Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AM I INFECTED WITH A HIDDEN TROJAN/VIRUS? HELP


  • This topic is locked This topic is locked
3 replies to this topic

#1 gucciloafers123

gucciloafers123

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 01 April 2016 - 03:59 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Abdikarim (administrator) on ADOT (01-04-2016 21:53:43)
Running from C:\Users\Abdikarim\Desktop
Loaded Profiles: Abdikarim (Available Profiles: Abdikarim)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1008128 2014-04-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-04-01]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C4DD18D1-04FE-4F3D-B362-045DB5406D66}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1376254598-1204934254-887906221-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-1376254598-1204934254-887906221-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-1376254598-1204934254-887906221-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKU\S-1-5-21-1376254598-1204934254-887906221-1001 -> DefaultScope {656A4EB8-FDC2-4DF9-9621-9BFCDBFC678E} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-01] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Abdikarim\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Abdikarim\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Abdikarim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-30]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Abdikarim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-03-31]
CHR Extension: (YouTube) - C:\Users\Abdikarim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30]
CHR Extension: (Adblock Plus) - C:\Users\Abdikarim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Abdikarim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Abdikarim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2014-10-13] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2823920 2016-03-20] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-06-30] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-01] (SurfRight B.V.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [203296 2016-03-19] (Microsoft Corporation) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2014-10-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7545008 2014-10-13] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-31] ()
R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-04-01] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-04-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-01 21:53 - 2016-04-01 21:54 - 00013853 _____ C:\Users\Abdikarim\Desktop\FRST.txt
2016-04-01 21:53 - 2016-04-01 21:53 - 00000000 ____D C:\FRST
2016-04-01 21:52 - 2016-04-01 21:52 - 02374144 _____ (Farbar) C:\Users\Abdikarim\Desktop\FRST64.exe
2016-04-01 16:29 - 2016-04-01 16:29 - 11441744 _____ (SurfRight B.V.) C:\Users\Abdikarim\Desktop\hitmanpro_x64.exe
2016-04-01 16:29 - 2016-04-01 16:29 - 00001916 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-01 16:29 - 2016-04-01 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-01 16:27 - 2016-04-01 16:27 - 22851472 _____ (Malwarebytes ) C:\Users\Abdikarim\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-01 16:25 - 2016-04-01 16:25 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Abdikarim\Desktop\iExplore.exe
2016-04-01 16:23 - 2016-04-01 16:23 - 00001109 _____ C:\Users\Abdikarim\Desktop\RegHunter.lnk
2016-04-01 16:23 - 2016-04-01 16:23 - 00000000 ____D C:\Users\Abdikarim\AppData\Roaming\Enigma Software Group
2016-04-01 16:23 - 2016-04-01 16:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-04-01 16:21 - 2016-04-01 16:22 - 00212972 _____ C:\TDSSKiller.3.1.0.9_01.04.2016_16.21.58_log.txt
2016-04-01 16:16 - 2016-04-01 16:29 - 00133576 _____ C:\Windows\ntbtlog.txt
2016-04-01 16:11 - 2016-04-01 16:11 - 05234368 _____ ( ) C:\Users\Abdikarim\Desktop\Zemana.AntiMalware.Setup.exe
2016-04-01 16:06 - 2016-04-01 16:06 - 00001928 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-04-01 16:06 - 2016-04-01 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-04-01 16:06 - 2016-04-01 16:06 - 00000000 ____D C:\Program Files\Malwarebytes
2016-04-01 16:05 - 2016-04-01 16:06 - 37457368 _____ (Malwarebytes ) C:\Users\Abdikarim\Downloads\MBARW_Setup (1).exe
2016-03-31 21:44 - 2016-03-31 21:44 - 00000064 _____ C:\Users\Abdikarim\Desktop\a2whitelist.ini
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Abdikarim\Desktop\Reports
2016-03-31 21:09 - 2016-03-31 21:44 - 00005984 _____ C:\Users\Abdikarim\Desktop\a2settings.ini
2016-03-31 21:09 - 2016-03-31 21:09 - 00000000 ____D C:\Users\Abdikarim\Desktop\Quarantine
2016-03-31 21:07 - 2016-03-31 21:33 - 00000000 ____D C:\Users\Abdikarim\Desktop\bin64
2016-03-31 21:07 - 2016-03-31 21:18 - 00000000 ____D C:\Users\Abdikarim\Desktop\bin32
2016-03-31 21:07 - 2015-12-09 08:23 - 00004314 _____ C:\Users\Abdikarim\Desktop\readme.txt
2016-03-31 21:07 - 2015-12-01 13:28 - 03723376 _____ (Emsisoft Ltd) C:\Users\Abdikarim\Desktop\Start Emergency Kit Scanner.exe
2016-03-31 21:07 - 2015-12-01 13:27 - 03723376 _____ (Emsisoft Ltd) C:\Users\Abdikarim\Desktop\Start Commandline Scanner.exe
2016-03-31 21:01 - 2016-03-31 21:03 - 224163936 _____ C:\Users\Abdikarim\Downloads\EmsisoftEmergencyKit.exe
2016-03-31 20:59 - 2016-03-31 20:59 - 22851472 _____ (Malwarebytes ) C:\Users\Abdikarim\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-03-31 20:58 - 2016-03-31 20:58 - 00000679 _____ C:\Users\Abdikarim\Desktop\JRT.txt
2016-03-31 20:54 - 2016-03-31 20:54 - 01610352 _____ (Malwarebytes) C:\Users\Abdikarim\Downloads\JRT (1).exe
2016-03-31 20:53 - 2016-03-31 20:53 - 01610352 _____ (Malwarebytes) C:\Users\Abdikarim\Downloads\JRT.exe
2016-03-31 20:50 - 2016-03-31 20:50 - 11441744 _____ (SurfRight B.V.) C:\Users\Abdikarim\Downloads\hitmanpro_x64 (1).exe
2016-03-31 20:40 - 2016-04-01 16:29 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-31 20:40 - 2016-03-31 20:53 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-31 20:39 - 2016-03-31 20:39 - 11441744 _____ (SurfRight B.V.) C:\Users\Abdikarim\Downloads\hitmanpro_x64.exe
2016-03-31 20:36 - 2016-04-01 16:28 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-31 20:36 - 2016-04-01 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-31 20:36 - 2016-04-01 16:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-31 20:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-31 20:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-31 20:35 - 2016-03-31 20:35 - 22851472 _____ (Malwarebytes ) C:\Users\Abdikarim\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-31 20:32 - 2016-03-31 20:32 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Abdikarim\Downloads\iExplore (1).exe
2016-03-31 20:28 - 2016-03-31 20:31 - 00606816 _____ C:\TDSSKiller.3.1.0.9_31.03.2016_20.28.55_log.txt
2016-03-31 20:28 - 2016-03-31 20:28 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Abdikarim\Downloads\tdsskiller.exe
2016-03-31 09:29 - 2016-03-31 09:29 - 00776280 _____ (Toolwiz.com. ) C:\Users\Abdikarim\Downloads\Setup_SmartDefrag.exe
2016-03-31 09:29 - 2016-03-31 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE
2016-03-31 09:29 - 2016-03-31 09:29 - 00000000 ____D C:\Program Files (x86)\Toolwiz Smart Defrag FREE
2016-03-31 09:19 - 2016-03-31 09:19 - 00000000 ____D C:\Users\Abdikarim\AppData\Local\Intel_Corporation
2016-03-31 09:13 - 2016-04-01 16:36 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-03-31 09:12 - 2016-03-31 09:12 - 37409400 _____ (Malwarebytes ) C:\Users\Abdikarim\Downloads\MBARW_Setup.exe
2016-03-31 09:08 - 2016-04-01 16:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-31 09:07 - 2016-04-01 16:36 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-31 09:07 - 2016-03-31 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-31 09:07 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-31 09:03 - 2016-03-31 09:46 - 00000000 ____D C:\Users\Abdikarim\Desktop\mbar
2016-03-31 09:03 - 2016-03-31 09:03 - 03102720 _____ C:\Users\Abdikarim\Downloads\adwcleaner_5.108 (1).exe
2016-03-31 08:59 - 2016-03-31 08:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Abdikarim\Downloads\mbar-1.09.3.1001.exe
2016-03-31 08:57 - 2016-03-31 09:00 - 00000000 ____D C:\AdwCleaner
2016-03-31 08:56 - 2016-03-31 08:56 - 03102720 _____ C:\Users\Abdikarim\Downloads\adwcleaner_5.108.exe
2016-03-31 08:45 - 2016-04-01 16:18 - 00000000 ____D C:\Program Files (x86)\System Ninja
2016-03-31 08:45 - 2016-03-31 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2016-03-31 08:44 - 2016-03-31 08:44 - 02390020 _____ (SingularLabs ) C:\Users\Abdikarim\Downloads\ninja-setup-3.1.2.exe
2016-03-31 05:18 - 2016-03-31 05:18 - 00003346 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-03-31 05:18 - 2016-03-31 05:18 - 00002279 _____ C:\Users\Abdikarim\Desktop\SpyHunter.lnk
2016-03-31 05:18 - 2016-03-31 05:18 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-03-31 05:18 - 2016-03-31 05:18 - 00000000 ____D C:\Users\Abdikarim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-03-31 05:18 - 2016-03-31 05:18 - 00000000 ____D C:\sh4ldr
2016-03-31 05:18 - 2016-03-31 05:18 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-03-31 04:16 - 2016-03-31 08:46 - 00176706 _____ C:\Users\Abdikarim\Downloads\Unconfirmed 859121.crdownload
2016-03-31 04:16 - 2016-03-31 08:46 - 00176706 _____ C:\Users\Abdikarim\Downloads\Unconfirmed 114637.crdownload
2016-03-31 04:05 - 2016-04-01 15:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-03-31 04:01 - 2016-03-31 05:18 - 00000000 ____D C:\Users\Abdikarim\Documents\Spy Hunter PRO
2016-03-31 03:59 - 2016-03-31 04:02 - 162231000 _____ (Kaspersky Lab) C:\Users\Abdikarim\Downloads\kis16.0.0.614en-gb.exe
2016-03-31 03:59 - 2016-03-31 04:00 - 14959149 _____ C:\Users\Abdikarim\Downloads\Spy Hunter PRO.rar
2016-03-31 03:29 - 2016-03-31 03:30 - 14856368 _____ (Enigma Software Group USA, LLC.) C:\Users\Abdikarim\Downloads\RegHunter-Installer.exe
2016-03-31 03:20 - 2016-03-31 03:20 - 00000000 _____ C:\autoexec.bat
2016-03-31 03:18 - 2016-03-31 03:18 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Abdikarim\Downloads\SpyHunter-Installer.exe
2016-03-31 03:18 - 2016-03-31 03:18 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-31 02:32 - 2016-03-31 02:32 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-31 02:30 - 2016-03-31 02:30 - 55550688 _____ (Microsoft Corporation) C:\Users\Abdikarim\Downloads\Windows-KB890830-x64-V5.34.exe
2016-03-31 02:25 - 2016-03-31 02:25 - 02374144 _____ (Farbar) C:\Users\Abdikarim\Downloads\FRST64.exe
2016-03-31 02:20 - 2016-03-31 02:20 - 00000000 ____D C:\Program Files (x86)\Toshiba TEMPRO
2016-03-31 00:17 - 2016-03-31 00:19 - 119573272 _____ (Microsoft Corporation) C:\Users\Abdikarim\Downloads\msert.exe
2016-03-31 00:10 - 2016-03-31 00:10 - 00886256 _____ (Microsoft Corporation) C:\Users\Abdikarim\Downloads\mssstool64.exe
2016-03-31 00:10 - 2016-03-31 00:10 - 00886256 _____ (Microsoft Corporation) C:\Users\Abdikarim\Downloads\mssstool32.exe
2016-03-30 23:23 - 2016-04-01 16:25 - 00002602 _____ C:\Users\Abdikarim\Desktop\Rkill.txt
2016-03-30 23:23 - 2016-03-30 23:23 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Abdikarim\Downloads\iExplore64.exe
2016-03-30 23:22 - 2016-03-30 23:22 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Abdikarim\Downloads\iExplore.exe
2016-03-30 22:39 - 2015-12-09 04:39 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-03-22 23:25 - 2016-03-22 23:26 - 00000000 ____D C:\Users\Abdikarim\Desktop\tcp
2016-03-22 23:11 - 2016-03-22 23:25 - 00291606 _____ C:\Users\Abdikarim\Downloads\TCPView.zip
2016-03-21 17:21 - 2016-03-30 23:11 - 00002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-21 17:21 - 2016-03-30 23:11 - 00002174 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-20 00:23 - 2016-03-20 00:23 - 00002179 _____ C:\Users\Public\Desktop\Toshiba Tempro.lnk
2016-03-19 23:22 - 2016-03-19 23:22 - 00001915 _____ C:\Users\Public\Desktop\Battery Check Utility.lnk
2016-03-19 23:22 - 2016-03-19 23:22 - 00000000 ____D C:\ProgramData\TOSHIBA Tempro
2016-03-19 23:22 - 2016-03-19 23:22 - 00000000 ____D C:\ProgramData\IsolatedStorage
2016-03-19 23:21 - 2016-03-19 23:21 - 00000000 ____D C:\Users\Abdikarim\AppData\Roaming\WinBatch
2016-03-19 17:43 - 2016-03-19 17:43 - 00000000 ____D C:\Users\Abdikarim\AppData\Roaming\WildTangent
2016-03-18 19:13 - 2016-03-21 17:21 - 00000000 ____D C:\Users\Abdikarim\AppData\Local\Deployment
2016-03-18 19:13 - 2016-03-18 19:13 - 00000000 ____D C:\Users\Abdikarim\AppData\Local\Apps\2.0
2016-03-13 17:19 - 2016-03-31 02:09 - 00000000 ____D C:\ProgramData\Tubje
2016-03-13 16:24 - 2016-03-13 16:24 - 00000000 ____D C:\ProgramData\ToshibaEurope
2016-03-08 13:58 - 2016-03-08 13:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-03-04 13:58 - 2016-03-04 13:58 - 00000000 ____D C:\Users\Abdikarim\AppData\Local\WinZip
2016-03-03 15:58 - 2016-03-13 16:26 - 00003096 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1376254598-1204934254-887906221-1001
2016-03-03 15:58 - 2016-03-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-03-03 15:57 - 2015-07-17 14:51 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-03 15:57 - 2015-07-17 14:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-03 15:48 - 2016-03-03 15:48 - 00002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-03 15:48 - 2016-03-03 15:48 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-03 15:48 - 2016-03-03 15:48 - 00002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-03 15:48 - 2016-03-03 15:48 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-03 15:48 - 2016-03-03 15:48 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-03 15:48 - 2016-03-03 15:48 - 00002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-03 15:48 - 2016-03-03 15:48 - 00002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-03 15:48 - 2016-03-03 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-03 15:41 - 2016-03-03 15:41 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-02 20:59 - 2016-03-02 20:59 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-03-02 20:16 - 2016-03-02 20:16 - 00000000 ____D C:\Users\Abdikarim\AppData\Roaming\McAfee
2016-03-02 20:01 - 2016-03-02 20:01 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-03-02 20:01 - 2016-03-02 20:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-03-02 19:59 - 2016-03-02 19:59 - 00000000 __SHD C:\Users\Abdikarim\AppData\LocalLow\EmieUserList
2016-03-02 19:59 - 2016-03-02 19:59 - 00000000 __SHD C:\Users\Abdikarim\AppData\LocalLow\EmieSiteList
2016-03-02 19:59 - 2016-03-02 19:59 - 00000000 __SHD C:\Users\Abdikarim\AppData\Local\EmieUserList
2016-03-02 19:59 - 2016-03-02 19:59 - 00000000 __SHD C:\Users\Abdikarim\AppData\Local\EmieSiteList
2016-03-02 19:59 - 2016-03-02 19:59 - 00000000 ____D C:\Users\Abdikarim\AppData\Roaming\Macromedia
2016-03-02 19:58 - 2016-04-01 16:38 - 00000000 ___DO C:\Users\Abdikarim\OneDrive
2016-03-02 19:58 - 2016-03-21 17:22 - 00000000 ____D C:\Users\Abdikarim\AppData\Local\Google
2016-03-02 19:57 - 2016-04-01 20:18 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1376254598-1204934254-887906221-1001
2016-03-02 19:52 - 2016-03-02 19:52 - 00000000 ____D C:\Users\Abdikarim\AppData\Local\TOSHIBA
2016-03-02 19:50 - 2016-03-02 19:50 - 00001453 _____ C:\Users\Abdikarim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-02 19:50 - 2016-03-02 19:50 - 00000000 ____D C:\Users\Abdikarim\AppData\Roaming\Adobe
2016-03-02 19:50 - 2016-03-02 19:50 - 00000000 ____D C:\Users\Abdikarim\AppData\Local\VirtualStore
2016-03-02 19:49 - 2016-03-30 22:30 - 00000000 ____D C:\Users\Abdikarim\AppData\Local\Packages
2016-03-02 19:47 - 2016-03-31 21:09 - 00000000 ____D C:\Users\Abdikarim
2016-03-02 19:47 - 2016-03-02 19:47 - 00000020 ___SH C:\Users\Abdikarim\ntuser.ini
2016-03-02 19:47 - 2014-03-18 16:34 - 00000369 _____ C:\Users\Abdikarim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-02 19:47 - 2014-03-18 16:34 - 00000369 _____ C:\Users\Abdikarim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-02 18:39 - 2016-03-02 18:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-02 16:55 - 2016-03-02 16:55 - 00000000 _____ C:\Recovery.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-01 20:01 - 2014-09-10 00:39 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-01 19:00 - 2014-09-10 00:39 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-01 17:25 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-01 17:23 - 2014-09-10 00:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-01 16:35 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 16:15 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-01 16:01 - 2014-03-18 16:25 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-01 16:01 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-04-01 15:43 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-04-01 15:40 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-03-31 08:51 - 2014-09-11 00:40 - 00000000 ____D C:\Windows\Panther
2016-03-31 05:45 - 2014-10-13 10:13 - 00000000 ____D C:\Windows\System32\Tasks\TOSHIBA
2016-03-30 22:30 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-28 00:15 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-03-21 17:21 - 2014-09-10 00:39 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-19 23:21 - 2014-10-13 10:01 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-03-19 23:21 - 2014-09-10 00:25 - 00000000 ____D C:\Program Files\TOSHIBA
2016-03-19 17:43 - 2014-10-13 10:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-19 17:43 - 2014-10-13 10:28 - 00000000 ____D C:\ProgramData\WildTangent
2016-03-19 17:43 - 2014-10-13 10:28 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-03-19 17:41 - 2014-10-13 10:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-18 19:02 - 2014-10-13 10:38 - 00000000 ____D C:\ProgramData\McAfee
2016-03-18 19:02 - 2014-10-13 10:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-13 17:02 - 2014-09-10 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-13 16:17 - 2013-08-22 15:44 - 00474024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-07 19:57 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-03-07 19:56 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-07 19:51 - 2014-03-18 16:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-07 19:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2016-03-07 19:51 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-03-07 19:51 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-07 19:51 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-07 19:51 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-03-07 19:51 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-07 19:51 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\servicing
2016-03-07 19:50 - 2014-03-18 16:00 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-03-07 19:50 - 2014-03-18 16:00 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-03-07 19:50 - 2014-03-18 16:00 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-03-07 19:50 - 2014-03-18 16:00 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-03-07 19:50 - 2014-03-18 16:00 - 00000000 ____D C:\Windows\system32\winrm
2016-03-07 19:50 - 2014-03-18 16:00 - 00000000 ____D C:\Windows\system32\WCN
2016-03-07 19:50 - 2014-03-18 16:00 - 00000000 ____D C:\Windows\system32\slmgr
2016-03-07 19:50 - 2014-03-18 16:00 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\MUI
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\migwiz
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Com
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\IME
2016-03-07 19:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Help
2016-03-07 19:50 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-03-07 19:50 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-07 19:50 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-03-07 19:50 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\oobe
2016-03-07 19:50 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Dism
2016-03-04 13:58 - 2014-09-10 00:41 - 00000000 ____D C:\ProgramData\WinZip
2016-03-03 15:41 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-02 20:54 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-02 19:58 - 2014-09-10 00:25 - 00000000 ____D C:\ProgramData\TOSHIBA
2016-03-02 19:56 - 2014-09-10 00:39 - 00003910 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-02 19:56 - 2014-09-10 00:39 - 00003674 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-02 19:49 - 2014-03-18 16:00 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-03-02 16:55 - 2013-08-22 16:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
 
Some files in TEMP:
====================
C:\Users\Abdikarim\AppData\Local\Temp\HitmanPro.exe
C:\Users\Abdikarim\AppData\Local\Temp\libeay32.dll
C:\Users\Abdikarim\AppData\Local\Temp\msvcr120.dll
C:\Users\Abdikarim\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-01 00:43
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Abdikarim (2016-04-01 21:55:21)
Running from C:\Users\Abdikarim\Desktop
Windows 8.1 (X64) (2016-03-02 18:49:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Abdikarim (S-1-5-21-1376254598-1204934254-887906221-1001 - Administrator - Enabled) => C:\Users\Abdikarim
Administrator (S-1-5-21-1376254598-1204934254-887906221-500 - Administrator - Disabled)
Guest (S-1-5-21-1376254598-1204934254-887906221-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1376254598-1204934254-887906221-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.227 - Broadcom Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.38.57 - Conexant)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4328.05 - CyberLink Corp.)
DTS Sound (HKLM-x32\...\{BC95D4AF-4DAC-4350-8BCE-C8BF16A13AE0}) (Version: 1.01.8800 - DTS, Inc.)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6741.2021 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1376254598-1204934254-887906221-1001\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
RegHunter (HKLM-x32\...\RegHunter) (Version: 2.0.24.1985 - Enigma Software Group, LLC)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
System Ninja version 3.1.2 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1.2 - SingularLabs)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.06.6403 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.9.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {015E637F-7EC7-4819-BC83-4FD75EAAA654} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {03CA85FC-BDDF-4365-A964-9260806836C1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1376254598-1204934254-887906221-1001 => C:\Users\Abdikarim\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-13] (Microsoft Corporation)
Task: {03E9EDC6-5499-474C-899E-DB0DC32481AD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)
Task: {342F68CA-0A21-4401-A9C5-35E755E3832E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-02] (Google Inc.)
Task: {6F064A19-B048-4C67-A123-492A4EBD27FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)
Task: {7E2DC276-A5A7-4DB8-88F7-6E58CC3BF627} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2010-05-18] (Enigma Software Group USA, LLC.)
Task: {7F76E30D-22C8-41A8-B784-E95CB6104226} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2014-06-04] ()
Task: {9CBE00ED-627F-4924-A8EC-A8DED2F34AEC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-01] (Microsoft Corporation)
Task: {CF8A3588-93C3-4019-A928-29E4C9B9E54E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {D95BE3D6-1500-4F2E-B1AC-ECC41A58F765} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH)
Task: {FBE12B9C-644D-49A3-8F63-B058AE69F6F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-02] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-01 16:06 - 2016-03-23 08:37 - 01043424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2016-03-17 18:59 - 2016-04-01 16:38 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-01 16:06 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2014-06-30 11:11 - 2014-06-30 11:11 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-03-03 15:41 - 2016-03-20 13:10 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-30 23:10 - 2016-03-27 08:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-30 23:10 - 2016-03-27 08:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2016-03-30 23:10 - 2016-03-27 08:58 - 17545880 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2016-04-01 17:05 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1376254598-1204934254-887906221-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Abdikarim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "TCrdMain"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{41E94444-1569-4B0D-99E9-1F19808D8CA5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{6480E709-2617-47F2-92C4-4F31DF7A6DE4}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D5B7140A-4485-4819-8D23-94E6519DA615}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{FCFEE1F3-C806-439D-A7D2-BA82C5F9386B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F446FDE8-17C7-41D6-BB9B-86F93DFC0266}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{5F566B88-7F32-435E-A769-68F4DB8AB2D1}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{18D55025-FEB4-4350-AFBC-6A7B52D4FCBD}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{9A2E8864-61AF-4900-A118-504599A23CE3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EDB29170-B503-4243-A6C1-8B4C293742A7}] => (Allow) C:\Users\Abdikarim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{EC31F3A7-6B3B-400B-A1E3-74081299AA83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-03-2016 18:36:09 Scheduled Checkpoint
31-03-2016 04:02:32 Installed SpyHunter
31-03-2016 20:55:08 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/01/2016 07:18:33 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (04/01/2016 05:22:45 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ADOT)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.
 
Error: (04/01/2016 04:01:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbarw.exe, version: 1.0.0.155, time stamp: 0x56d989b4
Faulting module name: mbarw.exe, version: 1.0.0.155, time stamp: 0x56d989b4
Exception code: 0xc0000005
Fault offset: 0x000000000002ca31
Faulting process ID: 0x13e0
Faulting application start time: 0xmbarw.exe0
Faulting application path: mbarw.exe1
Faulting module path: mbarw.exe2
Report ID: mbarw.exe3
Faulting package full name: mbarw.exe4
Faulting package-relative application ID: mbarw.exe5
 
Error: (04/01/2016 04:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Faulting module name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Exception code: 0xc0000409
Fault offset: 0x00000000001683e0
Faulting process ID: 0xbb8
Faulting application start time: 0xMBAMService.exe0
Faulting application path: MBAMService.exe1
Faulting module path: MBAMService.exe2
Report ID: MBAMService.exe3
Faulting package full name: MBAMService.exe4
Faulting package-relative application ID: MBAMService.exe5
 
Error: (04/01/2016 04:00:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbarw.exe, version: 1.0.0.155, time stamp: 0x56d989b4
Faulting module name: mbarw.exe, version: 1.0.0.155, time stamp: 0x56d989b4
Exception code: 0xc0000005
Fault offset: 0x000000000002ca31
Faulting process ID: 0x11ac
Faulting application start time: 0xmbarw.exe0
Faulting application path: mbarw.exe1
Faulting module path: mbarw.exe2
Report ID: mbarw.exe3
Faulting package full name: mbarw.exe4
Faulting package-relative application ID: mbarw.exe5
 
Error: (04/01/2016 04:00:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Faulting module name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Exception code: 0xc0000409
Fault offset: 0x00000000001683e0
Faulting process ID: 0x1114
Faulting application start time: 0xMBAMService.exe0
Faulting application path: MBAMService.exe1
Faulting module path: MBAMService.exe2
Report ID: MBAMService.exe3
Faulting package full name: MBAMService.exe4
Faulting package-relative application ID: MBAMService.exe5
 
Error: (04/01/2016 03:59:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbarw.exe, version: 1.0.0.155, time stamp: 0x56d989b4
Faulting module name: mbarw.exe, version: 1.0.0.155, time stamp: 0x56d989b4
Exception code: 0xc0000005
Fault offset: 0x000000000002ca31
Faulting process ID: 0x13f8
Faulting application start time: 0xmbarw.exe0
Faulting application path: mbarw.exe1
Faulting module path: mbarw.exe2
Report ID: mbarw.exe3
Faulting package full name: mbarw.exe4
Faulting package-relative application ID: mbarw.exe5
 
Error: (04/01/2016 03:59:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Faulting module name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Exception code: 0xc0000409
Fault offset: 0x00000000001683e0
Faulting process ID: 0x1208
Faulting application start time: 0xMBAMService.exe0
Faulting application path: MBAMService.exe1
Faulting module path: MBAMService.exe2
Report ID: MBAMService.exe3
Faulting package full name: MBAMService.exe4
Faulting package-relative application ID: MBAMService.exe5
 
Error: (04/01/2016 03:58:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17039 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9bc
 
Start Time: 01d18c26989c01b5
 
Termination Time: 2312
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 2b599c3f-f81a-11e5-8271-c45444e45f3d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/01/2016 03:56:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Faulting module name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Exception code: 0xc0000409
Fault offset: 0x00000000001683e0
Faulting process ID: 0x638
Faulting application start time: 0xMBAMService.exe0
Faulting application path: MBAMService.exe1
Faulting module path: MBAMService.exe2
Report ID: MBAMService.exe3
Faulting package full name: MBAMService.exe4
Faulting package-relative application ID: MBAMService.exe5
 
 
System errors:
=============
Error: (04/01/2016 04:35:17 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/01/2016 04:32:43 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/01/2016 04:32:43 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/01/2016 04:32:43 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/01/2016 04:32:43 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/01/2016 04:32:43 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/01/2016 04:32:43 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/01/2016 04:29:37 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/01/2016 04:29:37 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/01/2016 04:29:36 PM) (Source: DCOM) (EventID: 10005) (User: ADOT)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3530 @ 2.16GHz
Percentage of memory in use: 61%
Total physical RAM: 3978.95 MB
Available physical RAM: 1524.8 MB
Total Virtual: 12682.95 MB
Available Virtual: 9607.33 MB
 
==================== Drives ================================
 
Drive c: (TI31381700A) (Fixed) (Total:686.6 GB) (Free:650.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:41 AM

Posted 02 April 2016 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean.

Are you having issues with this computer?

#3 gucciloafers123

gucciloafers123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 02 April 2016 - 09:06 PM

could you guide me as how to check my dns or internet as i think it needs checking, thanks tho



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:41 AM

Posted 03 April 2016 - 07:27 AM


This is not my forte. I suggest you start a new topic in the Networking forum.
http://www.bleepingcomputer.com/forums/f/21/networking/

An expert should be able to help your better that I can.

Before you post please download and run this tool.
Post the log it should expedite that matter.


Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users