Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

all my browsers are hijacked by some snapdo search adware please help..


  • Please log in to reply
21 replies to this topic

#1 RobotiksFreak

RobotiksFreak

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 25 January 2016 - 01:31 PM

hi all my browsers have been hijacked and i have tried everything to the best of my knowledge to remove it and tried all sorts of Adware removers and deleted so many file and registries using different Adwares but the virus keeps coming back.......
ill attach some pictures to show how the virus looks like... 
You will see in the attached pictures that in the properties %SNF% keeps on appearing even if i delete it..
default search engine keeps on changing..
and then i looked up in this address "C:\ProgramData\Airtostrongs" and deleted this "Airtostrongs" folder completely but it reappeared..
Please help me with problem..
 
 
Thankyou

 

Attached File  Chrome1.jpg   59.71KB   1 downloads

Attached File  Chrome2.jpg   58.59KB   0 downloads

Attached File  Mozilla1.jpg   56.19KB   0 downloads

Attached File  Mozilla2.jpg   32.15KB   0 downloads

Attached File  Mozilla3.jpg   58.11KB   0 downloads

Attached File  Mozilla4.jpg   83.84KB   0 downloads

Attached File  Mozilla5.jpg   70.03KB   0 downloads

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RobotiksFreak

RobotiksFreak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 25 January 2016 - 02:22 PM

These are the files that i got from AdwCleaner after scanning and cleaning...

but its not solving my problem..

the adware gone for sometime and again it comes back

Attached Files



#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 25 January 2016 - 09:32 PM

Hello RobotiksFreak and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

 

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 4:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   41 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

=================================================================================

Please check all browsers for snap do  ;

Right click on the browser’s shortcut, then click Properties.

NOTE: We are showing Google Chrome, but the method is the same for Chrome, Firefox, Internet Explorer, Safari, and Microsoft Edge.

 

Ashampoo_Snap_2016.01.26_03h35m35s_001__

 

Once you’ve reached Properties —–> Shortcut (on the band at the top), then in the Target type field, Remove everythıng after.exe.

 

33adocy.jpg

And Apply > OK Enter. Restart browswer.

 

Hold the Start Key and R together. Write appwiz.cpl in the field, then click OK.

 

You are now in the Control Panel. Search around for snap do and suspicious-looking programs. Uninstall it/them.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 RobotiksFreak

RobotiksFreak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 26 January 2016 - 12:43 PM

Hi Yılmaz i have gone through all the four steps that you told me..

below are the required log files that you asked..

STEP 1: AdwCleaner[S1].txt...

 

# AdwCleaner v5.031 - Logfile created 26/01/2016 at 21:06:55

# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Tehseen Akhtar - TEHSEENAKHTAR
# Running from : C:\Users\Tehseen Akhtar\Desktop\adwcleaner_5.031.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Tehseen Akhtar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
 
***** [ Web browsers ] *****
 
[C:\Users\Tehseen Akhtar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : cdihkdldaicijakhchgojcokhpamkibi
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [966 bytes] ##########
 
STEP 2: JRT.txt...
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Tehseen Akhtar (Administrator) on Tue 01/26/2016 at 21:17:16.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Failed to delete: C:\Users\Tehseen Akhtar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TR5BESWN (Folder) 
Successfully deleted: C:\Program Files (x86)\prefs.js (File) 
Successfully deleted: C:\ProgramData\12859963819837726653 (Folder) 
Successfully deleted: C:\Users\Tehseen Akhtar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi (Folder) 
Successfully deleted: C:\Users\Tehseen Akhtar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1A8MW8JM (Folder) 
Successfully deleted: C:\Users\Tehseen Akhtar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHZSB9T4 (Folder) 
Successfully deleted: C:\Users\Tehseen Akhtar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z419ETG5 (Folder) 
Successfully deleted: C:\Users\Tehseen Akhtar\AppData\Roaming\appdataFr25.bin (File) 
 
 
 
Registry: 10 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/26/2016 at 21:20:57.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
STEP 3: ZHPCleaner.txt...
 

~ ZHPCleaner v2016.1.25.15 by Nicolas Coolman (2016/01/25)
~ Run by Tehseen Akhtar (Administrator)  (26/01/2016 21:25:56)
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Tehseen Akhtar\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Tehseen Akhtar\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (1)
[S] FOUND : Airtostrong  =>PUP.Optional.Salus
 
 
---\\  Browser internet (1)
FOUND data: HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs [C:\ProgramData\Airtostrong\BetaLax.dll]  =>PUP.Optional.Salus
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (9)
FOUND task: [AutoKMS] [C:\Windows\AutoKMS.exe]  =>HackTool.AutoKMS
FOUND task: [AutoKMSDaily] [C:\Windows\AutoKMS.exe]  =>HackTool.AutoKMS
FOUND task: [psv_An-Lux] [C:\ProgramData\Airtostrong\Strongtam.reg & del C:\ProgramData\Airtostrong\Strongtam.reg & SCHTASKS /Delete /TN psv_An-Lux /F,N/A,N/A,Enabled,Disabled,Stop On Battery Mode, No Start On Batteries,SYSTEM,Enabled,72:00:00,Sched (Not File) ]  =>PUP.Optional.Salus
FOUND task: [psv_BioLamtip] [C:\ProgramData\Airtostrong\La-Nix.reg & del C:\ProgramData\Airtostrong\La-Nix.reg & SCHTASKS /Delete /TN psv_BioLamtip /F,N/A,N/A,Enabled,Disabled,Stop On Battery Mode, No Start On Batteries,SYSTEM,Enabled,72:00:00,Schedu (Not File) ]  =>PUP.Optional.Salus
FOUND task: [psv_Lamtough] [C:\ProgramData\Airtostrong\Tamlam.reg & del C:\ProgramData\Airtostrong\Tamlam.reg & SCHTASKS /Delete /TN psv_Lamtough /F,N/A,N/A,Enabled,Disabled,Stop On Battery Mode, No Start On Batteries,SYSTEM,Enabled,72:00:00,Scheduli (Not File) ]  =>PUP.Optional.Salus
FOUND task: [psv_Quotefix] [C:\ProgramData\Airtostrong\Warmplus.reg & del C:\ProgramData\Airtostrong\Warmplus.reg & SCHTASKS /Delete /TN psv_Quotefix /F,N/A,N/A,Enabled,Disabled,Stop On Battery Mode, No Start On Batteries,SYSTEM,Enabled,72:00:00,Sche (Not File) ]  =>PUP.Optional.Salus
FOUND task: [psv_Saltstrong] [C:\ProgramData\Airtostrong\Lamcof.reg & del C:\ProgramData\Airtostrong\Lamcof.reg & SCHTASKS /Delete /TN psv_Saltstrong /F,N/A,N/A,Enabled,Disabled,Stop On Battery Mode, No Start On Batteries,SYSTEM,Enabled,72:00:00,Sche (Not File) ]  =>PUP.Optional.Salus
FOUND task: [AutoKMS] [C:\Windows\Tasks\AutoKMS.job]  =>HackTool.AutoKMS
FOUND task: [AutoKMSDaily] [C:\Windows\Tasks\AutoKMSDaily.job]  =>HackTool.AutoKMS
 
 
---\\  Explorer ( File, Folder) (36)
FOUND file: C:\ProgramData\Airtostrong\Airtostrong.exe    =>PUP.Optional.Salus
FOUND file: C:\Windows\AutoKMS.exe [CODYQX4 - AutoKMS]  =>HackTool.AutoKMS
FOUND file: C:\Windows\Tasks\AutoKMS.job    =>HackTool.AutoKMS
FOUND file: C:\Windows\Tasks\AutoKMSDaily.job    =>HackTool.AutoKMS
FOUND file: C:\Windows\Prefetch\APPLICATIONHOSTING.EXE-FB37AC79.pf    =>PUP.Optional.ApplicationHosting
FOUND file: C:\Windows\Prefetch\AUTOKMS.EXE-601AC3B6.pf    =>HackTool.AutoKMS
FOUND file: C:\Users\Tehseen Akhtar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage    =>PUP.Optional.SmartBar
FOUND file: C:\Users\Tehseen Akhtar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal    =>PUP.Optional.SmartBar
FOUND file: C:\Windows\KMSEmulator.exe [ - Local KMS Host]  =>HackTool.AutoKMS
FOUND folder: C:\Program Files (x86)\IncludeFoobar  =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\Airtostrong\Airtostrong.d.dat    =>PUP.Optional.Salus
FOUND file: C:\ProgramData\Airtostrong\Airtostrong.dat    =>PUP.Optional.Salus
FOUND file: C:\ProgramData\Airtostrong\conf.config    =>PUP.Optional.Salus
FOUND file: C:\ProgramData\Airtostrong\Config.xml    =>PUP.Optional.Salus
FOUND file: C:\ProgramData\Airtostrong\confpro.config    =>PUP.Optional.Salus
FOUND file: C:\ProgramData\Airtostrong\La-Nix.reg    =>PUP.Optional.Salus
FOUND file: C:\ProgramData\Airtostrong\PrxCfg.xml    =>PUP.Optional.Salus
FOUND file: C:\ProgramData\Airtostrong\Una-Top.dat    =>PUP.Optional.Salus
FOUND file: C:\ProgramData\Airtostrongs\ff.HP    =>PUP.Optional.Salus
FOUND file: C:\ProgramData\Airtostrongs\ff.NT    =>PUP.Optional.Salus
FOUND folder: C:\ProgramData\Airtostrong\ondemand  =>PUP.Optional.Salus
FOUND folder: C:\ProgramData\Airtostrong\temp  =>PUP.Optional.Salus
FOUND folder: C:\ProgramData\Airtostrong  =>PUP.Optional.Salus
FOUND folder: C:\ProgramData\Airtostrongs  =>PUP.Optional.Salus
FOUND folder: C:\Users\Tehseen Akhtar\AppData\Local\{09B3D647-515F-47EB-9EB0-A0DB7F5C78E6}  =>Empty
FOUND folder: C:\Users\Tehseen Akhtar\AppData\Local\{0DB7E3DF-9DC8-4409-B6C0-34BDAF27C8E2}  =>Empty
FOUND folder: C:\Users\Tehseen Akhtar\AppData\Local\{245DC4AC-D49F-47CE-A176-00C3D70B8D02}  =>Empty
FOUND folder: C:\Users\Tehseen Akhtar\AppData\Local\{A15D27E8-089E-454A-8FFB-94AF5B36CA5D}  =>Empty
FOUND folder: C:\Users\Tehseen Akhtar\AppData\Local\{F1A616E4-1164-40AD-830B-CC4A0E547CE3}  =>Empty
FOUND folder: C:\Windows\Installer\MSI7778.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSI916F.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIEDE4.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIF5E0.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIF70A.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIF7E5.tmp-  =>Empty
FOUND folder: C:\Windows\Installer\MSIF8EF.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (6)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Airtostrong [C:\ProgramData\Airtostrong\Airtostrong.exe]  =>PUP.Optional.Salus
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{5A639417-4750-4946-9EC8-D94425A14C8A} [EXsstraCouopone]  =>PUP.Optional.ExtraCoupon
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{962FA06A-A1D5-470C-8736-C5A8CC190856} [DigIoCCouupoN]  =>PUP.Optional.DiGiCoupon
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caMyciloP.exe []  =>PUP.Optional.caMycilo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\mtAirtostrong []  =>PUP.Optional.Salus
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
 
 
---\\  Summary of the elements found (9)
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.ApplicationHosting
http://www.nicolascoolman.fr/?p=308  =>PUP.Optional.SmartBar
http://www.nicolascoolman.fr/?p=1402  =>PUP.Optional.Multiplug
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.ExtraCoupon
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.DiGiCoupon
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.caMycilo
 
 
---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 84223
~ Items found : 58
~ Items cancelled : 0
~ Items repaired : 0
 
 
~ End of search in 00h11mn21s
===================
ZHPCleaner-[S]-26012016-21_37_17.txt
 
STEP 4: zoek-results.txt... 

 

Attached File  zoek-results.txt   27.88KB   4 downloads



#5 RobotiksFreak

RobotiksFreak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 26 January 2016 - 12:51 PM

Well My friend the problem is still there.............

snap do everywhere..

in mozila, internet explorer and in chrome.......

please help me........



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 26 January 2016 - 02:40 PM

Please,you have to be patient.

 

Step 1:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.
:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 RobotiksFreak

RobotiksFreak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 28 January 2016 - 02:38 PM

STEP 1: MBAM LOG FILE...

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/28/2016
Scan Time: 10:30 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.28.04
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tehseen Akhtar
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 443219
Time Elapsed: 47 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 2
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, 5960, Delete-on-Reboot, [24e05fe0d7c29e9813be626d5aa7f808]
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, 4476, Delete-on-Reboot, [24e05fe0d7c29e9813be626d5aa7f808]
 
Modules: 4
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Zimfan.dll, Delete-on-Reboot, [b54f7dc206937db9a4c914c11ee3c43c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Zimfan.dll, Delete-on-Reboot, [b54f7dc206937db9a4c914c11ee3c43c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Zimfan.dll, Delete-on-Reboot, [b54f7dc206937db9a4c914c11ee3c43c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Zimfan.dll, Delete-on-Reboot, [b54f7dc206937db9a4c914c11ee3c43c], 
 
Registry Keys: 26
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE, Quarantined, [24e05fe0d7c29e9813be626d5aa7f808], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE, Quarantined, [24e05fe0d7c29e9813be626d5aa7f808], 
PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, Quarantined, [fd07ed529ffa94a28fbfbe449e66fe02], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Alphasolotone, Delete-on-Reboot, [877da29d1c7d9f97e3d7111e897b659b], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_An-Lux, Delete-on-Reboot, [e51f77c86d2cc175942681ae07fd817f], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_BioLamtip, Delete-on-Reboot, [48bcfb440990181e427876b935cf7f81], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Donhome, Delete-on-Reboot, [39cb75cae3b62b0bbcfe7ab5f90bc13f], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Groovestock, Delete-on-Reboot, [04005ae52c6d3afca614b9762bd9a65a], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_HotSing, Delete-on-Reboot, [e81c370820791c1a00ba50df798bed13], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Jayzap, Delete-on-Reboot, [fa0ab28d4a4f4ee89327d956ce36d32d], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Lalux, Delete-on-Reboot, [739140ff7d1c48eeae0c42edf80c6c94], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Lamtough, Delete-on-Reboot, [669e72cd7920162048727bb4ab59fe02], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Medlam, Delete-on-Reboot, [a262a39c3663e05629912f0048bcba46], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Physsanwarm, Delete-on-Reboot, [57addc633366ff3767534ae511f3a65a], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Quostrong, Delete-on-Reboot, [23e1c07f24754beb66543af56e969967], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Quotefix, Delete-on-Reboot, [63a1a699fe9b043219a1b47bed17a759], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Ranhold, Delete-on-Reboot, [50b47cc396038bab9b1fd659b74d35cb], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Saltstrong, Delete-on-Reboot, [c440c47beaaf3cfafcbed15eda2a857b], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Stimstock, Delete-on-Reboot, [48bc4af564357fb7d4e669c6020218e8], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_ZoneStattax, Delete-on-Reboot, [aa5aac93eeab0c2a14a6101fa16340c0], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_ZoomTois, Delete-on-Reboot, [b84c8cb3534685b14e6cb17e40c49b65], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, Quarantined, [699bdc63732676c09708e41caa5a4fb1], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, Quarantined, [46bed76828719f97e5a23e75f50e12ee], 
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, Quarantined, [679d46f9ecadbb7bcdd223dd4cb89769], 
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Quarantined, [e71d3e01f1a8b58179c3f6e970920ef2], 
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, Quarantined, [798ba59a6e2bdc5a210f6f7618eaa957], 
 
Registry Values: 8
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, Quarantined, [46bed76828719f97e5a23e75f50e12ee]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}, Quarantined, [0ff556e928715fd7ccbca80bd72c827e]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}, Quarantined, [679df24d7524d85e65243380bd46ad53]
PUP.Optional.Linkury, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=PK&userid=5539f56b-4e66-a9b5-58a7-ce5085e9ce2a&searchtype=sc&installDate=26/01/2016&barcodeid=50045888&channelid=888&av=windows, Quarantined, [689c63dc9bfe83b3e148dbfca261fc04]
PUP.Optional.Linkury, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\ENVIRONMENT|SNF, C:\ProgramData\Airtostrongs\snp.sc, Quarantined, [21e374cbd3c63204bf69aa2dc43ffc04]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, Quarantined, [798ba59a6e2bdc5a210f6f7618eaa957]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}, Quarantined, [58ac0f301782f34396ef664d27dc718f]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}, Quarantined, [9a6aa29de7b2e056e4a24172f50e5fa1]
 
Registry Data: 9
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Airtostrong\Zimfan.dll, Good: (), Bad: (C:\ProgramData\Airtostrong\Zimfan.dll),Replaced,[b54f7dc206937db9a4c914c11ee3c43c]
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Airtostrong\Medzunla.dll, Good: (), Bad: (C:\ProgramData\Airtostrong\Medzunla.dll),Replaced,[5da739066b2ea98daf7eb026d42d13ed]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[5ea61c23623756e091b0bb0dba4aee12]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwWqnfbduYY460MhfAaStHD5kEo7__a8bWK3qXVQLnk3jA7djpcXBw7xKrwa7EfI0He98LSen5Moyakjho5rKvThuhpUoSw,, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwWqnfbduYY460MhfAaStHD5kEo7__a8bWK3qXVQLnk3jA7djpcXBw7xKrwa7EfI0He98LSen5Moyakjho5rKvThuhpUoSw,),Replaced,[fa0a4bf4a7f27cba0636f9cff70d04fc]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}),Replaced,[ce3676c9afea2e0851eaefd9d82cec14]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}),Replaced,[9f65b8877f1a42f4ac8fae1aec18ec14]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}),Replaced,[12f2b887613887af60dbc40407fd21df]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwl3H5Tm-BZ09ny6W5Zh-OiKMvVcLpRdh4YPFx9SUEGIabA_caQNlQRRtf0cnlt44s5yMGAVr53hL0k7mUPniMaTPtGshy8,&q={searchTerms}),Replaced,[17edb08f5643fc3a89b4a32527ddf10f]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[84806ed12178e353af8fe9df33d156aa]
 
Folders: 1
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs, Quarantined, [5ca83e01b0e984b2fe338e4dc1414bb5], 
 
Files: 37
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, Delete-on-Reboot, [24e05fe0d7c29e9813be626d5aa7f808], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Zimfan.dll, Delete-on-Reboot, [b54f7dc206937db9a4c914c11ee3c43c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Medzunla.dll, Quarantined, [5da739066b2ea98daf7eb026d42d13ed], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Bamtam.exe, Quarantined, [ec1843fc950493a3690354813ac79769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Istouch.exe, Quarantined, [cb3984bb0d8c6fc7dd91ebeacb369e62], 
PUP.Optional.Linkury.ShrtCln, C:\Program Files\Common Files\a53ioj5j.exe, Quarantined, [3dc74ff0adec9a9c379a6e61778a2ed2], 
PUP.Optional.Linkury.ShrtCln, C:\Program Files\Common Files\aihlje20.exe, Quarantined, [e71d81beebaee74fb61bae21ad5453ad], 
PUP.Optional.Linkury.ShrtCln, C:\Program Files\Common Files\ik4bj2iq.exe, Quarantined, [cc389aa5990074c2646da12eb64bfc04], 
Trojan.Agent.MSIL, C:\Windows\System32\config\systemprofile\AppData\Local\Inchwarm, Quarantined, [42c2003fedac979f70b0f5dca25f847c], 
CrackTool.Agent.Keygen, C:\Windows\AutoKMS.exe, Quarantined, [64a040ff9affef47c333ced151b01fe1], 
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, Quarantined, [2dd7320d40596fc7e7637a9225dd49b7], 
PUP.Optional.Linkury.ShrtCln, C:\Users\Tehseen Akhtar\AppData\Roaming\Mozilla\Firefox\Profiles\679xqcvx.default-1453446804802\searchplugins\findit.xml, Quarantined, [947087b8584196a0cc278133eb18dc24], 
PUP.Optional.Linkury.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml, Quarantined, [788cf8470c8d9e98b63e664e02019769], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Alphasolotone, Quarantined, [04009aa59dfc0432506728077094d62a], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_An-Lux, Quarantined, [d72d63dc67320b2b585f62cd1be959a7], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_BioLamtip, Quarantined, [c83c43fcf1a8201611a67db2ec18ca36], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Donhome, Quarantined, [778d46f9e3b6b87ed0e70e2149bb768a], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Groovestock, Quarantined, [996b98a750491422d4e3b67906fe619f], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_HotSing, Quarantined, [59abd9668e0b39fd8631250a4fb51be5], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Jayzap, Quarantined, [80843f008415ba7cfbbc70bf699b9868], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Lalux, Quarantined, [33d17cc39aff290d06b1bf707e869769], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Lamtough, Quarantined, [fa0a0a351f7afc3a4e697eb1a163a060], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Medlam, Quarantined, [9a6a043babeeaf877641a08f689cf20e], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Physsanwarm, Quarantined, [a95bb38ccecbb3832394002f20e47a86], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Quostrong, Quarantined, [e81c52ed079265d1288f30ff60a49c64], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Quotefix, Quarantined, [2dd71926861363d3feb91c134aba4fb1], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Ranhold, Quarantined, [cc38ca758c0dd85ea71065cafc08c53b], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Saltstrong, Quarantined, [c440bd8234656ec8348341eefc088d73], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_Stimstock, Quarantined, [2ada2619bcdd0a2ce8cf7bb4e61e7789], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_ZoneStattax, Quarantined, [c242251acacf7eb86255d25dcb3912ee], 
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_ZoomTois, Quarantined, [030153ecbfdabb7bb106ad82679de917], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.HP, Quarantined, [5ca83e01b0e984b2fe338e4dc1414bb5], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.NT, Quarantined, [5ca83e01b0e984b2fe338e4dc1414bb5], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\snp.sc, Quarantined, [5ca83e01b0e984b2fe338e4dc1414bb5], 
PUP.Optional.Linkury.ShrtCln, C:\Users\Tehseen Akhtar\AppData\Roaming\Mozilla\Firefox\Profiles\679xqcvx.default-1453446804802\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "C:\\ProgramData\\Airtostrongs\\ff.NT");), Replaced,[a65e023d0099f343f03ea44b33d16898]
PUP.Optional.FindIt, C:\Users\Tehseen Akhtar\AppData\Roaming\Mozilla\Firefox\Profiles\679xqcvx.default-1453446804802\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "findit");), Replaced,[16ee83bc5445f640db23ac441ee60ef2]
PUP.Optional.Linkury.ShrtCln, C:\Users\Tehseen Akhtar\AppData\Roaming\Mozilla\Firefox\Profiles\679xqcvx.default-1453446804802\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "C:\\ProgramData\\Airtostrongs\\ff.HP), Replaced,[dd27d56a019878be373eb83fdc2802fe]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
STEP 2: ComboFix.txt...
 
ComboFix 16-01-24.01 - Tehseen Akhtar 01/28/2016  23:44:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5300 [GMT 5:00]
Running from: c:\users\Tehseen Akhtar\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-12-28 to 2016-01-28  )))))))))))))))))))))))))))))))
.
.
2016-01-28 19:00 . 2016-01-28 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-28 18:34 . 2016-01-28 18:34 -------- d-----w- C:\OneDriveTemp
2016-01-28 17:21 . 2016-01-28 18:33 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-28 17:21 . 2016-01-28 17:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-01-28 17:21 . 2016-01-28 17:21 -------- d-----w- c:\programdata\Malwarebytes
2016-01-28 17:21 . 2015-10-05 04:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-01-28 17:21 . 2015-10-05 04:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-01-28 17:21 . 2015-10-05 04:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-01-28 14:25 . 2015-06-24 09:00 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B015A08-8CCB-4E7D-A79E-F3DB020D3BEE}\gapaengine.dll
2016-01-28 14:25 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21B18C5D-E75E-46B9-9766-7EABFF104680}\mpengine.dll
2016-01-27 07:55 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-01-26 17:32 . 2016-01-28 18:28 -------- d-----w- c:\programdata\Airtostrong
2016-01-26 17:28 . 2016-01-26 17:28 -------- d-----w- c:\program files\Common Files\0zvvliuo
2016-01-26 17:26 . 2016-01-26 17:26 -------- d-----w- c:\programdata\IDM
2016-01-26 17:22 . 2016-01-26 16:55 24064 ----a-w- c:\windows\zoek-delete.exe
2016-01-26 17:22 . 2016-01-28 19:02 -------- d-----w- c:\users\Tehseen Akhtar\AppData\Local\Temp
2016-01-26 17:11 . 2016-01-26 17:11 -------- d-----w- c:\program files\Common Files\0tnyrpjf
2016-01-26 16:55 . 2016-01-26 17:23 -------- d-----w- C:\zoek_backup
2016-01-26 16:25 . 2016-01-26 16:37 -------- d-----w- c:\users\Tehseen Akhtar\AppData\Roaming\ZHP
2016-01-26 16:06 . 2016-01-26 16:09 -------- d-----w- C:\AdwCleaner
2016-01-22 15:47 . 2016-01-22 15:47 -------- d-----w- c:\program files\Common Files\fvwll03m
2016-01-22 14:47 . 2016-01-22 14:47 -------- d-----w- c:\program files\Common Files\3jklaqyg
2016-01-20 15:32 . 2016-01-20 15:32 -------- d-----w- c:\program files (x86)\QuickTime
2016-01-20 14:34 . 2016-01-20 15:24 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2016-01-20 14:34 . 2016-01-20 14:34 -------- d-----w- c:\program files (x86)\Adware Removal Tool by TSA
2016-01-14 06:18 . 2015-11-17 01:08 792064 ----a-w- c:\windows\system32\generaltel.dll
2016-01-14 06:17 . 2015-12-08 17:58 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-01-14 06:13 . 2015-12-08 21:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-01-14 06:13 . 2015-12-08 19:07 879104 ----a-w- c:\windows\system32\advapi32.dll
2016-01-14 06:13 . 2015-12-08 21:52 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-01-14 06:13 . 2015-12-08 19:07 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-01-14 06:09 . 2015-12-30 18:54 6656 ----a-w- c:\windows\system32\apisetschema.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-20 08:15 . 2015-03-28 21:10 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-20 08:15 . 2011-07-16 06:05 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-16 06:30 . 2014-12-19 16:00 143671360 ----a-w- c:\windows\system32\MRT.exe
2015-12-30 18:37 . 2016-01-14 06:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-09 08:59 . 2015-12-09 08:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-12-09 08:59 . 2015-12-09 08:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-11-20 18:54 . 2015-12-09 10:29 2609152 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-09 10:29 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-09 10:29 37888 ----a-w- c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-09 10:29 36864 ----a-w- c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-09 10:29 3170304 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-09 10:29 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-09 10:29 709632 ----a-w- c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-09 10:29 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-09 10:29 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-09 10:29 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-11-20 18:54 . 2015-12-09 10:29 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-20 18:34 . 2015-12-09 10:29 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-09 10:29 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-09 10:29 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 10:29 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-09 10:29 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-11 18:53 . 2015-12-09 10:29 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-11-11 18:53 . 2015-12-09 10:29 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-11-11 18:39 . 2015-12-09 10:29 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-11-11 18:39 . 2015-12-09 10:29 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-11-10 18:55 . 2015-12-09 10:29 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-11-10 18:55 . 2015-12-09 10:29 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-11-10 18:55 . 2015-12-09 10:29 1008640 ----a-w- c:\windows\system32\user32.dll
2015-11-10 18:39 . 2015-12-09 10:29 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-11-10 18:37 . 2015-12-09 10:29 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-11-05 19:05 . 2015-12-09 10:29 17408 ----a-w- c:\windows\system32\wshrm.dll
2015-11-05 19:02 . 2015-12-09 10:29 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2015-11-05 19:02 . 2015-12-09 10:29 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-05 19:00 . 2015-12-09 10:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-05 09:53 . 2015-12-09 10:29 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-11-03 19:04 . 2015-12-09 10:29 802304 ----a-w- c:\windows\system32\usp10.dll
2015-11-03 19:04 . 2015-12-09 10:24 241664 ----a-w- c:\windows\system32\els.dll
2015-11-03 18:56 . 2015-12-09 10:29 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2015-11-03 18:55 . 2015-12-09 10:24 179712 ----a-w- c:\windows\SysWow64\els.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"OneDrive"="c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-12-15 551112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-10-21 60688]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-10-21 61200]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2015-10-21 103696]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-12-26 3886672]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-12-16 50385536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-11-22 1444880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-6-17 1333024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Airtostrong;Airtostrong;c:\programdata\\Airtostrong\\Airtostrong.exe;c:\programdata\\Airtostrong\\Airtostrong.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
R2 orodzctdogdownlpad;Mathdonity;c:\users\Tehseen Akhtar\AppData\Local\Y-fan.exe dowuloadup orodzctdogdownlpad;c:\users\Tehseen Akhtar\AppData\Local\Y-fan.exe dowuloadup orodzctdogdownlpad [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Generalusbserialser20678;ZTEMT Legacy Serial Communication 20678;c:\windows\system32\DRIVERS\CT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_U_USBSER.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Evo 3G\bin\MonServiceUDisk.exe;c:\program files\Evo 3G\bin\MonServiceUDisk.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-15 16:17 1006920 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-28 08:15]
.
2016-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 10:30]
.
2016-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 10:30]
.
2016-01-08 c:\windows\Tasks\HPCeeScheduleForTehseen Akhtar.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 04:51]
.
2016-01-02 c:\windows\Tasks\HPCeeScheduleForTEHSEENAKHTAR$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 04:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-11-04 09:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-11-04 09:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-11-04 09:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-10 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-10 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-10 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-07 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-09 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\system32\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Tehseen Akhtar\AppData\Roaming\Mozilla\Firefox\Profiles\679xqcvx.default-1453446804802\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4247437007-4202060821-2407958243-1000_Classes\Wow6432Node\CLSID\{55e20fc5-268c-4dae-b83e-6e4486da9435}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000155
"Therad"=dword:00000017
.
[HKEY_USERS\S-1-5-21-4247437007-4202060821-2407958243-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d7,6e,4d,71,c8,90,b4,9e,90,de,a5,a7,7a,c7,d6,20,3b,ce,39,76,c1,
   24,58,bb,06,78,ad,40,d5,2c,33,09,1d,ef,8d,63,b3,26,6a,47,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-01-29  00:21:39
ComboFix-quarantined-files.txt  2016-01-28 19:21
.
Pre-Run: 399,267,741,696 bytes free
Post-Run: 398,717,554,688 bytes free
.
- - End Of File - - FFB674AEC0AA96C1119C6204A0B576EE
 

 



#8 RobotiksFreak

RobotiksFreak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 28 January 2016 - 02:53 PM

Hi Yılmaz  after going through the two steps above i think the problem is solved.

No issues seen so far..

how ever there is a suspicious folder in my drive C:

ill attach an image.

Attached Files



#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 28 January 2016 - 04:02 PM

Hi Yılmaz  after going through the two steps above i think the problem is solved.

No issues seen so far..

how ever there is a suspicious folder in my drive C:

ill attach an image.

No. There are some  viruses  still  on the PC. But, no problem. Because,we will delete all them
=============================================================================

Please Delete:

c:\program files (x86)\Adware Removal Tool by TSA

==================================================================================

 

Step1:

:Run CFScript:

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Step2:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Step3:

Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
  • Also a log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

Attached File  CFScript.txt   759bytes   6 downloads


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 RobotiksFreak

RobotiksFreak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 29 January 2016 - 11:00 AM

Hi again Yılmaz...

 

STEP 1: ComboFix.txt...

 

ComboFix 16-01-24.01 - Tehseen Akhtar 01/29/2016  16:06:01.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5746 [GMT 5:00]
Running from: c:\users\Tehseen Akhtar\Desktop\ComboFix.exe
Command switches used :: c:\users\Tehseen Akhtar\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\0tnyrpjf"
"c:\program files\Common Files\3jklaqyg"
"c:\program files\Common Files\fvwll03m"
"c:\programdata\\Airtostrong\\Airtostrong.exe;c:\programdata\\Airtostrong\\Airtostrong.exe"
"c:\users\Tehseen Akhtar\AppData\Local\Y-fan.exe dowuloadup orodzctdogdownlpad"
"c:\users\Tehseen Akhtar\AppData\Local\Y-fan.exe dowuloadup"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Airtostrong
c:\programdata\Airtostrong\Airtostrong.d.dat
c:\programdata\Airtostrong\Airtostrong.dat
c:\programdata\Airtostrong\Bamtam.exe.config
c:\programdata\Airtostrong\conf.config
c:\programdata\Airtostrong\Config.xml
c:\programdata\Airtostrong\confpro.config
c:\programdata\Airtostrong\Dannix.bin
c:\programdata\Airtostrong\Greenqvoing.dat
c:\programdata\Airtostrong\Istouch.exe.config
c:\programdata\Airtostrong\Jaysunhome.bin
c:\programdata\Airtostrong\Joblax.bin
c:\programdata\Airtostrong\Joblax.bin.bck
c:\programdata\Airtostrong\Lightsolcore.bin
c:\programdata\Airtostrong\md.xml
c:\programdata\Airtostrong\Pluskix.bin
c:\programdata\Airtostrong\PrxCfg.xml
c:\programdata\Airtostrong\Ranfax.dat
c:\programdata\Airtostrong\SonDubtip.bin
c:\programdata\Airtostrong\SonDubtip.bin.bck
c:\programdata\Airtostrong\uninstall.dat
c:\programdata\Airtostrong\Zimity.bin
c:\programdata\Airtostrong\Zimity.bin.bck
c:\users\Tehseen Akhtar\AppData\Roaming\ZHP
c:\users\Tehseen Akhtar\AppData\Roaming\ZHP\Tempo.txt
c:\users\Tehseen Akhtar\AppData\Roaming\ZHP\Trace.txt
c:\users\Tehseen Akhtar\AppData\Roaming\ZHP\ZHPCleaner-[S]-26012016-21_37_17.txt
c:\users\Tehseen Akhtar\AppData\Roaming\ZHP\ZHPCleaner.exe
c:\users\Tehseen Akhtar\AppData\Roaming\ZHP\ZHPCleaner.txt
c:\users\Tehseen Akhtar\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Airtostrong
-------\Service_orodzctdogdownlpad
.
.
(((((((((((((((((((((((((   Files Created from 2015-12-28 to 2016-01-29  )))))))))))))))))))))))))))))))
.
.
2016-01-29 11:13 . 2016-01-29 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-29 10:46 . 2016-01-29 10:46 -------- d-----w- C:\OneDriveTemp
2016-01-28 17:21 . 2016-01-29 11:15 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-28 17:21 . 2016-01-28 17:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-01-28 17:21 . 2016-01-28 17:21 -------- d-----w- c:\programdata\Malwarebytes
2016-01-28 17:21 . 2015-10-05 04:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-01-28 17:21 . 2015-10-05 04:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-01-28 17:21 . 2015-10-05 04:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-01-28 14:25 . 2015-06-24 09:00 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B015A08-8CCB-4E7D-A79E-F3DB020D3BEE}\gapaengine.dll
2016-01-28 14:25 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21B18C5D-E75E-46B9-9766-7EABFF104680}\mpengine.dll
2016-01-27 07:55 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-01-26 17:28 . 2016-01-26 17:28 -------- d-----w- c:\program files\Common Files\0zvvliuo
2016-01-26 17:26 . 2016-01-26 17:26 -------- d-----w- c:\programdata\IDM
2016-01-26 17:22 . 2016-01-26 16:55 24064 ----a-w- c:\windows\zoek-delete.exe
2016-01-26 17:22 . 2016-01-29 11:15 -------- d-----w- c:\users\Tehseen Akhtar\AppData\Local\Temp
2016-01-26 17:11 . 2016-01-26 17:11 -------- d-----w- c:\program files\Common Files\0tnyrpjf
2016-01-26 16:55 . 2016-01-26 17:23 -------- d-----w- C:\zoek_backup
2016-01-26 16:06 . 2016-01-26 16:09 -------- d-----w- C:\AdwCleaner
2016-01-22 15:47 . 2016-01-22 15:47 -------- d-----w- c:\program files\Common Files\fvwll03m
2016-01-22 14:47 . 2016-01-22 14:47 -------- d-----w- c:\program files\Common Files\3jklaqyg
2016-01-20 15:32 . 2016-01-20 15:32 -------- d-----w- c:\program files (x86)\QuickTime
2016-01-20 14:34 . 2016-01-20 15:24 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2016-01-14 06:18 . 2015-11-17 01:08 792064 ----a-w- c:\windows\system32\generaltel.dll
2016-01-14 06:17 . 2015-12-08 17:58 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-01-14 06:13 . 2015-12-08 21:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-01-14 06:13 . 2015-12-08 19:07 879104 ----a-w- c:\windows\system32\advapi32.dll
2016-01-14 06:13 . 2015-12-08 21:52 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-01-14 06:13 . 2015-12-08 19:07 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-01-14 06:09 . 2015-12-30 18:54 6656 ----a-w- c:\windows\system32\apisetschema.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-20 08:15 . 2015-03-28 21:10 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-20 08:15 . 2011-07-16 06:05 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-16 06:30 . 2014-12-19 16:00 143671360 ----a-w- c:\windows\system32\MRT.exe
2015-12-30 18:37 . 2016-01-14 06:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-09 08:59 . 2015-12-09 08:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-12-09 08:59 . 2015-12-09 08:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-11-20 18:54 . 2015-12-09 10:29 2609152 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-09 10:29 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-09 10:29 37888 ----a-w- c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-09 10:29 36864 ----a-w- c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-09 10:29 3170304 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-09 10:29 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-09 10:29 709632 ----a-w- c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-09 10:29 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-09 10:29 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-09 10:29 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-11-20 18:54 . 2015-12-09 10:29 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-20 18:34 . 2015-12-09 10:29 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-09 10:29 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-09 10:29 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 10:29 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-09 10:29 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-11 18:53 . 2015-12-09 10:29 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-11-11 18:53 . 2015-12-09 10:29 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-11-11 18:39 . 2015-12-09 10:29 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-11-11 18:39 . 2015-12-09 10:29 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-11-10 18:55 . 2015-12-09 10:29 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-11-10 18:55 . 2015-12-09 10:29 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-11-10 18:55 . 2015-12-09 10:29 1008640 ----a-w- c:\windows\system32\user32.dll
2015-11-10 18:39 . 2015-12-09 10:29 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-11-10 18:37 . 2015-12-09 10:29 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-11-05 19:05 . 2015-12-09 10:29 17408 ----a-w- c:\windows\system32\wshrm.dll
2015-11-05 19:02 . 2015-12-09 10:29 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2015-11-05 19:02 . 2015-12-09 10:29 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-05 19:00 . 2015-12-09 10:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-05 09:53 . 2015-12-09 10:29 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-11-03 19:04 . 2015-12-09 10:29 802304 ----a-w- c:\windows\system32\usp10.dll
2015-11-03 19:04 . 2015-12-09 10:24 241664 ----a-w- c:\windows\system32\els.dll
2015-11-03 18:56 . 2015-12-09 10:29 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2015-11-03 18:55 . 2015-12-09 10:24 179712 ----a-w- c:\windows\SysWow64\els.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-15 10:40 1587912 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"OneDrive"="c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-12-15 551112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-10-21 60688]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-10-21 61200]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2015-10-21 103696]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-12-26 3886672]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-12-16 50385536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-11-22 1444880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-6-17 1333024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Generalusbserialser20678;ZTEMT Legacy Serial Communication 20678;c:\windows\system32\DRIVERS\CT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_U_USBSER.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Evo 3G\bin\MonServiceUDisk.exe;c:\program files\Evo 3G\bin\MonServiceUDisk.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-15 16:17 1006920 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-28 08:15]
.
2016-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 10:30]
.
2016-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 10:30]
.
2016-01-08 c:\windows\Tasks\HPCeeScheduleForTehseen Akhtar.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 04:51]
.
2016-01-02 c:\windows\Tasks\HPCeeScheduleForTEHSEENAKHTAR$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 04:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-11-04 09:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-11-04 09:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-11-04 09:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-15 10:41 1641664 ----a-w- c:\users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-10 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-10 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-10 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-07 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-09 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\system32\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Tehseen Akhtar\AppData\Roaming\Mozilla\Firefox\Profiles\679xqcvx.default-1453446804802\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4247437007-4202060821-2407958243-1000_Classes\Wow6432Node\CLSID\{55e20fc5-268c-4dae-b83e-6e4486da9435}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000155
"Therad"=dword:00000017
.
[HKEY_USERS\S-1-5-21-4247437007-4202060821-2407958243-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d7,6e,4d,71,c8,90,b4,9e,90,de,a5,a7,7a,c7,d6,20,3b,ce,39,76,c1,
   24,58,bb,06,78,ad,40,d5,2c,33,09,1d,ef,8d,63,b3,26,6a,47,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2016-01-29  16:21:23 - machine was rebooted
ComboFix-quarantined-files.txt  2016-01-29 11:21
.
Pre-Run: 398,815,453,184 bytes free
Post-Run: 398,427,774,976 bytes free
.
- - End Of File - - B188C1E306695177A77B737BE1EF7B86
 
STEP 2: EEK Report...
 

Emsisoft Emergency Kit - Version 11.0
Last update: 1/29/2016 5:05:16 PM
User account: TehseenAkhtar\Tehseen Akhtar
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 1/29/2016 5:07:48 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\Program Files\Common Files\0zvvliuo\1abbclcizegbd.exe detected: Gen:Variant.Adware.MSILPerseus.11675 (B)
C:\Program Files\Common Files\0tnyrpjf\c86dda1zs3rsc.exe detected: Gen:Variant.Adware.MSILPerseus.11675 (B)
C:\Program Files\Common Files\3jklaqyg\d2b62do04o4z0.exe detected: Gen:Variant.Adware.MSILPerseus.11675 (B)
C:\Program Files\Common Files\fvwll03m\715eae00uyven.exe detected: Gen:Variant.Adware.MSILPerseus.11675 (B)
C:\Users\Tehseen Akhtar\Downloads\Programs\mp4_codec.exe detected: Trojan.GenericKD.2210378 (B)
C:\Users\Tehseen Akhtar\Downloads\Programs\DTLite4491-0356.exe detected: Application.Win32.InstallAd (A)
 
Scanned 73118
Found 8
 
Scan end: 1/29/2016 5:11:37 PM
Scan time: 0:03:49
 
C:\Users\Tehseen Akhtar\Downloads\Programs\DTLite4491-0356.exe Application.Win32.InstallAd (A)
C:\Users\Tehseen Akhtar\Downloads\Programs\mp4_codec.exe Trojan.GenericKD.2210378 (B)
C:\Program Files\Common Files\fvwll03m\715eae00uyven.exe Gen:Variant.Adware.MSILPerseus.11675 (B)
C:\Program Files\Common Files\3jklaqyg\d2b62do04o4z0.exe Gen:Variant.Adware.MSILPerseus.11675 (B)
C:\Program Files\Common Files\0tnyrpjf\c86dda1zs3rsc.exe Gen:Variant.Adware.MSILPerseus.11675 (B)
C:\Program Files\Common Files\0zvvliuo\1abbclcizegbd.exe Gen:Variant.Adware.MSILPerseus.11675 (B)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
 
Quarantined 7
 
STEP 3 A: ESET ONLINE LOG FILE..
 

C:\Tehseen Akhtar Data\AutoCAD 2011 64bit.iso a variant of Win32/Keygen.BL potentially unsafe application deleted
C:\Tehseen Akhtar Data\ACER to HP\Air Uni Data\Tehseen's Scanned Documents\Desktop\Ahsan\New Folder\PWM Codes\ga\icytower14_install.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted
C:\Tehseen Akhtar Data\ACER to HP\Air Uni Data\USB Backup111\Mectaronics 7th Semester\Dr.Shaiq\Artificial Intelligent\XML HTP by Deitel\ch25\process.asp HTML/Iframe.gen trojan cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\My Downloads\SoftonicDownloader_for_eset-nod32-antivirus.exe Win32/SoftonicDownloader.E potentially unwanted application cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\My Downloads\BAH\HSS-3.17-install-hss.exe Win32/Toolbar.Conduit potentially unwanted application deleted
C:\Tehseen Akhtar Data\ACER to HP\My Downloads\BAH\spotflux-latestPC.exe a variant of Win32/Bunndle potentially unsafe application deleted
C:\Tehseen Akhtar Data\ACER to HP\softwares\farmet factory-converter.EXE Win32/Toolbar.Conduit potentially unwanted application deleted
C:\Tehseen Akhtar Data\ACER to HP\softwares\winrar_keygen.exe a variant of Win32/Keygen.AI potentially unsafe application cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\softwares\Jalal sb software\Office 2010 ProfessionalPlus_volume_x86_en-us\Office 2010 Activator freeserial-key.blogspot.in\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.A potentially unsafe application cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\9 Augest\Urdu Inpage 2011\MrMuhammadNiaz- Website.url LNK/Agent.CH trojan cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\IDM 6.11 Build 7 with Crack\MrMuhammadNiaz- Website.url LNK/Agent.CH trojan cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\Kaspersky Internet Security 2012 12.0.0.374 Final\MrMuhammadNiaz- Website.url LNK/Agent.CH trojan cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\Nero Burning ROM 11.0.10400\MrMuhammadNiaz- Website.url LNK/Agent.CH trojan cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\office toolkit 2010\MrMuhammadNiaz- Website.url LNK/Agent.CH trojan cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\SpeedBit Video Accelerator 3.2.2.6\Setup.exe Win32/InstallMonetizer.AN potentially unwanted application deleted
C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\TuneUp Utilities 2012\MrMuhammadNiaz- Website.url LNK/Agent.CH trojan cleaned by deleting
C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\Typing Master\MrMuhammadNiaz- Website.url LNK/Agent.CH trojan cleaned by deleting
C:\Tehseen Akhtar Data\My Documentsss\SOFT\DAEMONToolsLite-P1577037-Setup.exe Win32/DownWare.L potentially unwanted application deleted
C:\Tehseen Akhtar Data\My Documentsss\SOFT\FormatFactorySetup.exe a variant of Win32/Hao123.A potentially unwanted application deleted
C:\Tehseen Akhtar Data\My Documentsss\SOFT\Internet Download Manager 6.19 build 2 Final Retail [ChingLiu]\Keygen-Patch UnREaL RCE\Tonec.Inc.Internet.Download.Manager.v6.xx.WinALL.Incl.Keygen.and.Patch.update1-UnREaL.exe Win32/HackTool.Patcher.BY potentially unsafe application cleaned by deleting
C:\Tehseen Akhtar Data\My Documentsss\SOFT\Sony Sound Forge PRO 10.0 + KEYGEN\KEYGEN\Keygen.exe a variant of Win32/Keygen.HU potentially unsafe application cleaned by deleting
C:\Tehseen Akhtar Data\My Documentsss\SOFT\SONY Sound Forge Pro 11.0 build 234 (patch-keygen DI) [ChingLiu]\DI v2.3 Keygen and Patch\Keygen.exe a variant of Win32/Keygen.HU potentially unsafe application cleaned by deleting
C:\Tehseen Akhtar Data\WEC DATA\Lab Engineer\Semester no 1\Labs Handouts\Thermo Lab MTS 3rd\Thermo LAb\Misc Notes\New Folder\YouTubeDownloaderSetup262_1.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
C:\Users\Tehseen Akhtar\Downloads\Compressed\IDM 6.23 Build 18 + Cr4ck.rar LNK/Agent.CH trojan deleted
C:\Users\Tehseen Akhtar\Downloads\Compressed\IDM 6.23 Build 18 + Cr4ck\Internet Download Manager 6.23 Build 18 + Crack\Download Software Games & Apps - SadeemWorld™.url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Tehseen Akhtar\Downloads\Compressed\IDM 6.23 Build 18 + Cr4ck\Internet Download Manager 6.23 Build 18 + Crack\Internet Download Manager 6.23 Build 18 Is Here\Z Download Softwares, Games, Android Apps.url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Tehseen Akhtar\Downloads\Programs\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\zoek_backup\C_Users_Tehseen Akhtar_AppData_Local_Y-fan.exe.vir a variant of MSIL/Kryptik.EWB trojan cleaned by deleting
C:\zoek_backup\C_PROGRA~3_Airtostrong\Airtostrong.exe a variant of Win32/Toolbar.Linkury.AN potentially unwanted application cleaned by deleting
 
STEP 3 B: C:\Program Files\ESET\EsetOnlineScanner\log.txt.
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=361c9d1a6e787d46bdda21a63a575018
# end=init
# utc_time=2016-01-29 12:20:12
# local_time=2016-01-29 05:20:12 (+0500, Pakistan Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27880
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=361c9d1a6e787d46bdda21a63a575018
# end=updated
# utc_time=2016-01-29 12:50:02
# local_time=2016-01-29 05:50:02 (+0500, Pakistan Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=361c9d1a6e787d46bdda21a63a575018
# engine=27880
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-29 03:39:21
# local_time=2016-01-29 08:39:21 (+0500, Pakistan Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 22209294 77076755 0 0
# scanned=328784
# found=29
# cleaned=29
# scan_time=10157
sh=B3EB28C6642EF0AF1A5FE966BBD891EE2BD4FCA3 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BL potentially unsafe application (deleted)" ac=C fn="C:\Tehseen Akhtar Data\AutoCAD 2011 64bit.iso"
sh=419AAB2CFD09544FA618EC9AB1D70F48FB2F4BE8 ft=1 fh=437e1587dc9439bc vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\Air Uni Data\Tehseen's Scanned Documents\Desktop\Ahsan\New Folder\PWM Codes\ga\icytower14_install.exe"
sh=2C7F8DF438BBBEBC481A6EA9EC463721FEB1F8A4 ft=0 fh=0000000000000000 vn="HTML/Iframe.gen trojan (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\Air Uni Data\USB Backup111\Mectaronics 7th Semester\Dr.Shaiq\Artificial Intelligent\XML HTP by Deitel\ch25\process.asp"
sh=1A9E4EA090796C0B25CD47E93A1ED173938E92C4 ft=1 fh=d220d59fa5fdebc9 vn="Win32/SoftonicDownloader.E potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\My Downloads\SoftonicDownloader_for_eset-nod32-antivirus.exe"
sh=58FA854E3D9CA3092FA2A108A8CCF659A10241C9 ft=1 fh=d1a992ef793236e2 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\My Downloads\BAH\HSS-3.17-install-hss.exe"
sh=9D6AE551D260944B25DDBA1D117876D343FD4006 ft=1 fh=835a1228a0e47463 vn="a variant of Win32/Bunndle potentially unsafe application (deleted)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\My Downloads\BAH\spotflux-latestPC.exe"
sh=9B525982A19ED9296C0B884F5ADDB9F14D6D76F8 ft=1 fh=9bd8e2b1fdf3eaec vn="Win32/Toolbar.Conduit potentially unwanted application (deleted)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\farmet factory-converter.EXE"
sh=024C48B7D1DF800C286842EAEE26BB3756AAA24A ft=1 fh=06743112359bf65a vn="a variant of Win32/Keygen.AI potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\winrar_keygen.exe"
sh=56E4531E58A508B45C43A813DC4DA578DB231886 ft=1 fh=fe40d461b3d99c4c vn="a variant of MSIL/HackKMS.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\Jalal sb software\Office 2010 ProfessionalPlus_volume_x86_en-us\Office 2010 Activator freeserial-key.blogspot.in\Office 2010 Toolkit.exe"
sh=48508BFEAE2EAEDB5BADE583743492D8CE7C1B89 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\9 Augest\Urdu Inpage 2011\MrMuhammadNiaz- Website.url"
sh=48508BFEAE2EAEDB5BADE583743492D8CE7C1B89 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\IDM 6.11 Build 7 with Crack\MrMuhammadNiaz- Website.url"
sh=48508BFEAE2EAEDB5BADE583743492D8CE7C1B89 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\Kaspersky Internet Security 2012 12.0.0.374 Final\MrMuhammadNiaz- Website.url"
sh=48508BFEAE2EAEDB5BADE583743492D8CE7C1B89 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\Nero Burning ROM 11.0.10400\MrMuhammadNiaz- Website.url"
sh=48508BFEAE2EAEDB5BADE583743492D8CE7C1B89 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\office toolkit 2010\MrMuhammadNiaz- Website.url"
sh=B2100D6550EA1827ADF9169D4D759970A0CF1888 ft=1 fh=683ebbf499bee4de vn="Win32/InstallMonetizer.AN potentially unwanted application (deleted)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\SpeedBit Video Accelerator 3.2.2.6\Setup.exe"
sh=48508BFEAE2EAEDB5BADE583743492D8CE7C1B89 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\TuneUp Utilities 2012\MrMuhammadNiaz- Website.url"
sh=48508BFEAE2EAEDB5BADE583743492D8CE7C1B89 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\ACER to HP\softwares\MuhammadNiazSoftwares\Typing Master\MrMuhammadNiaz- Website.url"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L potentially unwanted application (deleted)" ac=C fn="C:\Tehseen Akhtar Data\My Documentsss\SOFT\DAEMONToolsLite-P1577037-Setup.exe"
sh=9A579D06963998D2E015B69737AA1AA9D8A4F37B ft=1 fh=75557439e7bfbd68 vn="a variant of Win32/Hao123.A potentially unwanted application (deleted)" ac=C fn="C:\Tehseen Akhtar Data\My Documentsss\SOFT\FormatFactorySetup.exe"
sh=25D3AD7AE4B0CE201A470193CDC1AC328ECC053B ft=1 fh=a8a6b725a21a16e9 vn="Win32/HackTool.Patcher.BY potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\My Documentsss\SOFT\Internet Download Manager 6.19 build 2 Final Retail [ChingLiu]\Keygen-Patch UnREaL RCE\Tonec.Inc.Internet.Download.Manager.v6.xx.WinALL.Incl.Keygen.and.Patch.update1-UnREaL.exe"
sh=4D2301A54AA5533DA282370126066FCC0038B11C ft=1 fh=ea59559093580d17 vn="a variant of Win32/Keygen.HU potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\My Documentsss\SOFT\Sony Sound Forge PRO 10.0 + KEYGEN\KEYGEN\Keygen.exe"
sh=CF5CDCDBA30AF9E2C63F96A580AF0AC3A51287D2 ft=1 fh=99498c96f2e76aec vn="a variant of Win32/Keygen.HU potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Tehseen Akhtar Data\My Documentsss\SOFT\SONY Sound Forge Pro 11.0 build 234 (patch-keygen DI) [ChingLiu]\DI v2.3 Keygen and Patch\Keygen.exe"
sh=4A3E9B131C1171D0B45548DAAC8FE69762B065F5 ft=1 fh=9dac8bc826bf68ea vn="a variant of Win32/Toolbar.Widgi potentially unwanted application (deleted)" ac=C fn="C:\Tehseen Akhtar Data\WEC DATA\Lab Engineer\Semester no 1\Labs Handouts\Thermo Lab MTS 3rd\Thermo LAb\Misc Notes\New Folder\YouTubeDownloaderSetup262_1.exe"
sh=51994E6FEE0DABCA83C1077D8934DDB048DF7EDF ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (deleted)" ac=C fn="C:\Users\Tehseen Akhtar\Downloads\Compressed\IDM 6.23 Build 18 + Cr4ck.rar"
sh=E0FBF6DBF89F3FE8CDAE9338E6C522A4CF0B4004 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (cleaned by deleting)" ac=C fn="C:\Users\Tehseen Akhtar\Downloads\Compressed\IDM 6.23 Build 18 + Cr4ck\Internet Download Manager 6.23 Build 18 + Crack\Download Software Games & Apps - SadeemWorld™.url"
sh=C4D5794A974143950EAAEF9988F67016224D4F44 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan (cleaned by deleting)" ac=C fn="C:\Users\Tehseen Akhtar\Downloads\Compressed\IDM 6.23 Build 18 + Cr4ck\Internet Download Manager 6.23 Build 18 + Crack\Internet Download Manager 6.23 Build 18 Is Here\Z Download Softwares, Games, Android Apps.url"
sh=4CEA705682BB790C11ABEF4561B0A3A04C405172 ft=1 fh=b2e2ce7ff5f99577 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Users\Tehseen Akhtar\Downloads\Programs\spsetup128.exe"
sh=77F964CA75A1EF33D6E79DB7923C70FE1383DDE0 ft=1 fh=9ea9e35454e9d6eb vn="a variant of MSIL/Kryptik.EWB trojan (cleaned by deleting)" ac=C fn="C:\zoek_backup\C_Users_Tehseen Akhtar_AppData_Local_Y-fan.exe.vir"
sh=BB1EFA174377A179D31F2ED6FB9D8FE6DAD8D4B3 ft=1 fh=25a363b209849332 vn="a variant of Win32/Toolbar.Linkury.AN potentially unwanted application (cleaned by deleting)" ac=C fn="C:\zoek_backup\C_PROGRA~3_Airtostrong\Airtostrong.exe"
 

 



#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 29 January 2016 - 05:48 PM

Good :thumbup2:

 

Please do the following.

Step 1:
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Step 2:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 3:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 RobotiksFreak

RobotiksFreak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 31 January 2016 - 07:37 AM

STEP 1: FRST.txt...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016

Ran by Tehseen Akhtar (administrator) on TEHSEENAKHTAR (31-01-2016 00:25:53)

Running from C:\Users\Tehseen Akhtar\Desktop

Loaded Profiles: Tehseen Akhtar (Available Profiles: Tehseen Akhtar)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

() C:\Program Files\Evo 3G\bin\MonServiceUDisk.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(SFX TEAM) C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Apple Inc.) C:\Program Files\iTunes\iTunes.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

() C:\Program Files (x86)\IntegCubes\POSCubes\POSCubes.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-08] (IDT, Inc.)

HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-28] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-22] (Easybits)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\Run: [SuperCopier2.exe] => C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392 2009-08-17] (SFX TEAM)

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-26] (Tonec Inc.)

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.)

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-09-23]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

Tcpip\..\Interfaces\{8728B03D-0CCB-4651-B656-BA7D626AA92F}: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{CD393D11-BAF7-4621-8FD4-466D1F1FD8E3}: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{E2AAEF10-C983-4BBC-A25E-6F59319813DA}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Tcpip\..\Interfaces\{F37BE281-5D18-480F-81E4-D6713902A8B1}: [DhcpNameServer] 192.168.1.1 192.168.1.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKU\S-1-5-21-4247437007-4202060821-2407958243-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-12-05] (Internet Download Manager, Tonec Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-12-05] (Internet Download Manager, Tonec Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Tehseen Akhtar\AppData\Roaming\Mozilla\Firefox\Profiles\679xqcvx.default-1453446804802

FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-29] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-03-24] (Unity Technologies ApS)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-29] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tehseen Akhtar\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Tehseen Akhtar\AppData\Roaming\IDM\idmmzcc5 [2015-12-01] [not signed]

FF HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tehseen Akhtar\AppData\Roaming\IDM\idmmzcc5

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uygwA0xcAVNup_P16km0ym2F4aJSRQ56WcyoBnu4IE9Y4A5vaB9udRAuxE9CCy_raSwls6H5B2udu8Vsv48PwJYz39ccAyVshww7KWCkz9z6iwORAKF88vpL3B98tK13BR6MFOjIW7UYSlWu5zWrB7zfZNsURcjU,

CHR Profile: C:\Users\Tehseen Akhtar\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Tehseen Akhtar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-26]

CHR Extension: (Website Logon) - C:\Users\Tehseen Akhtar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl [2016-01-26]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Tehseen Akhtar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-26]

CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]

CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-24] (EasyBits Software AS) [File not signed]

R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]

R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-19] (Realsil Microelectronics Inc.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-18] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]

S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)

R2 UDisk Monitor; C:\Program Files\Evo 3G\bin\MonServiceUDisk.exe [405504 2012-02-16] () [File not signed]

S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)

S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-27] (Disc Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)

S3 Generalusbserialser20678; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [124160 2012-02-16] (Incorporated)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-31] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 CpqDfw; system32\drivers\CpqDfw.sys [X]

S2 Haspnt; \??\C:\Program Files\InPage24\Haspnt.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-31 00:25 - 2016-01-31 00:26 - 00024716 _____ C:\Users\Tehseen Akhtar\Desktop\FRST.txt

2016-01-31 00:25 - 2016-01-31 00:25 - 00000000 ____D C:\FRST

2016-01-31 00:22 - 2016-01-31 00:23 - 02370560 _____ (Farbar) C:\Users\Tehseen Akhtar\Desktop\FRST64.exe

2016-01-29 21:03 - 2016-01-29 21:03 - 00000000 ____D C:\Users\Tehseen Akhtar\Desktop\Cleaning Computer

2016-01-29 17:18 - 2016-01-29 17:18 - 00000000 ____D C:\Program Files (x86)\ESET

2016-01-29 17:02 - 2016-01-29 17:16 - 00000000 ____D C:\EEK

2016-01-29 16:04 - 2009-04-20 09:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2016-01-29 15:46 - 2016-01-29 15:46 - 00000000 ___HD C:\OneDriveTemp

2016-01-28 23:41 - 2016-01-29 16:21 - 00000000 ____D C:\Qoobox

2016-01-28 23:41 - 2016-01-29 16:14 - 00000000 ____D C:\Windows\erdnt

2016-01-28 23:41 - 2011-06-26 11:45 - 00256000 _____ C:\Windows\PEV.exe

2016-01-28 23:41 - 2010-11-07 22:20 - 00208896 _____ C:\Windows\MBR.exe

2016-01-28 23:41 - 2000-08-31 05:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2016-01-28 23:41 - 2000-08-31 05:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2016-01-28 23:41 - 2000-08-31 05:00 - 00098816 _____ C:\Windows\sed.exe

2016-01-28 23:41 - 2000-08-31 05:00 - 00080412 _____ C:\Windows\grep.exe

2016-01-28 23:41 - 2000-08-31 05:00 - 00068096 _____ C:\Windows\zip.exe

2016-01-28 22:21 - 2016-01-31 00:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-01-28 22:21 - 2016-01-28 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-01-28 22:21 - 2016-01-28 22:21 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-01-28 22:21 - 2016-01-28 22:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-01-28 22:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-01-28 22:21 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-01-28 22:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-01-26 22:28 - 2016-01-29 17:14 - 00000000 ____D C:\Program Files\Common Files\0zvvliuo

2016-01-26 22:28 - 2016-01-26 22:28 - 00003388 _____ C:\Windows\System32\Tasks\bq52awiy

2016-01-26 22:26 - 2016-01-26 22:26 - 00000000 ____D C:\ProgramData\IDM

2016-01-26 22:22 - 2016-01-26 21:55 - 00024064 _____ C:\Windows\zoek-delete.exe

2016-01-26 22:11 - 2016-01-29 17:14 - 00000000 ____D C:\Program Files\Common Files\0tnyrpjf

2016-01-26 22:11 - 2016-01-26 22:11 - 00003388 _____ C:\Windows\System32\Tasks\n3j0fd5h

2016-01-26 21:55 - 2016-01-29 20:38 - 00000000 ____D C:\zoek_backup

2016-01-26 21:06 - 2016-01-26 21:09 - 00000000 ____D C:\AdwCleaner

2016-01-25 22:33 - 2016-01-26 00:01 - 00000000 ____D C:\Users\Tehseen Akhtar\Desktop\New folder

2016-01-22 20:47 - 2016-01-29 17:14 - 00000000 ____D C:\Program Files\Common Files\fvwll03m

2016-01-22 20:47 - 2016-01-22 20:47 - 00003388 _____ C:\Windows\System32\Tasks\oiqnzdow

2016-01-22 19:47 - 2016-01-29 17:14 - 00000000 ____D C:\Program Files\Common Files\3jklaqyg

2016-01-22 19:47 - 2016-01-22 19:47 - 00003388 _____ C:\Windows\System32\Tasks\erlj2ikw

2016-01-20 20:32 - 2016-01-20 20:32 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2016-01-20 20:32 - 2016-01-20 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2016-01-20 20:32 - 2016-01-20 20:32 - 00000000 ____D C:\Program Files (x86)\QuickTime

2016-01-20 19:34 - 2016-01-20 20:24 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe

2016-01-20 12:25 - 2016-01-20 18:41 - 00000000 ____D C:\Users\Tehseen Akhtar\Desktop\Misc

2016-01-14 23:48 - 2016-01-15 00:36 - 01520694 _____ C:\Users\Tehseen Akhtar\Desktop\ShopDaily.bmp

2016-01-14 11:19 - 2015-12-24 04:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2016-01-14 11:19 - 2015-12-24 03:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2016-01-14 11:19 - 2015-12-12 23:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-01-14 11:19 - 2015-12-12 23:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2016-01-14 11:19 - 2015-12-12 23:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2016-01-14 11:19 - 2015-12-12 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2016-01-14 11:19 - 2015-12-12 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-01-14 11:19 - 2015-12-12 23:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-01-14 11:19 - 2015-12-12 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2016-01-14 11:19 - 2015-12-12 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2016-01-14 11:19 - 2015-12-12 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2016-01-14 11:19 - 2015-12-12 23:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-01-14 11:19 - 2015-12-12 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2016-01-14 11:19 - 2015-12-12 23:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2016-01-14 11:19 - 2015-12-12 23:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2016-01-14 11:19 - 2015-12-12 23:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-01-14 11:19 - 2015-12-12 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-01-14 11:19 - 2015-12-12 23:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2016-01-14 11:19 - 2015-12-12 23:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2016-01-14 11:19 - 2015-12-12 23:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2016-01-14 11:19 - 2015-12-12 22:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2016-01-14 11:19 - 2015-12-12 22:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2016-01-14 11:19 - 2015-12-12 22:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2016-01-14 11:19 - 2015-12-12 22:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2016-01-14 11:19 - 2015-12-12 22:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2016-01-14 11:19 - 2015-12-12 22:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-01-14 11:19 - 2015-12-12 22:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-01-14 11:19 - 2015-12-12 22:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2016-01-14 11:19 - 2015-12-12 22:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2016-01-14 11:19 - 2015-12-12 22:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2016-01-14 11:19 - 2015-12-12 22:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2016-01-14 11:19 - 2015-12-12 22:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2016-01-14 11:19 - 2015-12-12 22:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2016-01-14 11:19 - 2015-12-12 22:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2016-01-14 11:19 - 2015-12-12 22:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2016-01-14 11:19 - 2015-12-12 22:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2016-01-14 11:19 - 2015-12-12 22:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2016-01-14 11:19 - 2015-12-12 22:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-01-14 11:19 - 2015-12-12 22:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2016-01-14 11:19 - 2015-12-12 22:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2016-01-14 11:19 - 2015-12-12 22:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2016-01-14 11:19 - 2015-12-12 22:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-01-14 11:19 - 2015-12-12 22:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2016-01-14 11:19 - 2015-12-12 22:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2016-01-14 11:19 - 2015-12-12 22:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2016-01-14 11:19 - 2015-12-12 22:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2016-01-14 11:19 - 2015-12-12 22:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-01-14 11:19 - 2015-12-12 22:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2016-01-14 11:19 - 2015-12-12 22:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2016-01-14 11:19 - 2015-12-12 22:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2016-01-14 11:19 - 2015-12-12 22:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2016-01-14 11:19 - 2015-12-12 22:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-01-14 11:19 - 2015-12-12 22:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2016-01-14 11:19 - 2015-12-12 22:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-01-14 11:19 - 2015-12-12 22:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2016-01-14 11:19 - 2015-12-12 22:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-01-14 11:19 - 2015-12-12 22:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2016-01-14 11:19 - 2015-12-12 22:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2016-01-14 11:19 - 2015-12-12 22:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-01-14 11:19 - 2015-12-12 21:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-01-14 11:19 - 2015-12-12 21:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-01-14 11:19 - 2015-12-12 21:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-01-14 11:19 - 2015-12-12 21:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-01-14 11:19 - 2015-12-12 21:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2016-01-14 11:18 - 2015-12-11 23:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-01-14 11:18 - 2015-12-09 02:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2016-01-14 11:18 - 2015-12-09 02:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2016-01-14 11:18 - 2015-12-09 02:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL

2016-01-14 11:18 - 2015-12-09 02:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL

2016-01-14 11:18 - 2015-12-09 02:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL

2016-01-14 11:18 - 2015-12-09 02:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL

2016-01-14 11:18 - 2015-12-09 02:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll

2016-01-14 11:18 - 2015-12-09 02:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL

2016-01-14 11:18 - 2015-12-09 02:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL

2016-01-14 11:18 - 2015-12-09 02:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL

2016-01-14 11:18 - 2015-12-09 02:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL

2016-01-14 11:18 - 2015-12-09 02:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL

2016-01-14 11:18 - 2015-12-09 02:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL

2016-01-14 11:18 - 2015-12-09 02:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL

2016-01-14 11:18 - 2015-12-09 02:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL

2016-01-14 11:18 - 2015-12-09 02:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL

2016-01-14 11:18 - 2015-12-09 02:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL

2016-01-14 11:18 - 2015-12-09 02:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL

2016-01-14 11:18 - 2015-12-09 02:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax

2016-01-14 11:18 - 2015-12-09 02:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL

2016-01-14 11:18 - 2015-12-09 02:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL

2016-01-14 11:18 - 2015-12-09 02:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll

2016-01-14 11:18 - 2015-12-09 02:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2016-01-14 11:18 - 2015-12-09 02:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2016-01-14 11:18 - 2015-12-09 02:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll

2016-01-14 11:18 - 2015-12-09 02:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL

2016-01-14 11:18 - 2015-12-09 00:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll

2016-01-14 11:18 - 2015-12-09 00:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2016-01-14 11:18 - 2015-12-09 00:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll

2016-01-14 11:18 - 2015-12-09 00:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2016-01-14 11:18 - 2015-12-09 00:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2016-01-14 11:18 - 2015-12-09 00:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2016-01-14 11:18 - 2015-12-08 23:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2016-01-14 11:18 - 2015-12-08 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2016-01-14 11:18 - 2015-12-08 23:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys

2016-01-14 11:18 - 2015-11-17 06:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-01-14 11:18 - 2015-11-17 06:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-01-14 11:18 - 2015-11-17 06:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2016-01-14 11:18 - 2015-11-17 06:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-01-14 11:18 - 2015-11-17 06:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-01-14 11:18 - 2015-11-17 06:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-01-14 11:18 - 2015-11-17 01:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2016-01-14 11:18 - 2015-11-14 04:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll

2016-01-14 11:18 - 2015-11-14 04:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll

2016-01-14 11:18 - 2015-11-14 04:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe

2016-01-14 11:18 - 2015-11-14 03:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll

2016-01-14 11:18 - 2015-11-14 03:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll

2016-01-14 11:18 - 2015-11-14 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe

2016-01-14 11:17 - 2015-12-08 22:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-01-14 11:13 - 2015-12-09 02:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-01-14 11:13 - 2015-12-09 02:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-01-14 11:13 - 2015-12-09 00:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-01-14 11:13 - 2015-12-09 00:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-01-14 11:10 - 2015-12-31 00:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-01-14 11:10 - 2015-12-31 00:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-01-14 11:10 - 2015-12-31 00:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2016-01-14 11:10 - 2015-12-31 00:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-01-14 11:10 - 2015-12-31 00:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2016-01-14 11:10 - 2015-12-31 00:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2016-01-14 11:10 - 2015-12-31 00:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2016-01-14 11:10 - 2015-12-31 00:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2016-01-14 11:10 - 2015-12-31 00:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2016-01-14 11:10 - 2015-12-31 00:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2016-01-14 11:10 - 2015-12-31 00:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2016-01-14 11:10 - 2015-12-31 00:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2016-01-14 11:10 - 2015-12-31 00:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-01-14 11:10 - 2015-12-31 00:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2016-01-14 11:10 - 2015-12-31 00:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2016-01-14 11:10 - 2015-12-31 00:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2016-01-14 11:10 - 2015-12-31 00:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2016-01-14 11:10 - 2015-12-31 00:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2016-01-14 11:10 - 2015-12-30 23:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2016-01-14 11:10 - 2015-12-30 23:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-01-14 11:10 - 2015-12-30 23:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-01-14 11:10 - 2015-12-30 23:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2016-01-14 11:10 - 2015-12-30 23:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2016-01-14 11:10 - 2015-12-30 23:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2016-01-14 11:10 - 2015-12-30 23:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2016-01-14 11:10 - 2015-12-30 23:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2016-01-14 11:10 - 2015-12-30 23:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2016-01-14 11:10 - 2015-12-30 23:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2016-01-14 11:10 - 2015-12-30 23:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2016-01-14 11:10 - 2015-12-30 23:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-01-14 11:10 - 2015-12-30 23:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2016-01-14 11:10 - 2015-12-30 23:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2016-01-14 11:10 - 2015-12-30 23:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2016-01-14 11:10 - 2015-12-30 23:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2016-01-14 11:10 - 2015-12-30 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2016-01-14 11:10 - 2015-12-30 23:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2016-01-14 11:10 - 2015-12-30 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2016-01-14 11:10 - 2015-12-30 23:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-01-14 11:10 - 2015-12-30 23:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2016-01-14 11:10 - 2015-12-30 23:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2016-01-14 11:10 - 2015-12-30 23:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-01-14 11:10 - 2015-12-30 23:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2016-01-14 11:10 - 2015-12-30 23:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2016-01-14 11:10 - 2015-12-30 22:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2016-01-14 11:10 - 2015-12-30 22:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2016-01-14 11:10 - 2015-12-30 22:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2016-01-14 11:10 - 2015-12-30 22:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-01-14 11:10 - 2015-12-30 22:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2016-01-14 11:10 - 2015-12-30 22:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-01-14 11:10 - 2015-12-30 22:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2016-01-14 11:10 - 2015-12-30 22:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2016-01-14 11:10 - 2015-12-30 22:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2016-01-14 11:10 - 2015-12-30 22:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2016-01-14 11:09 - 2015-12-30 23:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2016-01-14 11:09 - 2015-12-30 23:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2016-01-14 11:09 - 2015-12-30 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2016-01-14 11:09 - 2015-12-30 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 22:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2016-01-14 11:09 - 2015-12-30 22:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2016-01-14 11:09 - 2015-12-30 22:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2016-01-14 11:09 - 2015-12-30 22:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2016-01-14 11:09 - 2015-12-30 22:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 22:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 22:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2016-01-14 11:09 - 2015-12-30 22:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2016-01-09 12:41 - 2016-01-09 12:41 - 00003238 _____ C:\Windows\System32\Tasks\dowuloadup

2016-01-08 16:14 - 2016-01-08 16:14 - 00041472 _____ C:\Users\Tehseen Akhtar\AppData\Local\Y-fan.dat

2016-01-03 11:59 - 2016-01-08 16:53 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForTehseen Akhtar.job

2016-01-03 11:59 - 2016-01-03 13:02 - 00003240 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTehseen Akhtar

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-31 00:24 - 2014-12-26 12:39 - 00000000 ____D C:\Users\Tehseen Akhtar\AppData\Roaming\DMCache

2016-01-31 00:19 - 2014-12-22 14:35 - 00000000 ____D C:\Users\Tehseen Akhtar\AppData\Roaming\Skype

2016-01-31 00:17 - 2015-11-03 15:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-31 00:17 - 2015-03-29 02:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-01-30 16:31 - 2009-07-14 09:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-01-30 16:31 - 2009-07-14 09:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-01-30 14:44 - 2014-12-17 14:49 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2016-01-30 14:16 - 2015-11-03 15:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-30 13:19 - 2014-12-18 18:14 - 00002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-01-30 13:06 - 2015-01-24 00:08 - 00000000 ___RD C:\Users\Tehseen Akhtar\OneDrive

2016-01-30 13:02 - 2014-12-14 00:18 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3990E303-F33E-4B0C-B2F0-6F58ABDF13F9}

2016-01-30 10:58 - 2015-09-18 12:41 - 00000000 ___RD C:\Users\Tehseen Akhtar\iCloudDrive

2016-01-30 10:58 - 2014-12-23 22:42 - 00000000 ____D C:\Temp

2016-01-30 10:58 - 2009-07-14 10:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-29 20:55 - 2014-12-11 11:28 - 00000000 ____D C:\Tehseen Akhtar Data

2016-01-29 20:38 - 2014-12-26 12:39 - 00000000 ____D C:\Users\Tehseen Akhtar\Downloads\Compressed

2016-01-29 17:15 - 2015-03-29 02:10 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-01-29 17:15 - 2015-03-29 02:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-01-29 17:15 - 2011-07-16 11:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-01-29 16:15 - 2014-12-14 00:08 - 00000000 ____D C:\Users\Tehseen Akhtar\AppData\LocalLow\AuthenTec

2016-01-29 16:15 - 2009-07-14 07:34 - 00000215 _____ C:\Windows\system.ini

2016-01-29 16:14 - 2009-07-14 07:34 - 18874368 _____ C:\Windows\system32\config\SYSTEM.bak

2016-01-29 16:14 - 2009-07-14 07:34 - 114294784 _____ C:\Windows\system32\config\SOFTWARE.bak

2016-01-29 16:14 - 2009-07-14 07:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak

2016-01-29 16:14 - 2009-07-14 07:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2016-01-29 16:14 - 2009-07-14 07:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2016-01-28 10:57 - 2014-12-17 15:00 - 00000000 ____D C:\Users\Tehseen Akhtar\AppData\Local\CrashDumps

2016-01-27 15:20 - 2015-09-18 12:35 - 00003448 _____ C:\Windows\System32\Tasks\Apple Diagnostics

2016-01-26 22:35 - 2015-03-29 01:59 - 00001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-01-26 22:35 - 2014-12-14 00:18 - 00001869 _____ C:\Users\Tehseen Akhtar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2016-01-26 13:08 - 2009-07-14 10:13 - 00875966 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-26 13:08 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\inf

2016-01-20 21:16 - 2015-03-10 15:33 - 00000000 ____D C:\Users\Tehseen Akhtar\AppData\Roaming\Genoa

2016-01-20 20:41 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\system32\NDF

2016-01-20 18:46 - 2015-08-27 16:50 - 00007626 _____ C:\Users\Tehseen Akhtar\AppData\Local\Resmon.ResmonCfg

2016-01-20 18:42 - 2015-09-18 12:36 - 00000000 ____D C:\Users\Tehseen Akhtar\AppData\Local\458E72B1-EB03-454E-801C-861EEE562EF4.aplzod

2016-01-16 12:00 - 2009-07-14 09:45 - 00454864 _____ C:\Windows\system32\FNTCACHE.DAT

2016-01-16 11:57 - 2015-04-16 11:53 - 00000000 ___SD C:\Windows\system32\CompatTel

2016-01-16 11:57 - 2015-04-16 11:53 - 00000000 ____D C:\Windows\system32\appraiser

2016-01-16 11:56 - 2014-12-22 14:34 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-01-16 11:55 - 2014-12-19 11:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-01-16 11:36 - 2014-12-19 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-01-16 11:35 - 2014-12-19 21:00 - 00000000 ____D C:\Windows\system32\MRT

2016-01-16 11:35 - 2014-12-19 11:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-01-16 11:30 - 2014-12-19 21:00 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-01-15 23:09 - 2014-12-26 17:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-01-15 23:08 - 2015-11-10 09:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-01-09 22:22 - 2015-04-21 20:18 - 00000000 ____D C:\Users\Tehseen Akhtar\Documents\bil

2016-01-08 15:34 - 2015-12-01 00:56 - 00000000 ____D C:\Users\Tehseen Akhtar\AppData\Roaming\IDM

2016-01-03 13:01 - 2014-12-14 00:07 - 00000000 ____D C:\Users\Tehseen Akhtar

2016-01-02 12:17 - 2015-01-01 14:25 - 00003228 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTEHSEENAKHTAR$

2016-01-02 12:17 - 2015-01-01 14:25 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForTEHSEENAKHTAR$.job

 

==================== Files in the root of some directories =======

 

2015-08-27 16:50 - 2016-01-20 18:46 - 0007626 _____ () C:\Users\Tehseen Akhtar\AppData\Local\Resmon.ResmonCfg

2016-01-08 16:14 - 2016-01-08 16:14 - 0041472 _____ () C:\Users\Tehseen Akhtar\AppData\Local\Y-fan.dat

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-01-29 16:39

 

==================== End of FRST.txt ============================



#13 RobotiksFreak

RobotiksFreak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 31 January 2016 - 07:38 AM

Addition.txt...

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by Tehseen Akhtar (2016-01-31 00:26:43)

Running from C:\Users\Tehseen Akhtar\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2014-12-13 19:07:47)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-4247437007-4202060821-2407958243-500 - Administrator - Disabled)

Guest (S-1-5-21-4247437007-4202060821-2407958243-501 - Limited - Disabled)

Tehseen Akhtar (S-1-5-21-4247437007-4202060821-2407958243-1000 - Administrator - Enabled) => C:\Users\Tehseen Akhtar

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\uTorrent) (Version: 3.4.2.37252 - BitTorrent Inc.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.1300 - Broadcom Corporation)

Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1300 - Broadcom Corporation)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)

Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)

Evo 3G (HKLM\...\ZTEWireless-101_is1) (Version:  - )

FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)

Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)

GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)

GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)

Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Documentation (HKLM-x32\...\{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}) (Version: 1.1.1.0 - Hewlett-Packard)

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )

HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)

HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)

HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)

HP SimplePass PE 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)

hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden

HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)

iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)

iExplorer 3.5.1.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)

Inpage 2011 (HKLM-x32\...\Inpage 20113.0) (Version: 3.0 - I Soft Solutions)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)

iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Khazainulhidayat Arabic_Urdu Keyboard 1.1 (HKLM\...\{C6C55205-0288-45AC-BEE2-1D4A63F54410}) (Version: 1.0.3.40 - Cleantouch Software Corp.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Policies (HKLM-x32\...\{01C5A10F-AD9B-405B-853A-6659841A1242}) (Version: 10.3.5500.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 Query Tools English (HKLM-x32\...\{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.28 - Motorola Mobility)

Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility) Hidden

Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden

Mozilla Firefox 37.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)

MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

SAM Broadcaster (remove only) (HKLM-x32\...\SAM3) (Version:  - )

SAP Crystal Reports runtime engine for .NET Framework 4 (64-bit) (HKLM\...\{3CD25975-A787-4E44-9990-DBE887266DF9}) (Version: 13.0.1.220 - SAP)

Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)

Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)

Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)

Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden

SuperCopier2 (HKLM-x32\...\SuperCopier2) (Version:  - )

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)

Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)

VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-4247437007-4202060821-2407958243-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()

CustomCLSID: HKU\S-1-5-21-4247437007-4202060821-2407958243-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Tehseen Akhtar\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {023F4C86-E978-471E-AA22-F1D4FCFC3AE8} - \psv_HotSing -> No File <==== ATTENTION

Task: {030DF922-8A8E-410B-B332-BA3E77430716} - \psv_Saltstrong -> No File <==== ATTENTION

Task: {03ECC9F9-EDD2-4CCA-A97D-6F0760CBF8CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {0A1C0082-8DBD-4D02-BE8D-CFA86494E603} - \psv_ZoneStattax -> No File <==== ATTENTION

Task: {0F591043-D42D-4B25-A3A1-20EB05C8A6F2} - \psv_Stimstock -> No File <==== ATTENTION

Task: {281B679A-989C-4681-8DB0-DDB854757A5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {2C292FB7-05A0-4179-B728-02891BAC6D5D} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-18] ()

Task: {3A5D672C-5CBD-4FA7-850F-E1D87F00AF2B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {3B99E4EA-C16E-4477-A76B-55FBCF7022F8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {3E2460E5-E81B-4091-BDC9-DE1F3B3BD61D} - System32\Tasks\n3j0fd5h => C:\Program Files\Common Files\0tnyrpjf\c86dda1zs3rsc.exe <==== ATTENTION

Task: {3EF6B029-A649-4AD4-8C3D-C352C7FBA4C0} - \psv_Medlam -> No File <==== ATTENTION

Task: {3FE086A1-F9B8-4C05-A6F6-FB781C8D4834} - \psv_BioLamtip -> No File <==== ATTENTION

Task: {40746269-EAE6-4377-BFFB-39551B8E754C} - System32\Tasks\erlj2ikw => C:\Program Files\Common Files\3jklaqyg\d2b62do04o4z0.exe <==== ATTENTION

Task: {4B8C3927-E83B-41EE-8799-248DFDA5220A} - System32\Tasks\oiqnzdow => C:\Program Files\Common Files\fvwll03m\715eae00uyven.exe <==== ATTENTION

Task: {5084EAE9-96A7-4C9F-B133-E8A81E4B655B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03] (Google Inc.)

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {78FFBC64-C1BC-4C54-ADB6-5770AF2D9347} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)

Task: {7A3DCA9F-BDD3-453F-AFF9-83030FD9EBCB} - System32\Tasks\bq52awiy => C:\Program Files\Common Files\0zvvliuo\1abbclcizegbd.exe <==== ATTENTION

Task: {7D862C46-758D-4F9F-9C9C-C0BED3193651} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-16] (CyberLink)

Task: {7F6BDFD3-1338-45BC-9D5E-CC5A70845A0F} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-18] ()

Task: {84E58F66-9F47-4393-9F8B-5BF545A43A3E} - \psv_Ranhold -> No File <==== ATTENTION

Task: {8D8F0520-CB1A-4893-B2EB-8434C89E7C08} - \psv_Donhome -> No File <==== ATTENTION

Task: {93583FC4-0BBE-49DE-B9FC-5EDC86448A86} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {976E51B0-E377-4084-974C-D28DE605D334} - \psv_ZoomTois -> No File <==== ATTENTION

Task: {97F71A8E-D91D-4A0C-BD14-4691AF18D65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {A5F974B8-5FD5-49E5-BC88-513FAB5CBB8D} - \psv_Groovestock -> No File <==== ATTENTION

Task: {ACED1B57-42C3-4C6D-B092-AB6A8692D840} - System32\Tasks\HPCeeScheduleForTEHSEENAKHTAR$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {B3607808-2F12-4B33-AC1F-0ECDEE02260B} - \psv_Quostrong -> No File <==== ATTENTION

Task: {B46222F4-ACC9-4964-8D64-3E674E5354D0} - \psv_Alphasolotone -> No File <==== ATTENTION

Task: {B7E34764-3143-44B6-BF95-3FF8D7516892} - \psv_Jayzap -> No File <==== ATTENTION

Task: {BEBFD625-3374-4027-90B9-52E3793D7318} - System32\Tasks\HPCeeScheduleForTehseen Akhtar => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {C48895F4-610C-433E-AEA7-D33DF7BA4088} - \psv_Lalux -> No File <==== ATTENTION

Task: {C8EF9C9E-5DC1-4034-9901-0A4A6368D26B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03] (Google Inc.)

Task: {D0697E4F-AE21-478E-94D8-5C587BB422DE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {DB2553E8-C189-4F38-8330-B0184444CD66} - \psv_An-Lux -> No File <==== ATTENTION

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

Task: {DE54856B-CE8D-44F8-A001-EB29FC3CBA26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-29] (Adobe Systems Incorporated)

Task: {E1517371-2E95-44FA-8A67-FDAE05D1CC27} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-18] ()

Task: {E24B2CFF-094D-40BB-9B93-AE8C215AAAD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)

Task: {E6D7BA7F-9961-4C19-A4A1-F30DA9C966E4} - System32\Tasks\dowuloadup => C:\Windows\system32\config\systemprofile\AppData\Local\Inchwarm <==== ATTENTION

Task: {F412D56B-D6E6-4271-BCBF-2E1C4B91CB2A} - \psv_Physsanwarm -> No File <==== ATTENTION

Task: {F69B47E0-2493-410A-9034-EF257FE5D289} - \psv_Lamtough -> No File <==== ATTENTION

Task: {F848B9AB-C964-49DD-A299-44F504947B5D} - \psv_Quotefix -> No File <==== ATTENTION

Task: {FFB6F2E6-2DED-4D19-A574-43FF8F5EF8A3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForTehseen Akhtar.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\HPCeeScheduleForTEHSEENAKHTAR$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2014-12-20 21:39 - 2012-08-31 15:03 - 00288768 ____N () C:\Windows\System32\HP1100LM.DLL

2014-12-20 21:40 - 2012-08-31 15:02 - 00074240 ____N () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-06-17 06:57 - 2011-06-17 06:57 - 00081696 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeLib.dll

2012-07-18 01:31 - 2012-07-18 01:31 - 00116632 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

2014-12-17 12:37 - 2012-02-16 17:26 - 00405504 _____ () C:\Program Files\Evo 3G\bin\MonServiceUDisk.exe

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-05-02 00:29 - 2014-05-02 00:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2011-05-10 22:56 - 2011-05-10 22:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-07-18 01:31 - 2012-07-18 01:31 - 00776088 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

2015-10-13 05:45 - 2015-10-13 05:45 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll

2014-12-16 22:46 - 2015-07-21 16:34 - 14091264 _____ () C:\Program Files (x86)\IntegCubes\POSCubes\POSCubes.exe

2011-03-03 12:20 - 2011-03-03 12:20 - 01197056 _____ () C:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win64_x64\fssl-1-2-1-6.dll

2011-03-03 12:20 - 2011-03-03 12:20 - 02361344 _____ () C:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win64_x64\ebus-3-3-2-7.dll

2011-03-03 12:20 - 2011-03-03 12:20 - 00120320 _____ () C:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win64_x64\etc-1-0-12-6.dll

2011-03-03 12:20 - 2011-03-03 12:20 - 00103424 _____ () C:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win64_x64\boezlib.dll

2011-03-03 12:21 - 2011-03-03 12:21 - 02619392 _____ () C:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win64_x64\xerces-c_2_7.dll

2014-12-20 21:39 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll

2014-12-20 21:39 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll

2014-12-20 21:39 - 2012-08-31 15:03 - 00373760 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll

2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll

2014-12-20 22:19 - 2014-12-20 22:19 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d29373df3398f72bd90d096a4b94d97\IsdiInterop.ni.dll

2011-09-23 13:40 - 2011-04-30 12:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2016-01-30 13:19 - 2016-01-27 22:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll

2016-01-30 13:19 - 2016-01-27 22:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\...\skype.com -> hxxps://apps.skype.com

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 07:34 - 2016-01-29 16:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-4247437007-4202060821-2407958243-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tehseen Akhtar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is disabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{614582A4-85F4-4C37-8364-E1055222BD3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{05BA44B1-9770-45D8-9AEB-8A9EBCE29E3B}] => (Allow) LPort=2869

FirewallRules: [{40076678-29C4-4030-8008-E1E7822C5D11}] => (Allow) LPort=1900

FirewallRules: [{A20B9249-5652-4BC4-9983-CEF3B596645B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{CD60A239-BFF2-481C-B2EA-A9436150C130}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{15AE612D-A7E6-4E6A-B3AA-2A84844E70A5}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe

FirewallRules: [{5C612839-FEE9-4D21-9E5F-6C09682BD82A}] => (Allow) LPort=9100

FirewallRules: [{07193110-7CB9-4193-AC3D-B7CB4218B54D}] => (Allow) LPort=427

FirewallRules: [{62EAD4C7-FA8C-443A-9C92-3FF1650B872B}] => (Allow) LPort=161

FirewallRules: [{CBC20B9A-D501-49A2-94A7-29734315268C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{C8E70D2F-549A-41BB-AC6D-C00CC5D72DAC}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

FirewallRules: [UDP Query User{514179DE-5690-4B73-87E1-A6B5EC5B5110}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

FirewallRules: [TCP Query User{0BA0D504-22DA-4AAD-8222-69203E23A4B1}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe

FirewallRules: [UDP Query User{198FE306-658A-4737-8DFD-2E4E19DDE308}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe

FirewallRules: [TCP Query User{4C5C154B-587B-4D19-99DB-136EF683A8D3}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe

FirewallRules: [UDP Query User{C31668BE-310B-4403-988B-138D989CAB44}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe

FirewallRules: [{DC938DB7-DF63-4A9E-AC9B-787F3D21BEB1}] => (Allow) C:\Users\Tehseen Akhtar\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{38A1854A-1CDB-49BB-955E-7D86B41D4742}] => (Allow) C:\Users\Tehseen Akhtar\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{0B5A85DA-4BD3-4CB3-AF26-58F59DE01795}] => (Allow) C:\Users\Tehseen Akhtar\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{1595DDE4-1667-42F6-BCC7-7D4136080B66}] => (Allow) C:\Users\Tehseen Akhtar\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{673BC6E2-B792-4E01-B8D9-DC51F818424E}] => (Allow) LPort=51001

FirewallRules: [{08EE98F5-65A1-4B0B-8DF9-2DC543077F74}] => (Allow) LPort=51001

FirewallRules: [{0357397B-8F9C-495C-AD11-DF49D685B1E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{2BDECC23-3628-4EF6-8C9E-5CCC472232C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C24B8487-EABA-4B54-8BA9-DA94D5ED6505}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{481870B3-223B-4D9E-9279-231B5162D306}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{0F08593C-1E0B-40E3-B1B9-347C35279D11}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{1F4ECF2B-BB37-4FB7-BC65-9AC9B857477C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{3BE6B733-2AE7-4CC1-9BD2-AB9D94F2722E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{A52C2219-B7AB-4DF5-92EF-8FCE4A9B6DC9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{18818953-A41B-4114-AB8B-36D8B53620C4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{D85E82D4-6C4E-4A0F-B64E-62AD31B436B7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{1AAC17EC-3EE7-493A-B05F-DE57AB87E814}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{E89B443D-6012-4358-A0C7-536EDD3E4B9C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

05-01-2016 14:42:44 Windows Update

08-01-2016 17:05:44 Windows Update

12-01-2016 14:50:04 Windows Update

16-01-2016 10:53:48 Windows Update

16-01-2016 11:24:43 Windows Update

20-01-2016 11:42:23 Windows Update

25-01-2016 22:37:09 Windows Update

26-01-2016 21:17:26 JRT Pre-Junkware Removal

26-01-2016 22:03:16 zoek.exe restore point

28-01-2016 23:42:04 ComboFix created restore point

30-01-2016 16:39:15 Windows Update

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/30/2016 07:00:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 13541

 

Error: (01/30/2016 07:00:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 13541

 

Error: (01/30/2016 07:00:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/30/2016 06:59:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9438

 

Error: (01/30/2016 06:59:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9438

 

Error: (01/30/2016 06:59:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/30/2016 06:59:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4820

 

Error: (01/30/2016 06:59:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4820

 

Error: (01/30/2016 06:59:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/30/2016 05:03:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 24

 

 

System errors:

=============

Error: (01/30/2016 12:38:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.213.4702.0

 

Update Source: %NT AUTHORITY51

 

Update Stage: 4.8.0204.00

 

Source Path: 4.8.0204.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (01/30/2016 12:38:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.213.4702.0

 

Update Source: %NT AUTHORITY51

 

Update Stage: 4.8.0204.00

 

Source Path: 4.8.0204.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (01/30/2016 12:38:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.213.4702.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.8.0204.00

 

Source Path: 4.8.0204.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (01/30/2016 11:08:58 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.213.4702.0

 

Update Source: %NT AUTHORITY51

 

Update Stage: 4.8.0204.00

 

Source Path: 4.8.0204.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (01/30/2016 11:08:58 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.213.4702.0

 

Update Source: %NT AUTHORITY51

 

Update Stage: 4.8.0204.00

 

Source Path: 4.8.0204.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (01/30/2016 11:08:53 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.213.4702.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.8.0204.00

 

Source Path: 4.8.0204.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (01/30/2016 10:58:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The TrueSuiteService service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/30/2016 10:58:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The WinDefend service terminated with the following error: 

%%126

 

Error: (01/30/2016 10:58:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Haspnt service failed to start due to the following error: 

%%3

 

Error: (01/29/2016 08:39:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

 

CodeIntegrity:

===================================

  Date: 2016-01-29 16:13:22.064

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-01-29 16:13:22.017

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz

Percentage of memory in use: 30%

Total physical RAM: 8139.86 MB

Available physical RAM: 5667.77 MB

Total Virtual: 16277.93 MB

Available Virtual: 12523.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:576.67 GB) (Free:368.68 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (Recovery) (Fixed) (Total:15.34 GB) (Free:1.66 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

Drive g: (TEHSEEN) (Removable) (Total:14.53 GB) (Free:14.53 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: EBFB7460)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=576.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: AE3DF244)

Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)

 

==================== End of Addition.txt ============================



#14 RobotiksFreak

RobotiksFreak
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 31 January 2016 - 07:41 AM

STEP 2: mbar-log-2016-01-31 (00-38-23).txt...

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org

 

Database version:

  main:    v2016.01.30.04

  rootkit: v2016.01.20.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.18163

Tehseen Akhtar :: TEHSEENAKHTAR [administrator]

 

1/31/2016 12:38:23 AM

mbar-log-2016-01-31 (00-38-23).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 457553

Time elapsed: 1 hour(s), 26 minute(s), 48 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

system-log.txt...

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.09.3.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.18163

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 2.195000 GHz

Memory total: 8535261184, free: 5868765184

 

Downloaded database version: v2016.01.30.04

Downloaded database version: v2016.01.20.01

Downloaded database version: v2016.01.23.01

=======================================

Initializing...

------------ Kernel report ------------

     01/31/2016 00:38:12

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\drivers\CmBatt.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\clwvd.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\idmwfp.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\Drivers\usbaapl64.sys

\SystemRoot\system32\DRIVERS\WinUsb.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\??\C:\Windows\system32\drivers\mwac.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shlwapi.dll

\Windows\System32\setupapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\usp10.dll

\Windows\System32\iertutil.dll

\Windows\System32\clbcatq.dll

\Windows\System32\Wldap32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\imm32.dll

\Windows\System32\msctf.dll

\Windows\System32\user32.dll

\Windows\System32\urlmon.dll

\Windows\System32\advapi32.dll

\Windows\System32\shell32.dll

\Windows\System32\nsi.dll

\Windows\System32\ole32.dll

\Windows\System32\lpk.dll

\Windows\System32\gdi32.dll

\Windows\System32\psapi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\msvcrt.dll

\Windows\System32\difxapi.dll

\Windows\System32\sechost.dll

\Windows\System32\wininet.dll

\Windows\System32\kernel32.dll

\Windows\System32\normaliz.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\userenv.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\System32\profapi.dll

----------- End -----------

Done!

 

Scan started

Database versions:

  main:    v2016.01.30.04

  rootkit: v2016.01.20.01

 

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800a396060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800a396b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800a396060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007a95050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EBFB7460

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 407552

    Partition is bootable

    Partition file system is NTFS

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 409600  Numsec = 1209358336

    Partition is bootable

    Partition file system is NTFS

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1209767936  Numsec = 32172032

    Partition is bootable

    Partition file system is NTFS

 

    Partition 3 type is Other (0xc)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1241939968  Numsec = 8321712

    Partition is not bootable

    Partition file system is FAT32

 

Disk Size: 640135028736 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8007f6a790, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800c502270, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007f6a790, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800786b670, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AE3DF244

 

Partition information:

 

    Partition 0 type is Other (0xc)

    Partition is ACTIVE.

    Partition starts at LBA: 8064  Numsec = 30482560

    Partition is not bootable

    Partition file system is FAT32

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

    Partition is not bootable

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

    Partition is not bootable

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

    Partition is not bootable

 

Disk Size: 15611199488 bytes

Sector size: 512 bytes

 

Done!

Scan finished

------------ Kernel report ------------

     01/31/2016 02:26:03

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\drivers\CmBatt.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\clwvd.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\idmwfp.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\Drivers\usbaapl64.sys

\SystemRoot\system32\DRIVERS\WinUsb.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shlwapi.dll

\Windows\System32\setupapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\usp10.dll

\Windows\System32\iertutil.dll

\Windows\System32\clbcatq.dll

\Windows\System32\Wldap32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\imm32.dll

\Windows\System32\msctf.dll

\Windows\System32\user32.dll

\Windows\System32\urlmon.dll

\Windows\System32\advapi32.dll

\Windows\System32\shell32.dll

\Windows\System32\nsi.dll

\Windows\System32\ole32.dll

\Windows\System32\lpk.dll

\Windows\System32\gdi32.dll

\Windows\System32\psapi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\msvcrt.dll

\Windows\System32\difxapi.dll

\Windows\System32\sechost.dll

\Windows\System32\wininet.dll

\Windows\System32\kernel32.dll

\Windows\System32\normaliz.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\userenv.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\System32\profapi.dll

----------- End -----------

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1209767936-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-1241939968-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-8064-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...

Removal finished

 

STEP 3: Report.txt...

 

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/software/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Tehseen Akhtar [Administrator]

Started from : C:\Users\Tehseen Akhtar\Desktop\RogueKiller.exe

Mode : Scan -- Date : 01/31/2016 08:11:15

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 6 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8728B03D-0CCB-4651-B656-BA7D626AA92F} | DhcpNameServer : 172.20.10.1 ([X])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD393D11-BAF7-4621-8FD4-466D1F1FD8E3} | DhcpNameServer : 172.20.10.1 ([X])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8728B03D-0CCB-4651-B656-BA7D626AA92F} | DhcpNameServer : 172.20.10.1 ([X])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD393D11-BAF7-4621-8FD4-466D1F1FD8E3} | DhcpNameServer : 172.20.10.1 ([X])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8728B03D-0CCB-4651-B656-BA7D626AA92F} | DhcpNameServer : 172.20.10.1 ([X])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CD393D11-BAF7-4621-8FD4-466D1F1FD8E3} | DhcpNameServer : 172.20.10.1 ([X])  -> Found

 

¤¤¤ Tasks : 1 ¤¤¤

[Suspicious.Path] \dowuloadup -- C:\Windows\system32\config\systemprofile\AppData\Local\Inchwarm (/t 1362 8881) -> Found

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 1 ¤¤¤

[PUM.HomePage][FIREFX:Config] 679xqcvx.default-1453446804802 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/"); -> Found

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++

--- User ---

[MBR] 11dc90f35e1989abe7c0fb3bc2648e61

[BSP] 2e2239d362b8637ade7bd456bada51b2 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 590507 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1209767936 | Size: 15709 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++

--- User ---

[MBR] 4e92cf13c78cd694a266f6456260e536

[BSP] 68735feeeb2a9bbf9dc7c8d88f32862c : Windows XP|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 14884 MB

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )



#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 31 January 2016 - 07:04 PM

Hi RobotiksFreak,

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   7.2KB   10 downloads and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Please try run again.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users