC-4D7C-4808-A262-B6B20D3E96C8}] => (Allow) C:\Users\beenu\Downloads\Facemoods (3).exe
FirewallRules: [{608E0992-E33D-49D7-9E75-CF27AC3EB71B}] => (Allow) C:\Users\beenu\Downloads\Facemoods (3).exe
FirewallRules: [{3F479351-CAAE-47DA-A8FA-F43537BB63B0}] => (Allow) C:\Users\beenu\Downloads\Facemoods (1).exe
FirewallRules: [{F662A623-EC31-442E-A3A9-6C77C06E17CD}] => (Allow) C:\Users\beenu\Downloads\Facemoods (1).exe
FirewallRules: [{84AA14AA-DA02-42C2-B831-2C689B3A4C16}] => (Allow) C:\Users\beenu\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{D3B99D33-FD01-46B4-9CEB-EC50E3E57E1E}] => (Allow) C:\Users\User5\AppData\Local\Temp\7zS357F\HPDiagnosticCoreUI.exe
FirewallRules: [{7EBD79DF-7963-4B69-8E8A-64970FCA7336}] => (Allow) C:\Users\User5\AppData\Local\Temp\7zS357F\HPDiagnosticCoreUI.exe
FirewallRules: [{E0FD3912-E186-481F-8305-F9B23FA45E93}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B9DA4E48-65E1-4551-9247-0DA2E581D673}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01EF87F9-7685-45E3-A079-A0F8F4C22FD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A66193CD-AE40-413A-A68F-A398C2F0CA30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FE741628-3B87-4912-94FD-D2DE6DCA2747}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{45E973E7-5CB5-48A9-BA7A-597E563CD48E}] => (Allow) C:\Program Files\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
FirewallRules: [{8C410E8D-669B-4393-B095-50607F50D56E}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{283F6ED1-A215-45E2-A418-99A152904F0B}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [TCP Query User{5C1CFB3E-6C54-43E7-9DF3-C8BAA3ECD043}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Block) C:\program files\freedownloadmanager.org\free download manager\fdm.exe
FirewallRules: [UDP Query User{75CFB772-B645-4CF7-8FA0-D4169797C368}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Block) C:\program files\freedownloadmanager.org\free download manager\fdm.exe
FirewallRules: [{15963C7B-8913-4611-8455-513D159B9531}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3AAB2C39-131F-4A1F-85AB-29061AE30FC6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1C04F9A1-EFBE-48DA-9A6D-6BFC53338765}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{643EE28B-20A1-4D48-BB87-8AC47F427C6D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{5D5BCD31-AB3C-43B5-B88C-A1920AC4A0DF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{78C349DB-7641-4C0D-B2F0-0581EE986E49}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2F6FC747-9EAE-45D5-B469-2A6F988D2FA6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2018 02:19:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/31/2018 10:28:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8688912

Error: (10/31/2018 10:28:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8688912

Error: (10/31/2018 10:28:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/30/2018 04:22:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: malwarebytes_assistant.exe, version: 3.1.0.1614, time stamp: 0x5b9bcc2c
Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5b9bc256
Exception code: 0xc0000005
Fault offset: 0x00001538
Faulting process id: 0xf7c
Faulting application start time: 0x01d4703daf3667fc
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: e2cd8202-dc31-11e8-b9d2-002454d9d526

Error: (10/30/2018 04:22:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: malwarebytes_assistant.exe, version: 3.1.0.1614, time stamp: 0x5b9bcc2c
Faulting module name: malwarebytes_assistant.exe, version: 3.1.0.1614, time stamp: 0x5b9bcc2c
Exception code: 0xc0000005
Fault offset: 0x00061110
Faulting process id: 0x1478
Faulting application start time: 0x01d4703e3dbabb53
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
Report Id: e2d28b25-dc31-11e8-b9d2-002454d9d526

Error: (10/30/2018 04:22:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: malwarebytes_assistant.exe, version: 3.1.0.1614, time stamp: 0x5b9bcc2c
Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5b9bc256
Exception code: 0xc0000005
Fault offset: 0x001b91fe
Faulting process id: 0x4d0
Faulting application start time: 0x01d4703e2eb0df24
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: e2c592a4-dc31-11e8-b9d2-002454d9d526

Error: (10/30/2018 03:47:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\User1\AppData\Local\Temp\{1B4B6F6A-90AC-4E73-879F-EEE010C46542}\.be\DellOSRecoveryTool.exe -q -burn.elevated BurnPipe.{01031CD2-63F3-40D2-9A61-CAB158C0DA46} {003E7257-A15B-413D-869B-7154D94B8180} 4236; Description = Dell OS Recovery Tool; Error = 0x80070422).

System errors:
=============
Error: (11/02/2018 12:31:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (11/02/2018 12:29:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/02/2018 12:29:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wireless Modem Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/02/2018 12:29:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/02/2018 12:29:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/02/2018 12:29:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CrypKey License service terminated unexpectedly. It has done this 1 time(s).

Error: (11/02/2018 12:29:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2018 12:29:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N450 @ 1.66GHz
Percentage of memory in use: 73%
Total physical RAM: 2037.3 MB
Available physical RAM: 536.06 MB
Total Virtual: 4074.59 MB
Available Virtual: 2692.01 MB

==================== Drives ================================

Drive c: (CDrive) (Fixed) (Total:100.13 GB) (Free:62.09 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:59.99 GB) (Free:50.03 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:60.67 GB) (Free:54.64 GB) NTFS

\\?\Volume{d8a1d5f6-d071-11e7-bf50-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{d8a1d5fa-d071-11e7-bf50-806e6f6e6963}\ (SAMSUNG_REC) (Fixed) (Total:11.99 GB) (Free:1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 724C46C8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=120.7 GB) - (Type=05)
Partition 4: (Not Active) - (Size=12 GB) - (Type=27)

==================== End of Addition.txt ============================

#6 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 03 November 2018 - 06:33 AM

Helo addverma

I see that you have changed the names in the logs. You have 2 profiles loaded and no 'fixes' will work under these circumstances. Also, I asked that FRST be saved to the desktop which it is not.

We deal with thousands of people on these respected help forums and to my knowledge nobody's computer has ever been compromised by running the scans we ask for and leaving the results as they are.

If you're not willing to do this then I'm afraid I can't help to clean anything found as it just won't work.

If you decide to leave the logs untouched then please move FRST to your desktop and run it again but make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

If you decide that you'd rather not do that, please let me know.

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 06 November 2018 - 04:12 AM

Hi addverma

It has been several days since I sent my last reply regarding your computer problems.

Please let me know if you are having problems and still need help.

If I do not hear from you within 24 hours I'll assume that you don't want any more help and close this topic.

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#8 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 08 November 2018 - 03:27 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.htmland start a new topic

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Also tagged with one or more of these keywords: Crypto-mining, malware, Crypto

Malware Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Weird behavior on my pc Started by ba_jets , 29 Jan 2024 Malware, Virus	0 replies 176,169 views	ba_jets 29 Jan 2024
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Gaming computer keeps running extremely slow and keep getting repeated Started by ShaneA94 , 08 Nov 2023 Hacked, spyware, malware	0 replies 110,483 views	ShaneA94 08 Nov 2023
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 88,646 views	Noalch 11 Dec 2022
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 80,947 views	Noalch 11 Dec 2022
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Pop ups keep stealing my browser and shutting my computer down. Started by Patrick's Mom , 21 Apr 2021 malware	2 replies 51,638 views	Juliet 01 May 2021

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Body Background

skin color theme