Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think my USB has viruses


  • This topic is locked This topic is locked
8 replies to this topic

#1 saberrider

saberrider

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 24 April 2016 - 08:33 AM

Hello. Whenever I open my usb, i get only an unclickable icon that says its of 4kb, as seen in "1.png" . All my files are not appearing, even though my computer shows they are still there, as seen in "2.png".

 

Please help me recover my data .

Attached Files

  • Attached File  1.png   4.94KB   0 downloads
  • Attached File  2.png   5.7KB   0 downloads


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 24 April 2016 - 04:34 PM


Hello saberrider and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 

 

Insert the USB memory and external disc on your computer.You are always connected.

Please do the following.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 saberrider

saberrider
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 25 April 2016 - 09:25 AM

Hello. Thanks for your reply. here is my FRST log -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by SALAHUDDIN ABRO (administrator) on SALAHUDDINABRO (25-04-2016 19:14:42)
Running from C:\Users\SALAHUDDIN ABRO\Downloads
Loaded Profiles: SALAHUDDIN ABRO (Available Profiles: SALAHUDDIN ABRO)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DFX\DFX.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
() C:\Program Files\Gramblr\gramblr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\SALAHUDDIN ABRO\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\SALAHUDDIN ABRO\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(BitTorrent Inc.) C:\Users\SALAHUDDIN ABRO\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-30] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-18] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1282008 2015-03-03] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.)
Winlogon\Notify\GoToAssist:
Winlogon\Notify\igfxcui:
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1203753649-3922619543-1740592146-1000\...\Run: [Google Update] => C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-19] (Google Inc.)
HKU\S-1-5-21-1203753649-3922619543-1740592146-1000\...\RunOnce: [Uninstall C:\Users\SALAHUDDIN ABRO\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SALAHUDDIN ABRO\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220"
HKU\S-1-5-18\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2013-11-18] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-09]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-09]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Auto Shutdown.lnk [2011-02-04]
ShortcutTarget: Auto Shutdown.lnk -> C:\Program Files (x86)\Auto Shutdown\AutoShutdown.exe (Entru Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1203753649-3922619543-1740592146-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1203753649-3922619543-1740592146-1000] => 192.168.1.10:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{197C60E8-198F-4515-A991-3758218182DF}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{51A8F45C-758E-4C2A-A2C2-FC0D3B5E58EA}: [DhcpNameServer] 203.130.2.3 221.132.112.8
Tcpip\..\Interfaces\{9933A832-C34C-4EFA-9F56-8D6D381DFE8F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A394B0B3-9B3C-45BA-90DF-0FC2BFFD5F1C}: [NameServer] 221.132.112.8,203.130.2.3
Tcpip\..\Interfaces\{A394B0B3-9B3C-45BA-90DF-0FC2BFFD5F1C}: [DhcpNameServer] 203.130.2.3 221.132.112.8
Tcpip\..\Interfaces\{E9E3031E-C60C-4451-9FAD-07FD3456E783}: [DhcpNameServer] 203.130.2.3 221.132.112.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1203753649-3922619543-1740592146-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.pk/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-1203753649-3922619543-1740592146-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1203753649-3922619543-1740592146-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 - (No Name) - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1A36238A-3146-4E67-9A30-5ED354E14316} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {92E4FA51-6EB6-4E26-B406-21D9BB7B567E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
SearchScopes: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> {92E4FA51-6EB6-4E26-B406-21D9BB7B567E} URL =
SearchScopes: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> {CFEC73F6-E154-4387-80DB-0DD9D52A12CD} URL =
SearchScopes: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-10-31] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2015-05-28] (EagleGet.com)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-18] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-10-31] (AVAST Software)
Toolbar: HKLM-x32 - &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll [2009-11-10] (PilotGroup LLC)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-18] (AVAST Software)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> No Name - {4064EA35-578D-4073-A834-C96D82CBCF40} -  No File
Toolbar: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1203753649-3922619543-1740592146-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Mozilla\Firefox\Profiles\coglduk2.default-1459265248279
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1203753649-3922619543-1740592146-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\SALAHUDDIN ABRO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1203753649-3922619543-1740592146-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1203753649-3922619543-1740592146-1000: @talk.google.com/O1DPlugin -> C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1203753649-3922619543-1740592146-1000: @tools.google.com/Google Update;version=3 -> C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1203753649-3922619543-1740592146-1000: @tools.google.com/Google Update;version=9 -> C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1203753649-3922619543-1740592146-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SALAHUDDIN ABRO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-03-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1203753649-3922619543-1740592146-1000: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2015-05-28] (EagleGet)
FF Plugin HKU\S-1-5-21-1203753649-3922619543-1740592146-1000: eagleget.com/EagleGet64_x86_64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [2015-05-28] (EagleGet)
FF Plugin ProgramFiles/Appdata: C:\Users\SALAHUDDIN ABRO\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\SALAHUDDIN ABRO\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: NetVideoHunter - C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Mozilla\Firefox\Profiles\coglduk2.default-1459265248279\extensions\netvideohunter@netvideohunter.com [2016-04-03]
FF Extension: Flash and Video Download - C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Mozilla\Firefox\Profiles\coglduk2.default-1459265248279\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-04-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-18] [not signed]

Chrome:
=======
CHR HomePage: Default -> about:blank
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://mysearch.avg.com/?cid={33E72099-3792-4F68-9B62-DB2137AAC220}&mid=0326857421c547d3b2d775f39d497672-0b7f15c906017745b745e6f4012c586b998aa8e1&lang=en&ds=co011&pr=sa&d=2013-07-18 20:32:01&v=15.3.0.11&pid=safeguard&sg=0&sap=hp","hxxp://home.torchbrowser.com/?systemid=448&appid=20&ua=Torch","hxxp://www.luckysearches.com/?type=hp&ts=1428662379&from=exp&uid=WDCXWD1600BEVT-75ZCT2_WD-WXM0AC9P9629P9629","hxxp://www.luckysearches.com/?type=hppp&ts=1428662453&from=exp&uid=WDCXWD1600BEVT-75ZCT2_WD-WXM0AC9P9629P9629"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-01-09]
CHR Extension: (Qibla Direction Finder) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\afhmeekdiaibhpkilgabdagofaeinhoe [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (SocialReviver) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald [2016-02-25]
CHR Extension: (Stencil) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkdefgpgngdhagacbeajapgnoobjig [2016-04-14]
CHR Extension: (Skype Calling) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-01-09]
CHR Extension: (YouTube) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Pong 2) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\capmpnebnckdpjbjdcgnokjafpdbmadn [2016-04-24]
CHR Extension: (Google Search) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Chrome OS Wallpapers) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfibabkihblcenahmcdmfepojcejoan [2016-01-09]
CHR Extension: (Session Buddy) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-01-09]
CHR Extension: (Amazing Two Dots) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhicejniakkpabikhialjfjlecaogbd [2016-01-09]
CHR Extension: (Instant-Dictionary) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjmbgoamdpbndikpbaoeoidaabejfmd [2016-01-24]
CHR Extension: (Stickman Fighter : Epic Battle) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckdifkadmdmcaajneidiajkoiokcnca [2016-01-09]
CHR Extension: (Pin It Button) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-01-24]
CHR Extension: (TweetDeck by Twitter) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2016-01-09]
CHR Extension: (Amazon Storywriter) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmcnhpcghhifadgblhkonelnmbenkeep [2016-04-24]
CHR Extension: (Zalmos SSL Web Proxy for Free) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\idefjamndcpplnamdlbodoebjgkpdmpn [2016-01-09]
CHR Extension: (Kami (formerly Notable PDF)) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljojpiodmlhoehoecppliohmplbgeij [2016-01-09]
CHR Extension: (EagleGet Free Downloader) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2016-04-21]
CHR Extension: (Grammarly for Chrome) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-04-24]
CHR Extension: (Google Play) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-01-09]
CHR Extension: (Evernote Web) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-01-24]
CHR Extension: (Video DownloadHelper) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-01-24]
CHR Extension: (mail.com MailCheck) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpebgcnlaohcgdfhbffjajlnpifdkllg [2016-04-20]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2016-01-09]
CHR Extension: (Bitdefender QuickScan) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2016-01-24]
CHR Extension: (Evernote Web Clipper) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-04-16]
CHR Extension: (Gmail) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR Extension: (Cube Slam) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcoeeddamedegogbcmdbadnoifmfipn [2016-04-14]
CHR Extension: (Writer) - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2016-01-09]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1203753649-3922619543-1740592146-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-04-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-18]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-04-08]
StartMenuInternet: Google Chrome.AXB3QDBARYGQUGJG4EFPQP43WU - C:\Users\SALAHUDDIN ABRO\AppData\Local\Google\Chrome\Application\chrome.exe

Opera:
=======
OPR Extension: (Dailymotion Video Downloader) - C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Opera Software\Opera Stable\Extensions\kagkcnmcjinolcgoanmodncaddocbahi [2016-04-09]
OPR Extension: (Video Downloader 2015) - C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpnpijldpdipnfbjpfjgopcdnjejgbda [2016-03-24]
StartMenuInternet: (HKLM) OperaMail - C:\Program Files (x86)\Opera Mail\OperaMail.exe hxxp://www.luckysearches.com/?type=sc&ts=1428662379&from=exp&uid=WDCXWD1600BEVT-75ZCT2_WD-WXM0AC9P9629P9629

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-03] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-18] (AVAST Software)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-01-19] (Digital Wave Ltd.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [233472 2015-05-28] () [File not signed]
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [9627728 2016-04-24] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [204576 2014-04-30] (Microsoft)
S4 Pml Driver HPZ12; C:\Windows\SysWOW64\HPZipm12.exe [65536 2002-08-01] (HP) [File not signed]
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S4 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-30] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-18] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-18] ()
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-23] (Disc Soft Ltd)
R3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [77112 2015-05-04] (eagleGet)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 FGUARD64; C:\Program Files\Folder Guard\FGUARD64.SYS [71760 2009-09-25] (WinAbility® Software Corporation)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 MT7118VU; C:\Windows\System32\DRIVERS\mt7118vu_x64.sys [154112 2010-07-05] (MediaTek Inc.) [File not signed]
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [22528 2007-11-29] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [17920 2007-11-29] (Nokia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-01-22] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-01-21] (Spotflux, Inc.)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2007-11-29] (Windows ® Codename Longhorn DDK provider)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2007-11-29] (Windows ® Codename Longhorn DDK provider)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 19:14 - 2016-04-25 19:15 - 00031056 _____ C:\Users\SALAHUDDIN ABRO\Downloads\FRST.txt
2016-04-25 19:14 - 2016-04-25 19:14 - 00000000 ____D C:\FRST
2016-04-25 19:12 - 2016-04-25 19:13 - 02375680 _____ (Farbar) C:\Users\SALAHUDDIN ABRO\Downloads\FRST64.exe
2016-04-25 18:48 - 2016-04-25 18:48 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\AppData\LocalLow\uTorrent
2016-04-24 19:57 - 2016-04-25 01:08 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\Downloads\The Raid Redemption (2011) [1080p]
2016-04-24 18:39 - 2016-04-24 18:39 - 00017028 _____ C:\Users\SALAHUDDIN ABRO\Downloads\AutoRunExterminator-1.8.zip
2016-04-24 16:30 - 2016-04-24 16:30 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-24 16:26 - 2016-04-24 16:27 - 02870984 _____ (ESET) C:\Users\SALAHUDDIN ABRO\Downloads\esetsmartinstaller_enu.exe
2016-04-24 15:43 - 2016-04-24 15:43 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-04-24 15:43 - 2016-04-24 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-04-24 15:38 - 2016-04-24 15:42 - 25618352 _____ (SUPERAntiSpyware) C:\Users\SALAHUDDIN ABRO\Downloads\SUPERAntiSpyware.exe
2016-04-24 15:16 - 2016-04-25 19:16 - 00000000 ____D C:\ProgramData\Gramblr
2016-04-24 15:16 - 2016-04-24 15:18 - 00000000 ____D C:\Program Files\Gramblr
2016-04-24 15:16 - 2016-04-24 15:16 - 00000957 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gramblr.lnk
2016-04-24 15:02 - 2016-04-24 15:02 - 03389204 _____ C:\Users\SALAHUDDIN ABRO\Downloads\gramblr2_win64.zip
2016-04-22 22:33 - 2016-04-22 22:33 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-18 21:10 - 2016-04-18 21:10 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\Downloads\The Night Before (2015) - 720p
2016-04-18 20:28 - 2016-04-25 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-17 23:13 - 2016-03-01 05:05 - 00017578 _____ C:\Users\SALAHUDDIN ABRO\Desktop\[kat.cr]jimmy.kimmel.2016.02.28.after.the.oscars.special.ben.affleck.matt.damon.720p.mp4.torrent
2016-04-17 11:43 - 2016-04-11 19:31 - 00044173 _____ C:\Users\SALAHUDDIN ABRO\Desktop\[kat.cr]conan.2016.04.09.conan.in.korea.hdtv.x264.uav.rartv.torrent
2016-04-17 01:17 - 2016-04-17 01:17 - 00385437 _____ C:\Users\SALAHUDDIN ABRO\Desktop\Mohi Abro - resume.pdf
2016-04-16 23:38 - 2016-03-23 11:12 - 00016682 _____ C:\Users\SALAHUDDIN ABRO\Desktop\[kat.cr]sageart.arrg.toradora.720p.8bit.x265.dual.audio.eng.subbed.torrent
2016-04-13 00:53 - 2016-04-13 01:01 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\Downloads\Street Fighter II Comics (1993-2010) (Malibu, DC, Image and Udon)
2016-04-12 21:17 - 2016-04-14 21:11 - 892411949 ____R C:\Users\SALAHUDDIN ABRO\Downloads\Days.of.Being.Wild.1990.720p.BRRip.850MB.MkvCage.mkv
2016-04-12 21:16 - 2016-04-12 21:16 - 00017824 _____ C:\Users\SALAHUDDIN ABRO\Desktop\[kat.cr]days.of.being.wild.1990.720p.brrip.850mb.mkvcage.torrent
2016-04-06 22:11 - 2016-04-06 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-04-06 22:11 - 2016-04-06 22:11 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-04-05 21:38 - 2016-04-05 21:38 - 00000056 _____ C:\Users\SALAHUDDIN ABRO\Desktop\bbcradio1.m3u
2016-04-05 18:55 - 2016-04-05 18:55 - 00066899 _____ C:\Users\SALAHUDDIN ABRO\Desktop\9D91.tmp
2016-04-04 01:31 - 2016-04-10 23:36 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\AppData\Roaming\vlc
2016-04-03 11:06 - 2016-04-03 11:12 - 05900174 _____ C:\Users\SALAHUDDIN ABRO\Desktop\27915_100286295karachicityclimatechangead.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 19:15 - 2014-01-21 09:33 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\AppData\Roaming\uTorrent
2016-04-25 18:27 - 2011-08-11 00:38 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203753649-3922619543-1740592146-1000UA.job
2016-04-25 18:19 - 2014-08-03 21:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfaf3916480a9.job
2016-04-25 18:05 - 2014-08-03 21:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfaf39144c3a6.job
2016-04-25 18:05 - 2011-07-07 02:40 - 00000946 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203753649-3922619543-1740592146-1000Core.job
2016-04-25 17:57 - 2011-07-07 02:40 - 00000968 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203753649-3922619543-1740592146-1000UA.job
2016-04-25 01:09 - 2012-06-19 03:52 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\AppData\Local\LogMeIn Hamachi
2016-04-25 00:56 - 2009-07-14 09:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-25 00:56 - 2009-07-14 09:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-25 00:46 - 2009-07-14 10:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-25 00:27 - 2011-08-11 00:38 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203753649-3922619543-1740592146-1000Core.job
2016-04-24 16:05 - 2014-12-15 01:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-24 15:44 - 2012-05-13 19:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-24 15:29 - 2015-04-29 21:01 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\Downloads\DFX Audio Enhancer 11.400 + Crack [KaranPC]
2016-04-24 15:25 - 2013-06-29 12:22 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\AppData\Local\CrashDumps
2016-04-24 05:14 - 2016-01-30 12:35 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-23 03:13 - 2014-10-18 18:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-22 22:33 - 2014-10-18 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-17 13:38 - 2016-02-22 01:10 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\Desktop\11
2016-04-16 17:07 - 2014-01-19 16:44 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\Desktop\YELLOW USB
2016-04-16 17:06 - 2016-01-30 12:35 - 00003918 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-16 17:05 - 2014-02-01 00:43 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-16 17:05 - 2014-02-01 00:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-14 20:44 - 2016-01-09 14:46 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-04-14 20:28 - 2010-07-27 11:04 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\AppData\Local\Ares
2016-04-13 20:37 - 2016-01-16 22:04 - 00003858 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1374412123
2016-04-13 20:37 - 2011-01-08 03:59 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-12 20:39 - 2016-01-14 09:27 - 00002436 _____ C:\Users\SALAHUDDIN ABRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-06 22:11 - 2016-03-24 19:54 - 00000888 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-04-06 10:18 - 2010-08-30 16:28 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-05 16:18 - 2012-06-19 03:53 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-04-03 02:16 - 2011-04-03 13:38 - 00000000 ____D C:\Users\SALAHUDDIN ABRO\Desktop\M1
2016-04-01 19:52 - 2009-07-14 10:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-01 01:51 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2011-01-24 08:02 - 2011-01-24 08:02 - 0000524 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\alarms.ini
2011-01-24 08:02 - 2011-01-24 08:06 - 0000745 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\AtomicAlarmClock.ini
2013-10-17 02:40 - 2013-10-17 02:40 - 0000000 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\bitlord_log.txt
2012-08-13 00:17 - 2012-08-13 00:18 - 0000552 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\FreeDesktopClock.ini
2015-03-18 21:28 - 2015-03-18 21:28 - 0000282 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\NMM-MetaData.db
2010-12-31 22:30 - 2010-12-31 22:43 - 0007859 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\pcouffin.cat
2010-12-31 22:30 - 2010-12-31 22:43 - 0001167 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\pcouffin.inf
2010-12-31 22:30 - 2010-12-31 22:44 - 0000034 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\pcouffin.log
2010-12-31 22:30 - 2010-12-31 22:43 - 0082816 _____ (VSO Software) C:\Users\SALAHUDDIN ABRO\AppData\Roaming\pcouffin.sys
2010-12-15 04:16 - 2010-12-15 04:16 - 0000028 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\rotrodng
2011-01-31 20:22 - 2011-01-31 20:23 - 0000990 ___SH () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\systemfl.$dk
2014-03-14 03:30 - 2014-03-14 03:30 - 0001877 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\VPNMasterFreeVPN.pbk
2010-12-31 22:27 - 2011-10-16 19:06 - 0138329 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\vso_ts_preview.xml
2010-07-25 13:37 - 2011-10-28 14:15 - 0001976 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Roaming\wklnhst.dat
2012-07-02 18:34 - 2012-07-02 18:34 - 0000001 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\llftool.4.25.agreement
2011-11-20 16:58 - 2011-11-22 14:34 - 0000173 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\msmathematics.qat.SALAHUDDIN ABRO
2013-10-17 04:08 - 2013-10-17 04:08 - 0000218 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\recently-used.xbel
2014-01-19 15:46 - 2014-01-21 19:05 - 0000700 ___SH () C:\Users\SALAHUDDIN ABRO\AppData\Local\systemFL7.dat
2015-04-10 17:04 - 2015-04-12 11:31 - 0000184 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\vbnum6.cfg
2015-04-10 17:04 - 2015-04-12 11:31 - 0000092 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\vbnum6.num
2011-09-14 16:54 - 2011-09-14 16:54 - 0000000 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\{0CE95274-0A4A-47EC-A578-701179C3BB38}
2011-08-04 13:41 - 2011-08-04 13:41 - 0000000 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\{4B825161-7CD1-4CAD-809F-D70D579FC5B1}
2011-07-27 10:56 - 2011-07-27 10:56 - 0000000 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\{59A0A67F-6DA2-4ACD-A5A1-EC60F7B3C679}
2011-08-07 16:47 - 2011-08-07 16:47 - 0000000 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\{8D77451A-0EA2-417E-A285-E198330235F6}
2011-06-06 23:42 - 2011-06-06 23:42 - 0000000 _____ () C:\Users\SALAHUDDIN ABRO\AppData\Local\{E621AF9E-50BB-42C5-9CE3-528B8D828F4E}
2011-05-12 03:27 - 2011-05-12 03:45 - 0037941 _____ () C:\ProgramData\bdinstall.bin

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-22 22:00

==================== End of FRST.txt ============================

 

I have attached the addition log file.

 

Regards

Attached Files



#4 saberrider

saberrider
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 25 April 2016 - 12:37 PM

I thought this might be helpful - i went to folder options and unchecked the option of "Hide protected operating system files (Recommended)."

 

These folders in the attached picture started appearing.

Attached Files

  • Attached File  1.png   149.75KB   0 downloads

Edited by saberrider, 25 April 2016 - 12:40 PM.


#5 saberrider

saberrider
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 25 April 2016 - 01:35 PM

Hello. I deleted my usb and wiped it clean. i was getting impatient. thanks for taking out the time to help me out here. I really do appreciate that. thank you.



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 25 April 2016 - 02:38 PM

Hello. I deleted my usb and wiped it clean. i was getting impatient. thanks for taking out the time to help me out here. I really do appreciate that. thank you.

do you not want to continue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 saberrider

saberrider
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 26 April 2016 - 01:21 AM

 

Hello. I deleted my usb and wiped it clean. i was getting impatient. thanks for taking out the time to help me out here. I really do appreciate that. thank you.

do you not want to continue ?

 

 

Yes, i do not want to continue. Thank you for your time. 



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 26 April 2016 - 01:09 PM

Thank you. Good Luck. :thumbup2:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 26 April 2016 - 01:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users