Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Many Viruses


  • This topic is locked This topic is locked
12 replies to this topic

#1 Gatt

Gatt

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 04 April 2016 - 10:01 AM

Hello, I got infected with a virus I'am not able to run FRST it automatically close when I open it also regedit closes when I try to open it aswell, and when I use my USB stick it create shortcuts of the files itself on the USB folder also whenever i try to show the hidden folder i get error saying "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:28 PM

Posted 04 April 2016 - 11:45 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will get back to you with instructions.

 

 

Have you tried running FRST in Safemode?

http://windows.microsoft.com/en-us/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7
 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Gatt

Gatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 04 April 2016 - 01:39 PM

Thanks FRST runs fine on safe mode, the problem is iam infected with a virus, it keeps creating shortcuts on the USB of files and iam not able to open msconfig (it auto closes) and whenever i try to show the hidden folder i get error saying "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.",Thanks.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Fady (administrator) on FADY-PC (04-04-2016 20:17:30)
Running from C:\Users\Fady\Downloads
Loaded Profiles: Fady (Available Profiles: Fady)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => F:\Programs\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [56592 2016-03-03] (Raptr, Inc)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3931728 2015-12-18] (Tonec Inc.)
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
HKU\S-1-5-18\...\RunOnce: [iCloud] => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\Users\Fady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk [2016-04-04]
ShortcutTarget: atajo.lnk -> C:\Users\Fady\AppData\Roaming\cnyaq\jobvy64.exe (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 16 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 163.121.128.134 163.121.128.135
Tcpip\..\Interfaces\{83467d14-22c3-4599-a324-8e281a3727b3}: [DhcpNameServer] 163.121.128.134 163.121.128.135

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.hhtxnet.com/
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.hhtxnet.com/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\TnLSFmKPjXbx.dll [2016-04-03] ()
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> F:\Programs\Visual Studio Ultimate 2013\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\uNaRp1RpKmSW.dll [2016-04-03] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default
FF Homepage: hxxp://login.hhtxnet.com/search.php?q=
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxp://login.hhtxnet.com/search.php?q=
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2015-07-30] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2015-07-30] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\user.js [2016-04-04]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2010-06-26] (mozilla.org)
FF Extension: Live HTTP headers - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2015-08-05]
FF Extension: Bookmarks menu - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\bookmarks-menu@dio.gr.xpi [2016-02-04]
FF Extension: Greasemonkey - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-02-22]
FF Extension: Link Gopher - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\linkgopher@oooninja.com.xpi [2016-03-10]
FF Extension: Flash and Video Download - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-03-25]
FF Extension: Adblock Plus - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-12-09]
FF HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Fady\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Fady\AppData\Roaming\IDM\idmmzcc5 [2016-04-04] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2010-06-26]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2010-06-26]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2010-06-26]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2010-06-26]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]
CHR HKU\S-1-5-21-69444649-1614559510-3069998728-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-12-04] (Advanced Micro Devices) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1145216 2015-05-18] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-08-06] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 SbieSvc; F:\Programs\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S2 TeamViewer; F:\Programs\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2015-12-16] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 SbieDrv; F:\Programs\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) [File not signed]
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
S2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-04 20:17 - 2016-04-04 20:17 - 00016596 _____ C:\Users\Fady\Downloads\FRST.txt
2016-04-04 20:14 - 2016-04-04 20:17 - 00000000 ____D C:\FRST
2016-04-04 20:12 - 2016-04-04 20:14 - 00220418 _____ C:\WINDOWS\ntbtlog.txt
2016-04-04 20:12 - 2016-04-04 20:12 - 00016148 _____ C:\WINDOWS\system32\FADY-PC_Fady_HistoryPrediction.bin
2016-04-04 20:12 - 2016-04-04 20:12 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-04 16:56 - 2016-04-04 16:56 - 02374144 _____ (Farbar) C:\Users\Fady\Downloads\FRST64.exe
2016-04-04 16:48 - 2016-04-04 16:48 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2016-04-04 16:48 - 2016-04-04 16:48 - 00000000 _SHDL C:\Users\TEMP\My Documents
2016-04-04 16:48 - 2016-04-04 16:48 - 00000000 _SHDL C:\Users\TEMP\Documents\My Videos
2016-04-04 16:48 - 2016-04-04 16:48 - 00000000 _SHDL C:\Users\TEMP\Documents\My Pictures
2016-04-04 16:48 - 2016-04-04 16:48 - 00000000 _SHDL C:\Users\TEMP\Documents\My Music
2016-04-04 16:48 - 2016-04-04 16:48 - 00000000 ____D C:\Users\TEMP
2016-04-04 16:48 - 2015-08-21 18:40 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\ATI
2016-04-04 16:48 - 2015-08-21 18:40 - 00000000 ____D C:\Users\TEMP\AppData\Local\ATI
2016-04-04 16:48 - 2015-07-30 03:32 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-04-04 16:17 - 2016-04-04 20:03 - 00000000 ___HD C:\Users\Fady\AppData\Roaming\cnyaq
2016-04-03 16:11 - 2016-04-03 16:11 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Proxifier
2016-04-03 16:10 - 2016-04-03 16:10 - 00000258 __RSH C:\Users\Fady\ntuser.pol
2016-04-03 16:10 - 2016-04-03 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier
2016-04-03 16:10 - 2015-03-28 15:55 - 00143944 _____ (Initex) C:\WINDOWS\system32\ProxifierShellExt.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00119880 _____ (Initex) C:\WINDOWS\SysWOW64\ProxifierShellExt.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00118856 _____ (Initex) C:\WINDOWS\system32\PrxerDrv.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00097864 _____ (Initex) C:\WINDOWS\SysWOW64\PrxerDrv.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00096840 _____ C:\WINDOWS\system32\PrxerNsp.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00084040 _____ C:\WINDOWS\SysWOW64\PrxerNsp.dll
2016-04-03 15:45 - 2016-04-04 20:02 - 00000344 _____ C:\WINDOWS\Tasks\Update Service for Torrent Search.job
2016-04-03 15:45 - 2016-04-03 16:09 - 00000344 _____ C:\WINDOWS\Tasks\Update Service for Torrent Search2.job
2016-04-03 15:45 - 2016-04-03 15:45 - 00003050 _____ C:\WINDOWS\System32\Tasks\Update Service for Torrent Search2
2016-04-03 15:45 - 2016-04-03 15:45 - 00002746 _____ C:\WINDOWS\System32\Tasks\Update Service for Torrent Search
2016-04-03 15:45 - 2016-04-03 15:45 - 00000000 ____D C:\Program Files (x86)\Torrent Search
2016-04-02 21:22 - 2015-03-24 19:09 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SPORDER.DLL
2016-04-01 13:43 - 2016-04-01 13:43 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Gyazo
2016-04-01 13:42 - 2016-04-02 15:41 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-04-01 13:42 - 2016-04-01 13:42 - 00003508 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-04-01 13:42 - 2016-04-01 13:42 - 00003372 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2016-04-01 13:42 - 2016-04-01 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2016-04-01 12:53 - 2016-04-01 12:59 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Learnpulse
2016-04-01 12:53 - 2016-04-01 12:59 - 00000000 ____D C:\Users\Fady\AppData\Local\Learnpulse
2016-04-01 12:36 - 2016-01-09 03:15 - 01629483 _____ C:\Users\Fady\Desktop\Ebola v2.pdf
2016-03-30 22:10 - 2016-03-30 22:12 - 00000000 ____D C:\ProgramData\616934
2016-03-30 22:10 - 2016-03-30 22:10 - 00003208 _____ C:\WINDOWS\System32\Tasks\Client
2016-03-30 22:10 - 2016-03-30 22:10 - 00001579 _____ C:\ProgramData\XML
2016-03-30 22:10 - 2016-03-30 22:10 - 00000006 ____S C:\ProgramData\db07099aaa28a8a62e11b899fa0543fc7282d5a3
2016-03-30 22:10 - 2016-03-30 22:10 - 00000000 ____D C:\ProgramData\617034
2016-03-30 22:09 - 2016-03-30 22:09 - 00324608 _____ C:\Users\Fady\AppData\Roaming\KchppIcvKkIsaTy
2016-03-30 22:09 - 2016-03-30 22:09 - 00212992 _____ C:\Users\Fady\AppData\Roaming\SzoLCEyJc.exe
2016-03-28 20:29 - 2016-04-04 02:04 - 00000907 _____ C:\Users\Fady\Desktop\texts.txt
2016-03-27 12:15 - 2016-04-04 16:25 - 00884662 _____ C:\Users\Fady\Desktop\Freelancer.txt
2016-03-24 18:03 - 2016-03-24 18:03 - 00000000 ____D C:\Users\Fady\Desktop\MyBot-release-MBR_5.3.1
2016-03-21 21:08 - 2016-03-21 21:08 - 00000000 ____D C:\Users\Fady\.android
2016-03-17 16:59 - 2016-03-17 17:19 - 00000000 ____D C:\Users\Fady\AppData\Local\Ares
2016-03-12 00:46 - 2016-03-12 00:49 - 00000000 ____D C:\Program Files (x86)\WinISO Computing
2016-03-12 00:46 - 2016-03-12 00:46 - 00000000 ____D C:\Users\Fady\AppData\Roaming\WinISO Computing
2016-03-12 00:46 - 2016-03-12 00:46 - 00000000 ____D C:\Users\Fady\AppData\Local\WinISO Computing
2016-03-12 00:41 - 2016-03-30 15:47 - 00000000 ____D C:\Users\Fady\.VirtualBox
2016-03-11 21:43 - 2016-02-13 16:42 - 01937920 _____ (Microsoft) C:\Users\Fady\Desktop\Matchmaking Server Picker.exe
2016-03-10 18:11 - 2016-03-29 15:54 - 00000000 ____D C:\Users\Fady\.oracle_jre_usage
2016-03-10 00:40 - 2016-03-19 22:23 - 00000000 ____D C:\Program Files\mmpicker
2016-03-09 16:35 - 2016-03-09 16:43 - 00000000 ____D C:\Users\Fady\Desktop\ESP
2016-03-09 13:33 - 2016-03-09 15:29 - 00000000 ____D C:\Users\Fady\AppData\Roaming\PlaysTV
2016-03-09 13:28 - 2016-03-09 13:33 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-03-09 12:53 - 2016-02-23 16:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 12:53 - 2016-02-23 16:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-09 12:53 - 2016-02-23 16:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-09 12:53 - 2016-02-23 16:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 12:53 - 2016-02-23 16:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 12:53 - 2016-02-23 16:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 12:53 - 2016-02-23 16:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-09 12:53 - 2016-02-23 16:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-09 12:53 - 2016-02-23 16:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 12:53 - 2016-02-23 16:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 12:53 - 2016-02-23 16:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-09 12:53 - 2016-02-23 16:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-09 12:53 - 2016-02-23 16:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 12:53 - 2016-02-23 16:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-09 12:53 - 2016-02-23 16:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 12:53 - 2016-02-23 16:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-09 12:53 - 2016-02-23 16:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-09 12:53 - 2016-02-23 16:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 12:53 - 2016-02-23 16:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-09 12:53 - 2016-02-23 15:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 12:53 - 2016-02-23 15:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 12:53 - 2016-02-23 15:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 12:53 - 2016-02-23 15:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 12:53 - 2016-02-23 15:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 12:53 - 2016-02-23 15:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 12:53 - 2016-02-23 15:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 12:53 - 2016-02-23 15:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-09 12:53 - 2016-02-23 15:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-09 12:53 - 2016-02-23 15:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 12:53 - 2016-02-23 15:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-09 12:53 - 2016-02-23 14:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-09 12:53 - 2016-02-23 14:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-09 12:53 - 2016-02-23 14:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-09 12:53 - 2016-02-23 14:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 12:53 - 2016-02-23 14:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-09 12:53 - 2016-02-23 14:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-09 12:53 - 2016-02-23 14:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 12:53 - 2016-02-23 14:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-09 12:53 - 2016-02-23 14:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 12:53 - 2016-02-23 14:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-09 12:53 - 2016-02-23 14:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-09 12:53 - 2016-02-23 14:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 12:53 - 2016-02-23 14:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 12:53 - 2016-02-23 14:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-09 12:53 - 2016-02-23 13:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-09 12:53 - 2016-02-23 13:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-09 12:53 - 2016-02-23 13:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-09 12:53 - 2016-02-23 13:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 12:53 - 2016-02-23 13:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 12:53 - 2016-02-23 13:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 12:53 - 2016-02-23 13:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 12:53 - 2016-02-23 13:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 12:53 - 2016-02-23 13:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-09 12:53 - 2016-02-23 13:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-09 12:53 - 2016-02-23 13:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-09 12:53 - 2016-02-23 13:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 12:53 - 2016-02-23 13:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 12:53 - 2016-02-23 13:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-09 12:53 - 2016-02-23 13:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-09 12:53 - 2016-02-23 13:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-09 12:53 - 2016-02-23 13:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 12:53 - 2016-02-23 13:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 12:53 - 2016-02-23 13:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 12:53 - 2016-02-23 13:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 12:53 - 2016-02-23 13:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 12:53 - 2016-02-23 12:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 12:53 - 2016-02-23 12:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 12:53 - 2016-02-23 12:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 12:53 - 2016-02-23 12:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 12:53 - 2016-02-23 12:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 12:53 - 2016-02-23 12:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 12:53 - 2016-02-23 12:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 12:53 - 2016-02-23 12:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 12:53 - 2016-02-23 12:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-09 12:53 - 2016-02-23 12:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 12:53 - 2016-02-23 12:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 12:53 - 2016-02-23 12:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-09 12:53 - 2016-02-23 12:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 12:53 - 2016-02-23 12:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-09 12:53 - 2016-02-23 12:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 12:53 - 2016-02-23 12:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 12:53 - 2016-02-23 12:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 12:53 - 2016-02-23 12:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 12:53 - 2016-02-23 12:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 12:53 - 2016-02-23 12:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 12:53 - 2016-02-23 11:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-08 00:39 - 2016-03-23 22:06 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Jitsi
2016-03-08 00:39 - 2016-03-23 15:55 - 00000000 ____D C:\Users\Fady\AppData\Local\Jitsi
2016-03-08 00:39 - 2016-03-08 00:39 - 00001594 _____ C:\Users\Public\Desktop\Jitsi.lnk
2016-03-06 21:06 - 2016-03-04 14:07 - 04280837 _____ C:\Users\Fady\Downloads\O-Level-Chemistry Book.pdf
2016-03-06 21:06 - 2016-03-04 14:05 - 03457892 _____ C:\Users\Fady\Downloads\IGCSE_Chemistry_Notes.pdf
2016-03-06 21:06 - 2016-03-04 13:51 - 01233003 _____ C:\Users\Fady\Downloads\Summarized Chemistry.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-04 20:16 - 2015-07-30 03:30 - 01011562 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-04 20:16 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-04 20:12 - 2015-07-30 03:30 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-04-04 20:12 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-04 20:11 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-04 20:11 - 2015-06-05 09:09 - 00000000 ____D C:\Users\Fady\AppData\Roaming\DMCache
2016-04-04 20:03 - 2015-06-05 09:11 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Raptr
2016-04-04 16:29 - 2015-08-08 17:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-04 15:56 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-04 15:50 - 2015-08-04 20:23 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCD68613-EB9E-4B11-BD01-77694D37FE30}
2016-04-04 15:50 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-04 01:12 - 2016-02-20 10:51 - 00002290 _____ C:\Users\Fady\Documents\Default.rdp
2016-04-04 01:10 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-04-03 16:10 - 2015-07-30 03:31 - 00000000 ____D C:\Users\Fady
2016-04-03 15:45 - 2015-07-30 15:55 - 00001274 __RSH C:\ProgramData\ntuser.pol
2016-04-03 15:45 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-01 00:32 - 2016-01-08 22:05 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Skype
2016-03-31 16:03 - 2015-07-24 14:55 - 00000998 _____ C:\Users\Fady\Desktop\Process Hacker 2.lnk
2016-03-29 15:55 - 2015-09-08 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-29 15:55 - 2015-09-08 21:18 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-29 15:55 - 2015-06-08 15:24 - 00000000 ____D C:\ProgramData\Oracle
2016-03-29 15:54 - 2015-09-08 21:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-25 22:55 - 2015-06-07 16:01 - 00000000 ____D C:\Users\Fady\Documents\ShareX
2016-03-25 21:45 - 2015-11-14 16:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-25 21:45 - 2015-11-14 16:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-25 19:41 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-25 18:05 - 2015-11-14 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-19 22:23 - 2015-08-04 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-16 17:13 - 2015-06-07 02:48 - 00000000 ____D C:\Users\Fady\AppData\Roaming\uTorrent
2016-03-12 15:41 - 2016-01-04 16:21 - 00000000 ____D C:\Users\Fady\VirtualBox VMs
2016-03-11 15:53 - 2016-02-29 01:45 - 04974664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-11 15:53 - 2015-07-30 03:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-11 15:52 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-11 15:52 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-11 15:52 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-11 15:52 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-11 15:28 - 2015-06-07 01:35 - 00000000 ____D C:\ProgramData\Nimoru
2016-03-11 13:36 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-10 21:11 - 2016-01-16 23:52 - 00004528 _____ C:\Users\Fady\Desktop\CP.txt
2016-03-10 18:12 - 2015-11-19 17:56 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Sun
2016-03-09 12:55 - 2015-07-29 05:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 12:54 - 2015-06-05 08:52 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 09:10 - 2015-08-12 17:54 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 09:10 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 00:40 - 2016-01-02 23:35 - 00000000 ____D C:\Users\Fady\Tracing
2016-03-06 12:29 - 2016-01-03 15:02 - 00000000 ____D C:\Users\Fady\AppData\Roaming\IDM

==================== Files in the root of some directories =======

2016-03-30 22:09 - 2016-03-30 22:09 - 0324608 _____ () C:\Users\Fady\AppData\Roaming\KchppIcvKkIsaTy
2016-03-30 22:09 - 2016-03-30 22:09 - 0212992 _____ () C:\Users\Fady\AppData\Roaming\SzoLCEyJc.exe
2015-12-24 17:25 - 2015-12-24 17:25 - 0000218 _____ () C:\Users\Fady\AppData\Local\recently-used.xbel
2016-03-30 22:10 - 2016-03-30 22:10 - 0000006 ____S () C:\ProgramData\db07099aaa28a8a62e11b899fa0543fc7282d5a3
2016-03-30 22:10 - 2016-03-30 22:10 - 0001579 _____ () C:\ProgramData\XML

Some files in TEMP:
====================
C:\Users\Fady\AppData\Local\Temp\5188800AB768.dll
C:\Users\Fady\AppData\Local\Temp\ICReinstall_InstallMonster_Download_Manager.exe
C:\Users\Fady\AppData\Local\Temp\jna1643504041748132333.dll
C:\Users\Fady\AppData\Local\Temp\jna432263610888390675.dll
C:\Users\Fady\AppData\Local\Temp\jna6601879016017789555.dll
C:\Users\Fady\AppData\Local\Temp\jna6753905327173858108.dll
C:\Users\Fady\AppData\Local\Temp\jna8771910644507135991.dll
C:\Users\Fady\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Fady\AppData\Local\Temp\npp.6.9.Installer.exe
C:\Users\Fady\AppData\Local\Temp\PerfectService.exe
C:\Users\Fady\AppData\Local\Temp\playstv_patch.exe
C:\Users\Fady\AppData\Local\Temp\processhacker-2.39-setup.exe
C:\Users\Fady\AppData\Local\Temp\ShareX-10.8.0-setup.exe
C:\Users\Fady\AppData\Local\Temp\ShareX-10.9.1-setup.exe
C:\Users\Fady\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 16:07

==================== End of FRST.txt ============================

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:28 PM

Posted 04 April 2016 - 02:15 PM

Download attached fixlist.txt file and save it to the Desktop.    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system    Run FRST/FRST64 and press the Fix button just once and wait.  If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.  When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Do this in safemode. Then reboot and see if you can run Frst in Normal mode.

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Gatt

Gatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 04 April 2016 - 02:31 PM

Yes I can run FRST in Normal mode now.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Fady (2016-04-04 21:27:49) Run:1
Running from C:\Users\Fady\Downloads
Loaded Profiles: Fady (Available Profiles: Fady)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Startup: C:\Users\Fady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk [2016-04-04]
ShortcutTarget: atajo.lnk -> C:\Users\Fady\AppData\Roaming\cnyaq\jobvy64.exe (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\TnLSFmKPjXbx.dll [2016-04-03] ()
BHO-x32: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\uNaRp1RpKmSW.dll [2016-04-03] ()
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.hhtxnet.com/
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.hhtxnet.com/
FF Homepage: hxxp://login.hhtxnet.com/search.php?q=
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxp://login.hhtxnet.com/search.php?q=
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF user.js: detected! => C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\user.js [2016-04-04]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2016-03-30 22:10 - 2016-03-30 22:10 - 00000000 ____D C:\ProgramData\617034
2016-03-30 22:09 - 2016-03-30 22:09 - 00324608 _____ C:\Users\Fady\AppData\Roaming\KchppIcvKkIsaTy
2016-03-30 22:09 - 2016-03-30 22:09 - 00212992 _____ C:\Users\Fady\AppData\Roaming\SzoLCEyJc.exe
2016-03-30 22:10 - 2016-03-30 22:12 - 00000000 ____D C:\ProgramData\616934
emptytemp:
Task: {0CA7B3A7-69A2-4915-9F27-94D39950308B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {10EE51A6-B336-45BB-88BE-C5E591BF5C5A} - System32\Tasks\Update Service for Torrent Search2 => C:\Program Files (x86)\Torrent Search\Xre_G4d.exe [2016-04-03] () <==== ATTENTION
Task: {2F87F254-7E09-40CF-BCDB-7625F3A44358} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {526C392F-8896-4B9D-BC3E-8371D0E177F1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {92BD8C86-C463-430A-B974-1DC35E86096A} - System32\Tasks\Update Service for Torrent Search => C:\Program Files (x86)\Torrent Search\Xre_G4d.exe [2016-04-03] () <==== ATTENTION
Task: {98628F09-A453-4C37-8DAF-EABF1D8CDE21} - System32\Tasks\Client => C:\ProgramData\616934\client.exe
Task: {AAFDA547-82A9-4AF0-9E74-966855DF8F81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CE1EA5E4-4A74-4F20-AFE8-BDEC6D6D39C6} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {CED7718F-2AE2-4275-91DF-29EFCC57BFD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for Torrent Search.job => C:\Program Files (x86)\Torrent Search\Xre_G4d.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for Torrent Search2.job => C:\Program Files (x86)\Torrent Search\Xre_G4d.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [300]
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [278]
hosts:
*****************

C:\Users\Fady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk => moved successfully
C:\Users\Fady\AppData\Roaming\cnyaq\jobvy64.exe => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}" => key removed successfully
"HKCR\CLSID\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}" => key removed successfully
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Firefox "homepage" removed successfully
FF Session Restore: -> removed successfully
Firefox "Keyword.URL" removed successfully
Firefox Proxy settings were reset.
FF NetworkProxy: "type", 0 => not found
C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\user.js => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => path removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
C:\ProgramData\617034 => moved successfully
C:\Users\Fady\AppData\Roaming\KchppIcvKkIsaTy => moved successfully
C:\Users\Fady\AppData\Roaming\SzoLCEyJc.exe => moved successfully
C:\ProgramData\616934 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CA7B3A7-69A2-4915-9F27-94D39950308B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CA7B3A7-69A2-4915-9F27-94D39950308B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10EE51A6-B336-45BB-88BE-C5E591BF5C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10EE51A6-B336-45BB-88BE-C5E591BF5C5A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Update Service for Torrent Search2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service for Torrent Search2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F87F254-7E09-40CF-BCDB-7625F3A44358}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F87F254-7E09-40CF-BCDB-7625F3A44358}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{526C392F-8896-4B9D-BC3E-8371D0E177F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{526C392F-8896-4B9D-BC3E-8371D0E177F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92BD8C86-C463-430A-B974-1DC35E86096A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92BD8C86-C463-430A-B974-1DC35E86096A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Update Service for Torrent Search => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service for Torrent Search" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98628F09-A453-4C37-8DAF-EABF1D8CDE21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98628F09-A453-4C37-8DAF-EABF1D8CDE21}" => key removed successfully
C:\WINDOWS\System32\Tasks\Client => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Client" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAFDA547-82A9-4AF0-9E74-966855DF8F81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAFDA547-82A9-4AF0-9E74-966855DF8F81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE1EA5E4-4A74-4F20-AFE8-BDEC6D6D39C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE1EA5E4-4A74-4F20-AFE8-BDEC6D6D39C6}" => key removed successfully
C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CED7718F-2AE2-4275-91DF-29EFCC57BFD9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CED7718F-2AE2-4275-91DF-29EFCC57BFD9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\WINDOWS\Tasks\Update Service for Torrent Search.job => moved successfully
C:\WINDOWS\Tasks\Update Service for Torrent Search2.job => moved successfully
C:\ProgramData\TEMP => ":41ADDB8A" ADS removed successfully.
C:\ProgramData\TEMP => ":A064CECC" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 5.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:28:37 ====


Edited by Gatt, 04 April 2016 - 02:32 PM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:28 PM

Posted 04 April 2016 - 02:35 PM

Please run FRST in normal mode. Make sure the addition.txt is checked before running it. Then post the new FRST.txt log along with the new Addition.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Gatt

Gatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 04 April 2016 - 02:41 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Fady (administrator) on FADY-PC (04-04-2016 21:38:32)
Running from C:\Users\Fady\Downloads
Loaded Profiles: Fady & DefaultAppPool (Available Profiles: Fady & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) F:\Programs\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) F:\Programs\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => F:\Programs\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [56592 2016-03-03] (Raptr, Inc)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3931728 2015-12-18] (Tonec Inc.)
HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
HKU\S-1-5-18\...\RunOnce: [iCloud] => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 16 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Tcpip\Parameters: [DhcpNameServer] 163.121.128.134 163.121.128.135
Tcpip\..\Interfaces\{83467d14-22c3-4599-a324-8e281a3727b3}: [DhcpNameServer] 163.121.128.134 163.121.128.135

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> F:\Programs\Visual Studio Ultimate 2013\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2015-07-30] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2015-07-30] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2010-06-26] (mozilla.org)
FF Extension: Live HTTP headers - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2015-08-05]
FF Extension: Bookmarks menu - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\bookmarks-menu@dio.gr.xpi [2016-02-04]
FF Extension: Greasemonkey - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-02-22]
FF Extension: Link Gopher - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\linkgopher@oooninja.com.xpi [2016-03-10]
FF Extension: Flash and Video Download - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-03-25]
FF Extension: Adblock Plus - C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\dcpwk2x7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-12-09]
FF HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-69444649-1614559510-3069998728-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Fady\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Fady\AppData\Roaming\IDM\idmmzcc5 [2016-04-04] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2010-06-26]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2010-06-26]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2010-06-26]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2010-06-26]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]
CHR HKU\S-1-5-21-69444649-1614559510-3069998728-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-12-04] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1145216 2015-05-18] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-08-06] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 SbieSvc; F:\Programs\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; F:\Programs\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2015-12-16] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 SbieDrv; F:\Programs\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) [File not signed]
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-04 21:37 - 2016-04-04 21:37 - 00016148 _____ C:\WINDOWS\system32\FADY-PC_Fady_HistoryPrediction.bin
2016-04-04 21:29 - 2016-04-04 21:29 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2016-04-04 21:29 - 2016-04-04 21:29 - 00000000 _SHDL C:\Users\TEMP\My Documents
2016-04-04 21:29 - 2016-04-04 21:29 - 00000000 _SHDL C:\Users\TEMP\Documents\My Videos
2016-04-04 21:29 - 2016-04-04 21:29 - 00000000 _SHDL C:\Users\TEMP\Documents\My Pictures
2016-04-04 21:29 - 2016-04-04 21:29 - 00000000 _SHDL C:\Users\TEMP\Documents\My Music
2016-04-04 21:29 - 2016-04-04 21:29 - 00000000 ____D C:\Users\TEMP
2016-04-04 21:29 - 2015-08-21 18:40 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\ATI
2016-04-04 21:29 - 2015-08-21 18:40 - 00000000 ____D C:\Users\TEMP\AppData\Local\ATI
2016-04-04 21:29 - 2015-07-30 03:32 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-04-04 20:17 - 2016-04-04 21:38 - 00017336 _____ C:\Users\Fady\Downloads\FRST.txt
2016-04-04 20:14 - 2016-04-04 21:38 - 00000000 ____D C:\FRST
2016-04-04 20:12 - 2016-04-04 21:26 - 00402708 _____ C:\WINDOWS\ntbtlog.txt
2016-04-04 20:12 - 2016-04-04 21:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-04 16:56 - 2016-04-04 16:56 - 02374144 _____ (Farbar) C:\Users\Fady\Downloads\FRST64.exe
2016-04-04 16:17 - 2016-04-04 21:27 - 00000000 ___HD C:\Users\Fady\AppData\Roaming\cnyaq
2016-04-03 16:11 - 2016-04-03 16:11 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Proxifier
2016-04-03 16:10 - 2016-04-04 21:29 - 00000008 __RSH C:\Users\Fady\ntuser.pol
2016-04-03 16:10 - 2016-04-03 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier
2016-04-03 16:10 - 2015-03-28 15:55 - 00143944 _____ (Initex) C:\WINDOWS\system32\ProxifierShellExt.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00119880 _____ (Initex) C:\WINDOWS\SysWOW64\ProxifierShellExt.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00118856 _____ (Initex) C:\WINDOWS\system32\PrxerDrv.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00097864 _____ (Initex) C:\WINDOWS\SysWOW64\PrxerDrv.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00096840 _____ C:\WINDOWS\system32\PrxerNsp.dll
2016-04-03 16:10 - 2015-03-28 15:55 - 00084040 _____ C:\WINDOWS\SysWOW64\PrxerNsp.dll
2016-04-03 15:45 - 2016-04-03 15:45 - 00000000 ____D C:\Program Files (x86)\Torrent Search
2016-04-02 21:22 - 2015-03-24 19:09 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SPORDER.DLL
2016-04-01 13:43 - 2016-04-01 13:43 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Gyazo
2016-04-01 13:42 - 2016-04-02 15:41 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-04-01 13:42 - 2016-04-01 13:42 - 00003508 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-04-01 13:42 - 2016-04-01 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2016-04-01 12:53 - 2016-04-01 12:59 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Learnpulse
2016-04-01 12:53 - 2016-04-01 12:59 - 00000000 ____D C:\Users\Fady\AppData\Local\Learnpulse
2016-04-01 12:36 - 2016-01-09 03:15 - 01629483 _____ C:\Users\Fady\Desktop\Ebola v2.pdf
2016-03-30 22:10 - 2016-03-30 22:10 - 00001579 _____ C:\ProgramData\XML
2016-03-30 22:10 - 2016-03-30 22:10 - 00000006 ____S C:\ProgramData\db07099aaa28a8a62e11b899fa0543fc7282d5a3
2016-03-28 20:29 - 2016-04-04 02:04 - 00000907 _____ C:\Users\Fady\Desktop\texts.txt
2016-03-27 12:15 - 2016-04-04 16:25 - 00884662 _____ C:\Users\Fady\Desktop\Freelancer.txt
2016-03-24 18:03 - 2016-03-24 18:03 - 00000000 ____D C:\Users\Fady\Desktop\MyBot-release-MBR_5.3.1
2016-03-21 21:08 - 2016-03-21 21:08 - 00000000 ____D C:\Users\Fady\.android
2016-03-17 16:59 - 2016-03-17 17:19 - 00000000 ____D C:\Users\Fady\AppData\Local\Ares
2016-03-12 00:46 - 2016-03-12 00:49 - 00000000 ____D C:\Program Files (x86)\WinISO Computing
2016-03-12 00:46 - 2016-03-12 00:46 - 00000000 ____D C:\Users\Fady\AppData\Roaming\WinISO Computing
2016-03-12 00:46 - 2016-03-12 00:46 - 00000000 ____D C:\Users\Fady\AppData\Local\WinISO Computing
2016-03-12 00:41 - 2016-03-30 15:47 - 00000000 ____D C:\Users\Fady\.VirtualBox
2016-03-11 21:43 - 2016-02-13 16:42 - 01937920 _____ (Microsoft) C:\Users\Fady\Desktop\Matchmaking Server Picker.exe
2016-03-10 18:11 - 2016-03-29 15:54 - 00000000 ____D C:\Users\Fady\.oracle_jre_usage
2016-03-10 00:40 - 2016-03-19 22:23 - 00000000 ____D C:\Program Files\mmpicker
2016-03-09 16:35 - 2016-03-09 16:43 - 00000000 ____D C:\Users\Fady\Desktop\ESP
2016-03-09 13:33 - 2016-03-09 15:29 - 00000000 ____D C:\Users\Fady\AppData\Roaming\PlaysTV
2016-03-09 13:28 - 2016-03-09 13:33 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-03-09 12:53 - 2016-02-23 16:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 12:53 - 2016-02-23 16:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-09 12:53 - 2016-02-23 16:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-09 12:53 - 2016-02-23 16:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 12:53 - 2016-02-23 16:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 12:53 - 2016-02-23 16:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 12:53 - 2016-02-23 16:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-09 12:53 - 2016-02-23 16:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-09 12:53 - 2016-02-23 16:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 12:53 - 2016-02-23 16:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 12:53 - 2016-02-23 16:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-09 12:53 - 2016-02-23 16:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-09 12:53 - 2016-02-23 16:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 12:53 - 2016-02-23 16:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-09 12:53 - 2016-02-23 16:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 12:53 - 2016-02-23 16:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-09 12:53 - 2016-02-23 16:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-09 12:53 - 2016-02-23 16:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 12:53 - 2016-02-23 16:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-09 12:53 - 2016-02-23 15:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 12:53 - 2016-02-23 15:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 12:53 - 2016-02-23 15:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 12:53 - 2016-02-23 15:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 12:53 - 2016-02-23 15:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 12:53 - 2016-02-23 15:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 12:53 - 2016-02-23 15:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 12:53 - 2016-02-23 15:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-09 12:53 - 2016-02-23 15:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-09 12:53 - 2016-02-23 15:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 12:53 - 2016-02-23 15:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-09 12:53 - 2016-02-23 14:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-09 12:53 - 2016-02-23 14:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-09 12:53 - 2016-02-23 14:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-09 12:53 - 2016-02-23 14:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 12:53 - 2016-02-23 14:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-09 12:53 - 2016-02-23 14:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-09 12:53 - 2016-02-23 14:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 12:53 - 2016-02-23 14:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-09 12:53 - 2016-02-23 14:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 12:53 - 2016-02-23 14:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-09 12:53 - 2016-02-23 14:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-09 12:53 - 2016-02-23 14:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 12:53 - 2016-02-23 14:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 12:53 - 2016-02-23 14:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-09 12:53 - 2016-02-23 13:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-09 12:53 - 2016-02-23 13:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-09 12:53 - 2016-02-23 13:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-09 12:53 - 2016-02-23 13:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 12:53 - 2016-02-23 13:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 12:53 - 2016-02-23 13:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 12:53 - 2016-02-23 13:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 12:53 - 2016-02-23 13:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 12:53 - 2016-02-23 13:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-09 12:53 - 2016-02-23 13:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-09 12:53 - 2016-02-23 13:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-09 12:53 - 2016-02-23 13:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 12:53 - 2016-02-23 13:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 12:53 - 2016-02-23 13:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-09 12:53 - 2016-02-23 13:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-09 12:53 - 2016-02-23 13:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-09 12:53 - 2016-02-23 13:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 12:53 - 2016-02-23 13:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 12:53 - 2016-02-23 13:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 12:53 - 2016-02-23 13:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 12:53 - 2016-02-23 13:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 12:53 - 2016-02-23 12:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 12:53 - 2016-02-23 12:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 12:53 - 2016-02-23 12:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 12:53 - 2016-02-23 12:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 12:53 - 2016-02-23 12:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 12:53 - 2016-02-23 12:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 12:53 - 2016-02-23 12:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 12:53 - 2016-02-23 12:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 12:53 - 2016-02-23 12:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-09 12:53 - 2016-02-23 12:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 12:53 - 2016-02-23 12:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 12:53 - 2016-02-23 12:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-09 12:53 - 2016-02-23 12:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 12:53 - 2016-02-23 12:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-09 12:53 - 2016-02-23 12:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 12:53 - 2016-02-23 12:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 12:53 - 2016-02-23 12:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 12:53 - 2016-02-23 12:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 12:53 - 2016-02-23 12:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 12:53 - 2016-02-23 12:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 12:53 - 2016-02-23 11:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-08 00:39 - 2016-03-23 22:06 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Jitsi
2016-03-08 00:39 - 2016-03-23 15:55 - 00000000 ____D C:\Users\Fady\AppData\Local\Jitsi
2016-03-08 00:39 - 2016-03-08 00:39 - 00001594 _____ C:\Users\Public\Desktop\Jitsi.lnk
2016-03-06 21:06 - 2016-03-04 14:07 - 04280837 _____ C:\Users\Fady\Downloads\O-Level-Chemistry Book.pdf
2016-03-06 21:06 - 2016-03-04 14:05 - 03457892 _____ C:\Users\Fady\Downloads\IGCSE_Chemistry_Notes.pdf
2016-03-06 21:06 - 2016-03-04 13:51 - 01233003 _____ C:\Users\Fady\Downloads\Summarized Chemistry.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-04 21:38 - 2015-07-30 03:30 - 01011562 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-04 21:38 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-04 21:29 - 2015-07-30 15:55 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-04-04 21:29 - 2015-07-30 03:31 - 00000000 ____D C:\Users\Fady
2016-04-04 21:29 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-04 21:29 - 2015-06-05 09:11 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Raptr
2016-04-04 21:28 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-04 21:27 - 2015-07-30 14:58 - 00000000 ____D C:\Users\Fady\AppData\LocalLow\Temp
2016-04-04 21:27 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-04 21:26 - 2015-07-30 03:30 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-04-04 20:40 - 2015-06-05 09:09 - 00000000 ____D C:\Users\Fady\AppData\Roaming\DMCache
2016-04-04 20:29 - 2015-08-08 17:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-04 15:56 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-04 15:50 - 2015-08-04 20:23 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCD68613-EB9E-4B11-BD01-77694D37FE30}
2016-04-04 15:50 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-04 01:12 - 2016-02-20 10:51 - 00002290 _____ C:\Users\Fady\Documents\Default.rdp
2016-04-04 01:10 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-04-01 00:32 - 2016-01-08 22:05 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Skype
2016-03-31 16:03 - 2015-07-24 14:55 - 00000998 _____ C:\Users\Fady\Desktop\Process Hacker 2.lnk
2016-03-29 15:55 - 2015-09-08 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-29 15:55 - 2015-09-08 21:18 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-29 15:55 - 2015-06-08 15:24 - 00000000 ____D C:\ProgramData\Oracle
2016-03-29 15:54 - 2015-09-08 21:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-25 22:55 - 2015-06-07 16:01 - 00000000 ____D C:\Users\Fady\Documents\ShareX
2016-03-25 21:45 - 2015-11-14 16:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-25 21:45 - 2015-11-14 16:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-25 19:41 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-25 18:05 - 2015-11-14 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-19 22:23 - 2015-08-04 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-16 17:13 - 2015-06-07 02:48 - 00000000 ____D C:\Users\Fady\AppData\Roaming\uTorrent
2016-03-12 15:41 - 2016-01-04 16:21 - 00000000 ____D C:\Users\Fady\VirtualBox VMs
2016-03-11 15:53 - 2016-02-29 01:45 - 04974664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-11 15:53 - 2015-07-30 03:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-11 15:52 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-11 15:52 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-11 15:52 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-11 15:52 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-11 15:28 - 2015-06-07 01:35 - 00000000 ____D C:\ProgramData\Nimoru
2016-03-11 13:36 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-10 21:11 - 2016-01-16 23:52 - 00004528 _____ C:\Users\Fady\Desktop\CP.txt
2016-03-10 18:12 - 2015-11-19 17:56 - 00000000 ____D C:\Users\Fady\AppData\Roaming\Sun
2016-03-09 12:55 - 2015-07-29 05:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 12:54 - 2015-06-05 08:52 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 09:10 - 2015-08-12 17:54 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 09:10 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 00:40 - 2016-01-02 23:35 - 00000000 ____D C:\Users\Fady\Tracing
2016-03-06 12:29 - 2016-01-03 15:02 - 00000000 ____D C:\Users\Fady\AppData\Roaming\IDM

==================== Files in the root of some directories =======

2015-12-24 17:25 - 2015-12-24 17:25 - 0000218 _____ () C:\Users\Fady\AppData\Local\recently-used.xbel
2016-03-30 22:10 - 2016-03-30 22:10 - 0000006 ____S () C:\ProgramData\db07099aaa28a8a62e11b899fa0543fc7282d5a3
2016-03-30 22:10 - 2016-03-30 22:10 - 0001579 _____ () C:\ProgramData\XML

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 16:07

==================== End of FRST.txt ============================

Attached Files



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:28 PM

Posted 04 April 2016 - 02:47 PM

1.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • 2.
    ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.
  • [/list]

Edited by fireman4it, 04 April 2016 - 02:48 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Gatt

Gatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 04 April 2016 - 03:43 PM

# AdwCleaner v5.109 - Logfile created 04/04/2016 at 22:10:10
# Updated 04/04/2016 by Xplode
# Database : 2016-04-04.2 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Fady - FADY-PC
# Running from : C:\Users\Fady\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Torrent Search
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
[-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\Mail.Ru
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torrent Search
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{3DD2A38C-9F37-426E-8A0D-31DE482E98C3}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0FD8E2B7-7FD9-4AA1-ADA5-B8A6B4EA31FC}]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3008 bytes] - [04/04/2016 22:10:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [3181 bytes] - [04/04/2016 22:08:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3154 bytes] ##########

 

 

 

 

 

 

 

 

 

 

 

 

Emsisoft Emergency Kit - Version 11.0
Last update: 4/4/2016 10:36:49 PM
User account: Fady-PC\Fady

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    4/4/2016 10:40:59 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}     detected: Adware.Win32.AdClick (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\QMDISPATCH.QMROUTINE     detected: Adware.Win32.AdClick (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\QMDISPATCH.QMROUTINE     detected: Adware.Win32.AdClick (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)
C:\ProgramData\Nimoru\GizmoSE     detected: Gen:Variant.Razy.31725 ( B)
C:\Users\Fady\AppData\Roaming\cnyaq\efkfysft.js     detected: Trojan.JS.RGM ( B)
C:\Users\Fady\Desktop\ESP\ESP_Updater.exe     detected: Gen:Variant.Razy.31725 ( B)

Scanned    77293
Found    8

Scan end:    4/4/2016 10:41:12 PM
Scan time:    0:00:13

C:\Users\Fady\Desktop\ESP\ESP_Updater.exe     Gen:Variant.Razy.31725 ( B)
C:\Users\Fady\AppData\Roaming\cnyaq\efkfysft.js     Trojan.JS.RGM ( B)
C:\ProgramData\Nimoru\GizmoSE     Gen:Variant.Razy.31725 ( B)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     Setting.NoFolderOptions (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\QMDISPATCH.QMROUTINE     Adware.Win32.AdClick (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}     Adware.Win32.AdClick (A)

Quarantined    6


 


Edited by Gatt, 04 April 2016 - 03:43 PM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:28 PM

Posted 04 April 2016 - 04:21 PM

How is your computer running now?
ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.
  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.
Don't forget to re-enable your antivirus when finished!

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Gatt

Gatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 04 April 2016 - 06:13 PM

The PC runs normally now thanks.

 

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Torrent Search\uninstall.exe.vir    a variant of Win32/Toolbar.Neobar.BF potentially unwanted application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Torrent Search\Xre_G4d.exe.vir    a variant of Win32/Toolbar.Neobar.BF potentially unwanted application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Torrent Search\IEEF\EBbk6CUaNcBN.dll.vir    Win32/Toolbar.Neobar.BF potentially unwanted application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Torrent Search\IEEF\kkrZwT3qp2B9.exe.vir    Win32/Toolbar.Neobar.BF potentially unwanted application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Torrent Search\IEEF\QUkSfEOgGbzd.dll.vir    Win64/Toolbar.Neobar.N potentially unwanted application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Torrent Search\IEEF\sqlite3.dll.vir    a variant of Win32/Toolbar.Neobar.BF potentially unwanted application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Torrent Search\IEEF\TnLSFmKPjXbx.dll.vir    Win64/Toolbar.Neobar.N potentially unwanted application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Torrent Search\IEEF\uNaRp1RpKmSW.dll.vir    Win32/Toolbar.Neobar.BF potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\uTorrent\uTorrent.exe    a variant of Win32/Bunndle potentially unsafe application    cleaned by deleting
C:\Users\Fady\Desktop\ESP\ESP.exe    a variant of MSIL/Packed.NetSeal.A suspicious application    cleaned by deleting
F:\Games\Game sources\GTA IV\Grand_Theft_Auto_IV_Crack_Only-Razor1911\rzr-gta4-crack.rar    Win32/HackTool.Crack.BC potentially unsafe application    deleted
F:\Programs\DAEMON Tools Pro\BRD.dll    a variant of Win32/HackTool.Crack.EC potentially unsafe application    cleaned by deleting
 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:28 PM

Posted 07 April 2016 - 10:25 AM

It Appears That Your Pc Is Now Clean!

***


Clean up:

***


Right-click  AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:28 PM

Posted 11 April 2016 - 01:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users