Jump to content

Mayankjot

Members
  • Content Count

    5
  • Joined

  • Last visited

About Mayankjot

  • Rank
    New Member
  1. Hi, The malware are still showing up in the malwarebyte scan. I have attached fix log.I have also attached the results of the scan. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/16/19 Scan Time: 11:16 PM Log File: 06f1e922-0899-11ea-a1aa-6cc217776a8e.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.629 Update Package Version: 1.0.13359 License: Expired -System Information- OS: Windows 10 (Build 17134.1006) CPU: x64 File System: NTFS User: hp\November -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 425101 Threats Detected: 8 Threats Quarantined: 0 Time Elapsed: 17 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 8 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, No Action By User, [6818], [436606],1.0.13359 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, No Action By User, [6818], [436604],1.0.13359 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, No Action By User, [6818], [436611],1.0.13359 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, No Action By User, [6818], [436613],1.0.13359 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, No Action By User, [6818], [436606],1.0.13359 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, No Action By User, [6818], [436604],1.0.13359 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, No Action By User, [6818], [436611],1.0.13359 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, No Action By User, [6818], [436613],1.0.13359 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Fixlog.txt
  2. Hey, I have completed every step and yes my browser in synced with my mobile phones and tablet. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2019 Ran by November (administrator) on HP (Hewlett-Packard HP Pavilion 15 Notebook PC) (15-11-2019 22:45:54) Running from C:\Users\November\Desktop\New folder (2) Loaded Profiles: November (Available Profiles: Gurmeet singh & November & mayan) Platform: Windows 10 Pro Version 1803 17134.1006 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2018-12-02] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [316336 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [657704 2019-05-14] (Autodesk, Inc. -> Autodesk, Inc.) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> ) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-48790505-1987507193-3152163807-1002\...\Run: [Opera Browser Assistant] => C:\Users\November\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2771480 2019-11-13] (Opera Software AS -> Opera Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC) Startup: C:\Users\November\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IQTray.lnk [2018-11-26] ShortcutTarget: IQTray.lnk -> C:\Program Files (x86)\IQ Option\IQTray.exe (No File) GroupPolicy: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A6A3001-FD85-4CE3-8A66-856D089F5390} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.) Task: {10FE90AC-1DAE-46B1-BF57-7A3C4A97D071} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {16D48ED6-C709-46CE-B64A-96C1A6453A1E} - System32\Tasks\Opera scheduled Autoupdate 1539190011 => C:\Users\November\AppData\Local\Programs\Opera\launcher.exe [1534488 2019-11-05] (Opera Software AS -> Opera Software) Task: {16FBCF11-4A62-4FD7-87B4-0414251CDC77} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1423680 2019-11-03] (Microsoft Corporation -> Microsoft Corporation) Task: {187FF086-2A77-43E4-BF0A-E6F32A5F4775} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {1A6D4518-EF85-43EB-B723-52C531753302} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1905072 2019-09-18] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) Task: {24474649-F42A-437C-98EE-402B01365184} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114720 2019-11-03] (Microsoft Corporation -> Microsoft Corporation) Task: {2762DAAB-BC5A-4BCE-B8CB-258BA609C4FB} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2B8980BE-DB57-433B-909A-947E769AEE77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {2C8D3A66-F99B-48E7-BE98-1D14E2132231} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1423680 2019-11-03] (Microsoft Corporation -> Microsoft Corporation) Task: {31EC8858-77AB-40B3-8E8F-C635C616267C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe Task: {35CE5ADA-BABE-43A2-9FBA-D5C4AFE91F31} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1586296 2019-11-03] (Microsoft Corporation -> Microsoft Corporation) Task: {35D95489-581E-4E45-9370-7B7A0EDADF46} - System32\Tasks\update-S-1-5-21-48790505-1987507193-3152163807-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {397D94BA-A4E8-4CAB-B023-3266490F0834} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {413C69C3-6784-476F-BBF0-B7B72F29CF33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.) Task: {497D3BF9-8F31-44E5-BFD5-163573F3C679} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.) Task: {57043304-D34B-49A9-8A12-B92D947628C8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {584052AC-4B6C-45F1-9AD6-999FE03C5E7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [250232 2019-10-08] (HP Inc. -> HP Inc.) Task: {5A59753C-1771-410E-BA91-7A3E70898C4A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation) Task: {5B608BFF-925A-41CD-9AE3-D375E9CCBD1A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3487440 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {80CC9F1D-74B1-46B2-8D65-AF821D97D093} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3981232 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) Task: {81B60149-390D-48EA-B185-F5D4EEE6E796} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [58744 2019-06-14] (HP Inc. -> HP Inc.) Task: {8F568CF7-0FC3-4FF4-8A8B-A0E5BEC762C4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation) Task: {8F6F4359-496A-4300-A59A-EEA7C27CC569} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [696016 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9280D4C0-FDA4-4831-9B45-52495D85BC84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [145272 2019-10-31] (HP Inc. -> HP Inc.) Task: {97DC57E3-7AC5-4DB5-8B0C-0E7DC6D0F1EB} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle America, Inc. -> Oracle Corporation) Task: {98EE549B-C505-451E-9AF8-04885EE05898} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9D50CDE2-C7BC-4A6F-BE75-DE90982B965E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.) Task: {A0F38D9F-0DF6-4179-BA31-DDD5F741BC50} - System32\Tasks\Opera scheduled assistant Autoupdate 1547488941 => C:\Users\November\AppData\Local\Programs\Opera\launcher.exe [1534488 2019-11-05] (Opera Software AS -> Opera Software) Task: {A35B7F6B-7AF2-434B-8FA1-16E261B64B07} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: {A7D7432F-E180-4B5B-BFE1-410BBF1909FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {B253A044-3139-432E-BAB1-F97629D73FE9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855760 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B8EFD380-9E1D-4260-8C59-22A06B9613FB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855760 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C2629FE6-62EC-48A3-AC63-D8B2E01C08D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.) Task: {C9EDBD2D-72A2-4C5C-AA6C-FCB2C1FDCE4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.) Task: {DAFE7699-2F3D-4EEB-BF33-C1EAAABAB371} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E465C76B-58CE-404F-A2E5-69648D2FBF52} - System32\Tasks\HPCeeScheduleForNovember => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.) Task: {F1B223E2-4A6C-43F8-A6BB-0AD88B30354A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114720 2019-11-03] (Microsoft Corporation -> Microsoft Corporation) Task: {F724B15E-D13A-4C83-B919-353C43531B48} - System32\Tasks\HPCustParticipation HP DeskJet 4670 series => C:\Program Files\HP\HP DeskJet 4670 series\Bin\HPCustPartic.exe [6105096 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP) Task: {F8181F8C-958D-4EA9-AA59-AD0B45989A85} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [995024 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {FC6EAF8B-B9AA-4156-B261-BDFB7148DB2A} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [638536 2019-04-11] (Zemana D.O.O. Sarajevo -> Zemana Ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForNovember.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-48790505-1987507193-3152163807-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{43196acf-8cd3-405b-ac63-d00881d821b4}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{6f0c1e8d-102e-4a66-af14-d95e106361f1}: [DhcpNameServer] 192.168.30.1 Tcpip\..\Interfaces\{abf7b159-6ccb-4908-b0ee-b8f5166e28fc}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{dde5e2f0-b571-4cc1-9701-fc2597ec2e19}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{fd19e0f9-d2c2-4529-a51b-d46fe0fff336}: [DhcpNameServer] 192.168.100.1 Internet Explorer: ================== HKU\S-1-5-21-48790505-1987507193-3152163807-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-48790505-1987507193-3152163807-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\S-1-5-21-48790505-1987507193-3152163807-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-10.0.1\bin\ssv.dll => No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.1\bin\jp2ssv.dll [2018-07-16] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: 0dayxmwg.default FF ProfilePath: C:\Users\November\AppData\Roaming\Mozilla\Firefox\Profiles\0dayxmwg.default [2019-04-25] FF Extension: (Tecknity Cookies) - C:\Users\November\AppData\Roaming\Mozilla\Firefox\Profiles\0dayxmwg.default\Extensions\{92415ac9-584a-4f96-8042-61af270afb30}.xpi [2019-04-12] FF Extension: (Cookie-Editor) - C:\Users\November\AppData\Roaming\Mozilla\Firefox\Profiles\0dayxmwg.default\Extensions\{c3c10168-4186-445c-9c5b-63f12b8e2c87}.xpi [2019-04-12] FF Plugin: @java.com/DTPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\dtplugin\npDeployJava1.dll [2018-07-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\plugin2\npjp2.dll [2018-07-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @axissoft.co.kr/StarPlayer -> C:\Program Files (x86)\Axissoft\StarPlayerEx\npStarPlayer.dll [2017-09-05] (Axissoft) [File not signed] FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google Inc -> Google, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC) Chrome: ======= CHR Notifications: Default -> hxxps://unacademy.com CHR Profile: C:\Users\November\AppData\Local\Google\Chrome\User Data\Default [2019-11-15] CHR Extension: (Slides) - C:\Users\November\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-12] CHR Extension: (Honey) - C:\Users\November\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-11-15] CHR Extension: (CrackWatch) - C:\Users\November\AppData\Local\Google\Chrome\User Data\Default\Extensions\dechlkibpibjlaidpeniljjejncdhfpj [2019-05-06] CHR Extension: (VPN - Grab A Proxy - FREE) - C:\Users\November\AppData\Local\Google\Chrome\User Data\Default\Extensions\epiohmjifijenpabfpggbphmjinbhgnn [2019-01-26] CHR Extension: (Sheets) - C:\Users\November\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-12] CHR Extension: (EditThisCookie) - C:\Users\November\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-11-30] CHR Extension: (Grammarly for Chrome) - C:\Users\November\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-11-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\November\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-11] CHR Extension: (Chrome Media Router) - C:\Users\November\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-29] CHR Profile: C:\Users\November\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-28] CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1233272 2019-05-14] (Autodesk, Inc. -> Autodesk Inc.) R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [996928 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6133752 2019-11-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110560 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11642744 2019-10-25] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-09-21] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [360312 2019-10-14] (HP Inc. -> HP Inc.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359848 2017-07-01] (Intel Corporation - pGFX -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S3 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [217040 2019-04-10] (TEFINCOM S.A. -> ) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2018-12-02] (Realtek Semiconductor Corp -> Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5075696 2019-08-13] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-11-15] (Synaptics Incorporated -> Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [53904 2019-07-22] (HP Inc. -> HP) R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2019-11-15] (Zemana D.O.O. Sarajevo -> Copyright 2018.) R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37880 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [205600 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [275232 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [210328 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [65376 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16520 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.) R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [43512 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [171640 2019-11-02] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [111096 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [84560 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [848688 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [461216 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [236288 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317304 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [41104 2019-07-22] (HP Inc. -> HP) R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-14] (Intel(R) Smart Connect software -> ) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-18] (Malwarebytes Corporation -> Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_e0efc835034c6f93\nvlddmkm.sys [20371952 2018-11-14] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2018-12-02] (Realtek Semiconductor Corp -> Realtek ) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-11-15] (Synaptics Incorporated -> Synaptics Incorporated) R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (Hewlett-Packard Company -> HP Inc.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-05-03] (Zemana Ltd. -> Zemana Ltd.) S3 EnigmaFileMonDriver; \??\C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [X] S1 mqyfyyez; \??\C:\WINDOWS\system32\drivers\mqyfyyez.sys [X] S1 vqohirma; \??\C:\WINDOWS\system32\drivers\vqohirma.sys [X] S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-15 22:44 - 2019-11-15 22:45 - 000000000 ____D C:\Users\November\Desktop\New folder (2) 2019-11-14 20:25 - 2019-10-03 14:36 - 000355760 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2019-11-05 19:41 - 2019-11-05 19:41 - 000000000 ____D C:\Users\November\AppData\LocalLow\uTorrent 2019-10-27 07:47 - 2019-10-27 07:48 - 000030140 _____ C:\Users\November\Untitled.prproj 2019-10-27 07:30 - 2019-10-27 07:30 - 000001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2019.lnk 2019-10-27 07:30 - 2019-10-27 07:30 - 000000000 ____D C:\Program Files\Common Files\Adobe 2019-10-27 00:53 - 2019-10-27 00:53 - 000000000 ____D C:\New folder 2019-10-27 00:44 - 2019-10-27 07:30 - 000000000 ____D C:\Program Files\Adobe 2019-10-27 00:44 - 2019-10-27 00:44 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-10-27 00:38 - 2019-10-27 00:40 - 000000000 ____D C:\e4cff7ef7b729d050bda3811ac 2019-10-27 00:32 - 2019-11-15 07:36 - 000000000 ____D C:\Users\November\AppData\Local\Adobe 2019-10-27 00:32 - 2019-10-27 00:32 - 000000000 ____D C:\ProgramData\Adobe 2019-10-27 00:23 - 2019-10-27 00:23 - 000000000 ____D C:\Users\November\Desktop\video edit 2019-10-26 23:57 - 2019-10-27 00:21 - 1718502070 _____ C:\Users\November\Downloads\Adobe Premiere Pro CC 2019 v13.1.5.47 By SentMailapp.com.zip 2019-10-25 17:56 - 2019-10-25 17:56 - 000329430 _____ C:\Users\November\Documents\Scan2.pdf 2019-10-25 16:59 - 2019-10-25 16:59 - 000367435 _____ C:\Users\November\Documents\Scan1.pdf 2019-10-25 16:56 - 2019-10-25 16:56 - 000546080 _____ C:\Users\November\Documents\Scan.pdf 2019-10-18 14:17 - 2019-10-18 14:17 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-10-16 14:52 - 2019-10-16 14:52 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-10-16 14:52 - 2019-10-16 14:52 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-10-16 14:52 - 2019-10-16 14:52 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-10-16 14:52 - 2019-10-16 14:52 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-10-16 14:52 - 2019-10-16 14:52 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-10-16 14:52 - 2019-10-16 14:52 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-10-16 14:52 - 2019-10-16 14:52 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-10-16 14:52 - 2019-10-16 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-15 22:48 - 2019-05-03 02:14 - 000284423 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2019-11-15 22:48 - 2019-05-03 02:14 - 000223376 _____ C:\WINDOWS\ZAM.krnl.trace 2019-11-15 22:47 - 2019-06-07 20:18 - 000003886 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1547488941 2019-11-15 22:47 - 2019-05-12 19:03 - 000002850 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForNovember 2019-11-15 22:47 - 2019-05-12 19:03 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNovember.job 2019-11-15 22:47 - 2019-05-03 02:20 - 000002566 _____ C:\WINDOWS\system32\Tasks\AMHelper 2019-11-15 22:47 - 2019-04-19 17:08 - 000003088 _____ C:\WINDOWS\system32\Tasks\update-S-1-5-21-48790505-1987507193-3152163807-1002 2019-11-15 22:47 - 2019-04-19 17:08 - 000002840 _____ C:\WINDOWS\system32\Tasks\update-sys 2019-11-15 22:47 - 2019-04-19 17:08 - 000000400 _____ C:\WINDOWS\Tasks\update-sys.job 2019-11-15 22:47 - 2019-04-19 17:08 - 000000400 _____ C:\WINDOWS\Tasks\update-S-1-5-21-48790505-1987507193-3152163807-1002.job 2019-11-15 22:47 - 2018-11-12 17:37 - 000003626 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1539190011 2019-11-15 22:47 - 2018-11-12 17:37 - 000003408 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2019-11-15 22:47 - 2018-11-12 17:37 - 000003346 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{70821E19-B51A-4F17-931D-11E6C014388C} 2019-11-15 22:47 - 2018-11-12 17:37 - 000003310 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update 2019-11-15 22:47 - 2018-11-12 17:37 - 000003308 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2019-11-15 22:47 - 2018-11-12 17:37 - 000003184 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2019-11-15 22:47 - 2018-11-12 17:37 - 000002914 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-48790505-1987507193-3152163807-1005 2019-11-15 22:47 - 2018-11-12 17:37 - 000002912 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-48790505-1987507193-3152163807-1001 2019-11-15 22:47 - 2018-11-12 17:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2019-11-15 22:47 - 2018-04-12 05:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-11-15 22:46 - 2019-06-11 14:12 - 000000000 ____D C:\FRST 2019-11-15 21:50 - 2018-11-12 16:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-11-15 19:11 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-11-15 10:22 - 2018-04-12 05:08 - 000000000 ___HD C:\Program Files\WindowsApps 2019-11-15 10:10 - 2018-09-21 00:19 - 000000000 ____D C:\Users\November\AppData\Local\Packages 2019-11-15 08:01 - 2018-09-21 16:23 - 000000000 ____D C:\Users\November\AppData\Local\AVAST Software 2019-11-15 07:55 - 2017-06-30 15:37 - 000000000 ____D C:\ProgramData\Package Cache 2019-11-15 07:44 - 2019-01-15 23:33 - 000000000 ____D C:\Users\November\Downloads\opera autoupdate 2019-11-15 07:43 - 2019-05-03 02:20 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys 2019-11-15 07:42 - 2019-05-03 02:20 - 000000000 ____D C:\Users\November\AppData\Local\AMSDK 2019-11-15 07:39 - 2019-06-10 10:11 - 000000000 ____D C:\ProgramData\AVG 2019-11-15 07:33 - 2018-04-12 05:06 - 000000000 ____D C:\WINDOWS\INF 2019-11-15 07:31 - 2018-11-12 17:21 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-11-15 07:31 - 2017-11-15 08:58 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-11-15 07:31 - 2016-02-12 10:48 - 000000000 ___RD C:\Users\November\3D Objects 2019-11-15 07:31 - 2015-01-09 18:44 - 000000000 __SHD C:\Users\November\IntelGraphicsProfiles 2019-11-15 07:31 - 2014-10-23 23:43 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-11-15 07:30 - 2017-11-15 08:59 - 000000000 ____D C:\ProgramData\NVIDIA 2019-11-15 07:27 - 2019-06-10 10:20 - 000002006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk 2019-11-15 07:27 - 2019-06-10 10:20 - 000001994 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk 2019-11-15 07:27 - 2019-06-10 10:20 - 000001994 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk 2019-11-15 07:27 - 2018-11-12 16:57 - 000416592 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-11-15 07:26 - 2018-07-18 13:17 - 000000093 _____ C:\HaxLogs.txt 2019-11-15 07:25 - 2018-11-12 17:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-11-15 07:24 - 2018-11-12 17:06 - 000000000 ____D C:\Users\mayan 2019-11-15 07:24 - 2018-04-12 02:34 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2019-11-15 07:21 - 2018-04-12 14:50 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-11-15 07:21 - 2018-04-12 05:08 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2019-11-15 07:21 - 2018-04-12 05:08 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2019-11-15 07:21 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\TextInput 2019-11-15 07:21 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-11-15 07:21 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-11-15 07:21 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-11-15 07:21 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-11-15 07:21 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-11-15 07:21 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-11-15 07:21 - 2018-04-12 02:34 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-11-15 07:19 - 2018-09-21 16:18 - 000000000 ____D C:\Users\November\AppData\Roaming\uTorrent 2019-11-14 20:25 - 2018-04-12 05:08 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-11-11 00:31 - 2018-09-21 23:21 - 000000000 ____D C:\Users\November\AppData\Local\PlaceholderTileLogoFolder 2019-11-08 04:05 - 2017-12-10 15:31 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-11-08 04:05 - 2017-12-10 15:31 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-11-08 04:05 - 2017-12-10 15:31 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2019-11-07 22:09 - 2018-10-10 22:16 - 000001415 _____ C:\Users\November\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-11-05 19:41 - 2019-04-25 06:24 - 000000000 ____D C:\Users\November\AppData\Local\BitTorrentHelper 2019-11-05 14:58 - 2017-09-29 15:02 - 000000000 ____D C:\Program Files (x86)\Google 2019-11-03 22:55 - 2017-08-04 20:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-11-03 01:00 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-11-02 12:00 - 2019-10-03 14:36 - 000171640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2019-10-27 07:48 - 2018-11-12 17:06 - 000000000 ____D C:\Users\November 2019-10-27 07:41 - 2017-07-02 12:09 - 000000000 ____D C:\Users\November\AppData\Roaming\Adobe 2019-10-27 07:30 - 2016-12-22 19:27 - 000000000 ____D C:\Users\Public\Documents\Adobe 2019-10-27 07:30 - 2016-12-22 19:27 - 000000000 ____D C:\ProgramData\Documents\Adobe 2019-10-27 00:44 - 2018-11-12 17:46 - 000000000 ____D C:\Users\November\AppData\Local\D3DSCache 2019-10-25 17:55 - 2017-07-02 12:14 - 000000000 ____D C:\Users\November\AppData\Local\CrashDumps 2019-10-18 17:47 - 2019-09-28 18:36 - 000000000 ____D C:\Users\November\Desktop\Harpreet1 2019-10-18 14:17 - 2019-07-06 15:56 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys ==================== Files in the root of some directories ======== 2018-11-10 17:12 - 2019-03-19 14:10 - 006387208 _____ () C:\Users\November\AppData\Local\dump007.dat 2018-10-08 13:08 - 2018-10-08 13:08 - 000000002 _____ () C:\Users\November\AppData\Local\imw.ini 2018-06-11 18:56 - 2018-06-11 18:56 - 000000017 _____ () C:\Users\November\AppData\Local\resmon.resmoncfg 2019-04-19 17:08 - 2019-04-19 17:08 - 000000003 _____ () C:\Users\November\AppData\Local\updater.log 2019-04-19 17:08 - 2019-04-19 17:08 - 000000425 _____ () C:\Users\November\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Thanks&Regards Mayankjot Singh Addition.txt FRST.txt
  3. Hi, The trojan gets detected but I cannot remove it as when do remove it by Quarantine it and deleting them, they show off again in next scan. So can you please help remove these. I am attaching the results. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/15/19 Scan Time: 7:38 AM Log File: de01e802-074c-11ea-93f2-6cc217776a8e.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.629 Update Package Version: 1.0.13333 License: Expired -System Information- OS: Windows 10 (Build 17134.1006) CPU: x64 File System: NTFS User: hp\November -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 419085 Threats Detected: 8 Threats Quarantined: 0 Time Elapsed: 23 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 8 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, No Action By User, [6821], [436606],1.0.13333 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, No Action By User, [6821], [436604],1.0.13333 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, No Action By User, [6821], [436611],1.0.13333 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, No Action By User, [6821], [436613],1.0.13333 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, No Action By User, [6821], [436606],1.0.13333 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, No Action By User, [6821], [436604],1.0.13333 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, No Action By User, [6821], [436611],1.0.13333 Trojan.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, No Action By User, [6821], [436613],1.0.13333 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Thanks&Regards
  4. Sir this is file which was saved st my desktop. Please check and revert back Thanks & Regards Mayankjot Singhmbst-grab-results.zip
  5. Malware byte is not opening in my laptop. When I click at mbam.exe the program starts in task manager for just a second than gets closed. I tried running it as admin. but it is not working for me. Please help me some random website opens in my laptops browser while I am not using the browser or when I put my laptop o charging. Please I am desperate for help. Thanks&Regards Mayankjot Singh
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.