Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Basic Check Up


  • This topic is locked This topic is locked
17 replies to this topic

#1 keronkkumar

keronkkumar

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 25 April 2016 - 09:27 AM

Just like to do a basic check up to make sure that every thing is running fine and i am free from germs :).

 

Almost forgot to mention

( current OP is not genuine. it's been in a few different service shops a few times, and i do not have any CD's, or flash drive stick for it. the system is maybe more than 5 years old. and the stickers that was there is not there any more. the lats tect who service the machine, turn off auto update. and i was told to keep it off. )

 

I have gotten help from here a few times, and was advised to get a genuine copy. But it cost me over $3000 in my currency. that's a lot of money for me that i can use on much needed bills and food. If this is a problem, i will fully understand and respect your decision, in if i am qualified for your services.

 

Thank you for your time. 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by User (administrator) on USER-PC (25-04-2016 10:14:07)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid\Vid.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7519960 2015-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [883280 2015-12-10] (BlueStack Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: H - H:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: I - I:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {3e95d2ed-9379-11e5-94ea-d43d7e9908ec} - J:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {3e95d342-9379-11e5-94ea-d43d7e9908ec} - K:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {60bf1f72-92a7-11e5-bd57-d43d7e9908ec} - I:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D87944A2-C95E-4AB3-ACD8-072F5585A6E3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-20] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\extensions\artur.dubovoy@gmail.com [2016-04-03]
FF Extension: Download YouTube Videos as MP4 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-26]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-20]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Video Downloader Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [432720 2015-12-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [412240 2015-12-10] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [854608 2015-12-10] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2099720 2015-11-25] (Electronic Arts)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [86752 2015-04-16] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [179936 2015-04-16] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [132216 2015-12-10] (BlueStack Systems)
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-05-14] (Logitech Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl930d5691; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DFEC270-695E-430F-8B41-DE88E5E332FB}\MpKsl930d5691.sys [39168 2016-04-25] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 eapihdrv; \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 10:14 - 2016-04-25 10:14 - 00014229 _____ C:\Users\User\Desktop\FRST.txt
2016-04-25 10:13 - 2016-04-25 10:14 - 00000000 ____D C:\FRST
2016-04-25 10:11 - 2016-04-25 10:11 - 01726464 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3.lnk
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3 Supernatural.lnk
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3 Seasons.lnk
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3 Island Paradise.lnk
2016-04-20 15:53 - 2016-04-25 09:52 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-20 15:53 - 2016-04-25 09:51 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-20 15:50 - 2016-04-20 15:50 - 00242144 _____ C:\Users\User\Downloads\Firefox Setup Stub 45.0.2.exe
2016-04-20 15:48 - 2016-04-25 09:52 - 00002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-20 15:48 - 2016-04-25 09:51 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-20 15:46 - 2016-04-25 09:51 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 15:46 - 2016-04-25 09:30 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 15:46 - 2016-04-20 15:46 - 00987728 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2016-04-20 14:42 - 2016-04-20 14:42 - 00019046 _____ C:\Users\User\Desktop\bm link.txt
2016-04-20 12:56 - 2016-04-20 13:16 - 161034156 _____ C:\Users\User\Downloads\23045 (1).mp4
2016-04-20 12:54 - 2016-04-20 13:04 - 43155768 _____ C:\Users\User\Downloads\22694 (1).mp4
2016-04-20 12:51 - 2016-04-20 13:30 - 563378269 _____ C:\Users\User\Downloads\22397.mp4
2016-04-20 12:09 - 2016-04-20 12:47 - 348897874 _____ C:\Users\User\Downloads\22397 (1).mp4
2016-04-20 03:44 - 2016-04-20 04:09 - 161034156 _____ C:\Users\User\Downloads\23045.mp4
2016-04-20 03:44 - 2016-04-20 03:57 - 59050166 _____ C:\Users\User\Downloads\22694.mp4
2016-04-20 03:43 - 2016-04-20 04:16 - 315002767 _____ C:\Users\User\Downloads\23758.mp4
2016-04-20 03:42 - 2016-04-20 03:59 - 71958646 _____ C:\Users\User\Downloads\23811.mp4
2016-04-19 22:46 - 2016-04-19 22:52 - 51869235 _____ C:\Users\User\Downloads\21107.mp4
2016-04-19 22:14 - 2016-04-19 22:52 - 219824802 _____ C:\Users\User\Downloads\23356.mp4
2016-04-18 14:19 - 2016-04-18 23:44 - 00000092 _____ C:\Users\User\Desktop\madmax.txt
2016-04-18 14:19 - 2016-04-18 14:19 - 00000107 _____ C:\Users\User\Desktop\king.txt
2016-04-14 10:31 - 2016-04-16 16:22 - 00000154 _____ C:\Users\User\Desktop\kn.txt
2016-04-14 00:54 - 2016-04-20 10:30 - 00000000 ____D C:\Users\User\Downloads\z
2016-04-13 14:12 - 2016-04-20 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-13 13:24 - 2016-04-19 14:21 - 00000000 ____D C:\Users\User\Downloads\dorikxxx
2016-04-13 13:24 - 2016-04-19 13:32 - 00000000 ____D C:\Users\User\Downloads\blake77johnson
2016-04-13 04:05 - 2016-04-13 04:05 - 00000066 _____ C:\Users\User\Desktop\fake.txt
2016-04-09 04:08 - 2016-04-20 14:03 - 00000000 ____D C:\Users\User\Downloads\Naughtyyangel
2016-04-06 00:42 - 2016-04-06 00:48 - 475860640 _____ C:\Users\User\Documents\clip0041.avi
2016-04-06 00:16 - 2016-04-06 00:38 - 1481123130 _____ C:\Users\User\Documents\clip0040.avi
2016-04-06 00:08 - 2016-04-06 00:08 - 05632112 _____ C:\Users\User\Documents\clip0039.avi
2016-04-06 00:08 - 2016-04-06 00:08 - 00011168 _____ C:\Users\User\Documents\clip0038.avi
2016-04-05 23:18 - 2016-04-05 23:18 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-31 19:26 - 2016-04-04 01:11 - 00000308 _____ C:\Users\User\Desktop\kiknames.txt
2016-03-31 14:23 - 2016-03-31 14:23 - 00000000 ____D C:\Users\User\Downloads\Mollybrooke
2016-03-31 13:21 - 2016-03-31 13:21 - 00000000 ____D C:\Users\User\Downloads\Shycloudfractals
2016-03-31 05:25 - 2016-03-31 05:25 - 00000000 ____D C:\Users\User\Downloads\chika_bomb
2016-03-31 02:38 - 2016-03-31 04:15 - 00000000 ____D C:\Users\User\Downloads\ch3rryb0mb
2016-03-31 02:38 - 2016-03-31 02:38 - 00000000 ____D C:\Users\User\Downloads\New folder (5)
2016-03-28 22:08 - 2016-03-28 22:25 - 00000000 ____D C:\Users\User\Downloads\New folder (4)
2016-03-28 22:07 - 2016-03-28 22:08 - 00000000 ____D C:\Users\User\Downloads\New folder (3)
2016-03-26 20:18 - 2016-03-27 20:03 - 00000000 ____D C:\Users\User\Downloads\New folder (2)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 10:08 - 2014-07-08 00:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-25 09:52 - 2015-02-27 16:02 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2016-04-25 09:52 - 2015-02-22 00:32 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-25 09:52 - 2014-09-15 09:26 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-25 09:52 - 2014-07-14 04:25 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2016-04-25 09:52 - 2014-07-14 04:19 - 00001492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-04-25 09:52 - 2014-07-04 16:14 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-25 09:52 - 2014-07-04 16:02 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-25 09:52 - 2014-07-04 11:25 - 00001393 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-25 09:52 - 2014-07-03 19:46 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-25 09:52 - 2014-07-03 19:46 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-25 09:52 - 2009-07-14 00:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-25 09:51 - 2016-03-02 09:55 - 00000981 _____ C:\Users\User\Desktop\Handbrake.lnk
2016-04-25 09:51 - 2016-02-29 19:01 - 00001179 _____ C:\Users\User\Desktop\Ann Free Video Converter 4.5.1.lnk
2016-04-25 09:51 - 2016-02-29 12:10 - 00000904 _____ C:\Users\User\Desktop\VideoLobster.lnk
2016-04-25 09:51 - 2015-12-22 22:39 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-25 09:51 - 2015-12-14 01:13 - 00001701 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-04-25 09:51 - 2015-12-14 01:13 - 00001641 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-04-25 09:51 - 2015-11-25 20:50 - 00000935 _____ C:\Users\Public\Desktop\Origin.lnk
2016-04-25 09:51 - 2015-11-23 19:37 - 00000963 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-04-25 09:51 - 2015-09-02 16:41 - 00001809 _____ C:\Users\Public\Desktop\ooVoo.lnk
2016-04-25 09:51 - 2015-06-10 00:24 - 00000948 _____ C:\Users\Public\Desktop\Logitech Vid.lnk
2016-04-25 09:51 - 2015-02-27 16:02 - 00001741 _____ C:\Users\Public\Desktop\Eraser.lnk
2016-04-25 09:51 - 2015-02-22 00:32 - 00001067 _____ C:\Users\Public\Desktop\Opera.lnk
2016-04-25 09:51 - 2015-02-05 23:01 - 00001576 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2016-04-25 09:51 - 2014-09-15 09:28 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-25 09:51 - 2014-08-22 04:59 - 00001945 _____ C:\Users\User\Desktop\Widelands - Mapeditor.lnk
2016-04-25 09:51 - 2014-08-22 04:59 - 00001851 _____ C:\Users\User\Desktop\Widelands.lnk
2016-04-25 09:51 - 2014-08-04 02:28 - 00000935 _____ C:\Users\User\Desktop\HyperCam 2.lnk
2016-04-25 09:51 - 2014-08-02 05:08 - 00001456 _____ C:\Users\User\Desktop\Skype.exe - Shortcut.lnk
2016-04-25 09:51 - 2014-07-31 02:00 - 00001064 _____ C:\Users\User\Desktop\NeoDownloader Lite.lnk
2016-04-25 09:51 - 2014-07-15 07:46 - 00001885 _____ C:\Users\User\Desktop\CyberGhost 5.lnk
2016-04-25 09:51 - 2014-07-15 03:56 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-25 09:51 - 2014-07-14 08:05 - 00001248 _____ C:\Users\User\Desktop\Adobe Photoshop CC 2014 (32 Bit).lnk
2016-04-25 09:51 - 2014-07-14 07:39 - 00001045 _____ C:\Users\Public\Desktop\ManyCam.lnk
2016-04-25 09:51 - 2014-07-14 04:19 - 00001486 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-04-25 09:51 - 2014-07-13 01:30 - 00001047 _____ C:\Users\User\Desktop\iWisoft Free Video Converter.lnk
2016-04-25 09:51 - 2014-07-05 08:45 - 00002105 _____ C:\Users\User\Desktop\Microsoft Security Essentials.lnk
2016-04-25 09:51 - 2014-07-04 17:04 - 00002184 _____ C:\Users\Public\Desktop\Roxio Creator Home.lnk
2016-04-25 09:51 - 2014-07-04 17:03 - 00002675 _____ C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
2016-04-25 09:51 - 2014-07-04 17:03 - 00002637 _____ C:\Users\User\Desktop\Microsoft Office Excel 2007.lnk
2016-04-25 09:51 - 2014-07-04 16:04 - 00001022 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-25 09:51 - 2014-07-04 16:02 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-04-25 09:51 - 2009-07-14 00:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-25 09:51 - 2009-07-14 00:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-25 09:37 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-25 09:37 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-25 09:35 - 2014-07-07 19:22 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-25 09:35 - 2014-07-04 11:29 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-25 09:35 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-04-25 09:31 - 2014-07-15 03:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-25 09:30 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-25 04:12 - 2014-07-25 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-04-25 02:00 - 2014-08-16 02:00 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-04-25 00:25 - 2014-08-02 04:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-04-24 23:15 - 2015-03-12 03:09 - 00001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-23 01:25 - 2014-07-10 05:55 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-04-23 00:25 - 2015-02-22 00:32 - 00000000 ____D C:\Program Files\Opera
2016-04-22 21:43 - 2014-07-15 06:26 - 00000000 ____D C:\Users\User\Documents\iWisoft Free Video Converter
2016-04-22 10:49 - 2014-08-02 04:36 - 00000000 ___RD C:\Program Files\Skype
2016-04-22 10:48 - 2014-08-02 04:36 - 00000000 ____D C:\ProgramData\Skype
2016-04-22 03:57 - 2014-07-04 15:26 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-20 15:53 - 2014-07-07 17:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-20 15:48 - 2014-12-30 05:06 - 00000000 ____D C:\Program Files\Google
2016-04-20 12:00 - 2016-02-28 21:42 - 00000000 ____D C:\Users\User\Downloads\1
2016-04-14 21:13 - 2014-09-05 09:59 - 00000000 ____D C:\Users\User\Desktop\Tor Browser
2016-04-14 10:30 - 2015-11-13 17:19 - 00000351 _____ C:\Users\User\Desktop\my kik names.txt
2016-04-13 11:50 - 2015-11-16 09:45 - 00000000 ____D C:\Users\User\Downloads\NeoDownloader
2016-04-12 14:06 - 2016-03-18 22:07 - 00000000 ____D C:\Users\User\Downloads\pinkrbelle
2016-04-12 00:24 - 2016-03-02 09:56 - 00000000 ____D C:\Users\User\AppData\Roaming\HandBrake
2016-04-08 16:08 - 2014-07-08 00:58 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-08 16:08 - 2014-07-08 00:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-31 18:29 - 2016-02-18 00:22 - 00000000 ____D C:\Users\User\Downloads\wildkittens1
2016-03-26 16:28 - 2015-02-02 04:12 - 00000000 ____D C:\Users\User\Desktop\kik

==================== Files in the root of some directories =======

2015-03-12 03:09 - 2016-04-24 23:15 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-06 13:27 - 2015-11-06 13:27 - 0000458 _____ () C:\ProgramData\Local Disk (D) - Shortcut.lnk

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-21 11:15

==================== End of FRST.txt ============================

Attached Files


Edited by keronkkumar, 25 April 2016 - 10:11 AM.


BC AdBot (Login to Remove)

 


#2 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:01 AM

Posted 25 April 2016 - 10:16 PM

Hi keronkkumar,
 
Welcome here! I am Black_Bird and I will be helping you.
 

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.

 
Illegal version of Microsoft Windows

You already mention you are running an illegal version of Windows. Although you got several reasons to have an illegal version installed, it causes your system to be more vulnerable to any malware infections as it won't receive any Windows updates. I advise you to buy a legal version of Windows. Besides I have to mention we only will provide you with malware removal support once - this time only. Unfortunately we won't be able to provide malware related support a second time.

 

=====================================================================================================


1. We need to temporarily disable any cd-emulators active on your computer, as they can impede the interpretation of logfiles provided by our tools.
  • Download Defogger and save it to your Desktop.
  • Right-click Defogger.exe and select Run as Administrator.
  • When the program has opened, click the Disable button.
  • When Defogger asks for a confirmation, click Yes.
  • Wait untill you get the "Finished" message. Click OK.
  • When Defogger asks you to restart the system, please allow the program to do so immediately.
  • When an error occured while using Defogger, look for a file called "defogger_disable.txt", which should be located at your Desktop. Post the contents of this file into your next reply.
  • You can enable the cd-emulator software again by running Defogger again and clicking the "Re-enable" button. Only do this when I told you your computer is clean again.
2. Download AdwCleaner and save it to your Desktop.
  • Close all open windows.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • When the program has started, click the Scan button and wait untill the scan has finished.
  • Make sure everything (on all tabs) is selected, and click the Clean button.
  • It's possible that AdwCleaner asks you to restart the system. It's important that you agree with this.
  • After restart a logfile will appear. Please post the contents of that logfile in your next reply.
3. Please download Attached File  fixlist.txt   3.19KB   2 downloads to your Desktop.
  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!
4. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.
5. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.
6. Please remove fixlist.txt from your PC.

7. Please reboot your PC.

8. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
9. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • AdwCleaner
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#3 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 26 April 2016 - 10:37 AM

Hi Black_Bird. thank you once again for your help and understanding, you have helped me before, and i am great full for your help again.

 

Defogger did not ask me to restart, or any error occured while using Defogger.

No defogger_disable.txt was found on my desk top, but there was a defogger_disable.log ( not sure if it's the

same thing or not). Here is the defogger_disable.log.

 

I will await your approval on this before running.

  • AdwCleaner
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan

Just so i don't jump the gun on any thing.

 

Defogger

 

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:18 on 26/04/2016 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



#4 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:01 AM

Posted 26 April 2016 - 11:24 AM

Hi,

 

You may continue with the other steps. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#5 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 26 April 2016 - 12:15 PM

AdwCleaner

 

# AdwCleaner v5.113 - Logfile created 26/04/2016 at 13:09:43
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X86)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner_5.113.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\EmailNotifier
[-] Folder Deleted : C:\ProgramData\{91bec09a-d166-6720-91be-ec09ad16026b}
[-] Folder Deleted : C:\ProgramData\{a3a48d0b-6048-493c-a3a4-48d0b604342d}
[-] Folder Deleted : C:\ProgramData\{dcbaa981-98bc-7324-dcba-aa98198ba606}
[#] Folder Deleted : C:\ProgramData\Application Data\EmailNotifier
[#] Folder Deleted : C:\ProgramData\Application Data\{91bec09a-d166-6720-91be-ec09ad16026b}
[#] Folder Deleted : C:\ProgramData\Application Data\{a3a48d0b-6048-493c-a3a4-48d0b604342d}
[#] Folder Deleted : C:\ProgramData\Application Data\{dcbaa981-98bc-7324-dcba-aa98198ba606}
[-] Folder Deleted : C:\Users\User\AppData\Local\RegistryDr
[-] Folder Deleted : C:\Users\User\Documents\RegistryDr

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\fabcdac3-f906-7b0b-8993-b21806bae61a
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\RegistryDrLanguage
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{3FA98EDD-B2A4-4D04-A0CD-7762DD48DE7A}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A9B29616-8929-4881-B1DE-D5B1997DEC12}]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3690 bytes] - [26/04/2016 13:09:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [4120 bytes] - [26/04/2016 13:06:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3836 bytes] ##########
 



#6 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 26 April 2016 - 12:19 PM

RKill

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/26/2016 01:17:47 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/26/2016 01:18:45 PM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)
 



#7 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 26 April 2016 - 12:24 PM

FRST

 

Fix result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by User (2016-04-26 13:21:42) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: H - H:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: I - I:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {3e95d2ed-9379-11e5-94ea-d43d7e9908ec} - J:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {3e95d342-9379-11e5-94ea-d43d7e9908ec} - K:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {60bf1f72-92a7-11e5-bd57-d43d7e9908ec} - I:\Autorun.exe
2016-04-20 12:56 - 2016-04-20 13:16 - 161034156 _____ C:\Users\User\Downloads\23045 (1).mp4
2016-04-20 12:54 - 2016-04-20 13:04 - 43155768 _____ C:\Users\User\Downloads\22694 (1).mp4
2016-04-20 12:51 - 2016-04-20 13:30 - 563378269 _____ C:\Users\User\Downloads\22397.mp4
2016-04-20 12:09 - 2016-04-20 12:47 - 348897874 _____ C:\Users\User\Downloads\22397 (1).mp4
2016-04-20 03:44 - 2016-04-20 04:09 - 161034156 _____ C:\Users\User\Downloads\23045.mp4
2016-04-20 03:44 - 2016-04-20 03:57 - 59050166 _____ C:\Users\User\Downloads\22694.mp4
2016-04-20 03:43 - 2016-04-20 04:16 - 315002767 _____ C:\Users\User\Downloads\23758.mp4
2016-04-20 03:42 - 2016-04-20 03:59 - 71958646 _____ C:\Users\User\Downloads\23811.mp4
2016-04-19 22:46 - 2016-04-19 22:52 - 51869235 _____ C:\Users\User\Downloads\21107.mp4
2016-04-19 22:14 - 2016-04-19 22:52 - 219824802 _____ C:\Users\User\Downloads\23356.mp4
2016-04-14 00:54 - 2016-04-20 10:30 - 00000000 ____D C:\Users\User\Downloads\z
2016-04-13 13:24 - 2016-04-19 14:21 - 00000000 ____D C:\Users\User\Downloads\dorikxxx
2016-04-13 13:24 - 2016-04-19 13:32 - 00000000 ____D C:\Users\User\Downloads\blake77johnson
2016-04-13 04:05 - 2016-04-13 04:05 - 00000066 _____ C:\Users\User\Desktop\fake.txt
2016-04-09 04:08 - 2016-04-20 14:03 - 00000000 ____D C:\Users\User\Downloads\Naughtyyangel
2016-04-06 00:42 - 2016-04-06 00:48 - 475860640 _____ C:\Users\User\Documents\clip0041.avi
2016-04-06 00:16 - 2016-04-06 00:38 - 1481123130 _____ C:\Users\User\Documents\clip0040.avi
2016-04-06 00:08 - 2016-04-06 00:08 - 05632112 _____ C:\Users\User\Documents\clip0039.avi
2016-04-06 00:08 - 2016-04-06 00:08 - 00011168 _____ C:\Users\User\Documents\clip0038.avi
2016-03-31 19:26 - 2016-04-04 01:11 - 00000308 _____ C:\Users\User\Desktop\kiknames.txt
2016-03-31 14:23 - 2016-03-31 14:23 - 00000000 ____D C:\Users\User\Downloads\Mollybrooke
2016-03-31 13:21 - 2016-03-31 13:21 - 00000000 ____D C:\Users\User\Downloads\Shycloudfractals
2016-03-31 05:25 - 2016-03-31 05:25 - 00000000 ____D C:\Users\User\Downloads\chika_bomb
2016-03-31 02:38 - 2016-03-31 04:15 - 00000000 ____D C:\Users\User\Downloads\ch3rryb0mb
2016-03-31 02:38 - 2016-03-31 02:38 - 00000000 ____D C:\Users\User\Downloads\New folder (5)
2016-03-28 22:08 - 2016-03-28 22:25 - 00000000 ____D C:\Users\User\Downloads\New folder (4)
2016-03-28 22:07 - 2016-03-28 22:08 - 00000000 ____D C:\Users\User\Downloads\New folder (3)
2016-03-26 20:18 - 2016-03-27 20:03 - 00000000 ____D C:\Users\User\Downloads\New folder (2)
2016-03-26 20:18 - 2016-03-27 20:03 - 00000000 ____D C:\Users\User\Downloads\New folder (1)
2016-03-26 20:18 - 2016-03-27 20:03 - 00000000 ____D C:\Users\User\Downloads\New folder
*****************

"HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully.
"HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I" => key removed successfully.
"HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e95d2ed-9379-11e5-94ea-d43d7e9908ec}" => key removed successfully.
HKCR\CLSID\{3e95d2ed-9379-11e5-94ea-d43d7e9908ec} => key not found.
"HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e95d342-9379-11e5-94ea-d43d7e9908ec}" => key removed successfully.
HKCR\CLSID\{3e95d342-9379-11e5-94ea-d43d7e9908ec} => key not found.
"HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60bf1f72-92a7-11e5-bd57-d43d7e9908ec}" => key removed successfully.
HKCR\CLSID\{60bf1f72-92a7-11e5-bd57-d43d7e9908ec} => key not found.
"C:\Users\User\Downloads\23045 (1).mp4" => not found.
"C:\Users\User\Downloads\22694 (1).mp4" => not found.
"C:\Users\User\Downloads\22397.mp4" => not found.
"C:\Users\User\Downloads\22397 (1).mp4" => not found.
"C:\Users\User\Downloads\23045.mp4" => not found.
"C:\Users\User\Downloads\22694.mp4" => not found.
"C:\Users\User\Downloads\23758.mp4" => not found.
"C:\Users\User\Downloads\23811.mp4" => not found.
"C:\Users\User\Downloads\21107.mp4" => not found.
"C:\Users\User\Downloads\23356.mp4" => not found.
C:\Users\User\Downloads\z => moved successfully
C:\Users\User\Downloads\dorikxxx => moved successfully
C:\Users\User\Downloads\blake77johnson => moved successfully
C:\Users\User\Desktop\fake.txt => moved successfully
C:\Users\User\Downloads\Naughtyyangel => moved successfully
C:\Users\User\Documents\clip0041.avi => moved successfully
C:\Users\User\Documents\clip0040.avi => moved successfully
C:\Users\User\Documents\clip0039.avi => moved successfully
C:\Users\User\Documents\clip0038.avi => moved successfully
C:\Users\User\Desktop\kiknames.txt => moved successfully
C:\Users\User\Downloads\Mollybrooke => moved successfully
C:\Users\User\Downloads\Shycloudfractals => moved successfully
C:\Users\User\Downloads\chika_bomb => moved successfully
C:\Users\User\Downloads\ch3rryb0mb => moved successfully
C:\Users\User\Downloads\New folder (5) => moved successfully
"C:\Users\User\Downloads\New folder (4)" => not found.
"C:\Users\User\Downloads\New folder (3)" => not found.
"C:\Users\User\Downloads\New folder (2)" => not found.
"C:\Users\User\Downloads\New folder (1)" => not found.
C:\Users\User\Downloads\New folder => moved successfully

==== End of Fixlog 13:21:52 ====



#8 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 26 April 2016 - 12:28 PM

6. Please remove fixlist.txt from your PC.

 

sorry but it's not there any more. i did not delete it or any thing. it's just not there anymore :smash:



#9 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:01 AM

Posted 26 April 2016 - 02:59 PM

Hi,

 

You may continue with step 7, 8 and 9. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#10 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 26 April 2016 - 05:17 PM

PC is running normal ( keeping in mind it's over 5 years old lol )

with no problems so far.

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by User (administrator) on USER-PC (26-04-2016 18:12:40)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid\Vid.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7519960 2015-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [883280 2015-12-10] (BlueStack Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D87944A2-C95E-4AB3-ACD8-072F5585A6E3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-20] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\extensions\artur.dubovoy@gmail.com [2016-04-03]
FF Extension: Download YouTube Videos as MP4 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-26]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-20]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Video Downloader Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [432720 2015-12-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [412240 2015-12-10] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [854608 2015-12-10] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2099720 2015-11-25] (Electronic Arts)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [86752 2015-04-16] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [179936 2015-04-16] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [132216 2015-12-10] (BlueStack Systems)
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-05-14] (Logitech Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 eapihdrv; \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 13:21 - 2016-04-26 13:21 - 00006374 _____ C:\Users\User\Desktop\Fixlog.txt
2016-04-26 13:17 - 2016-04-26 13:18 - 00002040 _____ C:\Users\User\Desktop\Rkill.txt
2016-04-26 13:16 - 2016-04-26 13:17 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
2016-04-26 13:05 - 2016-04-26 13:09 - 00000000 ____D C:\AdwCleaner
2016-04-26 13:04 - 2016-04-26 13:04 - 03580480 _____ C:\Users\User\Desktop\adwcleaner_5.113.exe
2016-04-26 13:04 - 2016-04-26 13:04 - 00000066 _____ C:\Users\User\Desktop\kikdog.txt
2016-04-26 11:18 - 2016-04-26 11:18 - 00000000 _____ C:\Users\User\defogger_reenable
2016-04-26 11:17 - 2016-04-26 11:17 - 00050477 _____ C:\Users\User\Desktop\Defogger.exe
2016-04-25 10:14 - 2016-04-26 18:12 - 00013679 _____ C:\Users\User\Desktop\FRST.txt
2016-04-25 10:14 - 2016-04-25 10:15 - 00026729 _____ C:\Users\User\Desktop\Addition.txt
2016-04-25 10:13 - 2016-04-26 18:12 - 00000000 ____D C:\FRST
2016-04-25 10:11 - 2016-04-25 10:11 - 01726464 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3.lnk
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3 Supernatural.lnk
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3 Seasons.lnk
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3 Island Paradise.lnk
2016-04-20 15:53 - 2016-04-25 09:52 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-20 15:53 - 2016-04-25 09:51 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-20 15:48 - 2016-04-25 09:52 - 00002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-20 15:48 - 2016-04-25 09:51 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-20 15:46 - 2016-04-26 17:51 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 15:46 - 2016-04-26 17:13 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 14:42 - 2016-04-20 14:42 - 00019046 _____ C:\Users\User\Desktop\bm link.txt
2016-04-18 14:19 - 2016-04-18 23:44 - 00000092 _____ C:\Users\User\Desktop\madmax.txt
2016-04-18 14:19 - 2016-04-18 14:19 - 00000107 _____ C:\Users\User\Desktop\king.txt
2016-04-14 10:31 - 2016-04-16 16:22 - 00000154 _____ C:\Users\User\Desktop\kn.txt
2016-04-13 14:12 - 2016-04-20 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-05 23:18 - 2016-04-05 23:18 - 00000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 18:08 - 2014-07-08 00:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-26 17:20 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-26 17:20 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-26 17:18 - 2014-07-07 19:22 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-26 17:17 - 2014-07-04 11:29 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-26 17:17 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-04-26 17:13 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-26 17:10 - 2014-07-25 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-04-26 12:52 - 2015-03-12 03:09 - 00001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-26 02:00 - 2014-08-16 02:00 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-04-25 14:36 - 2014-08-02 04:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-04-25 12:32 - 2014-07-10 05:55 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-04-25 09:52 - 2015-02-27 16:02 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2016-04-25 09:52 - 2015-02-22 00:32 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-25 09:52 - 2014-09-15 09:26 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-25 09:52 - 2014-07-14 04:25 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2016-04-25 09:52 - 2014-07-14 04:19 - 00001492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-04-25 09:52 - 2014-07-04 16:14 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-25 09:52 - 2014-07-04 16:02 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-25 09:52 - 2014-07-04 11:25 - 00001393 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-25 09:52 - 2014-07-03 19:46 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-25 09:52 - 2014-07-03 19:46 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-25 09:52 - 2009-07-14 00:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-25 09:51 - 2016-03-02 09:55 - 00000981 _____ C:\Users\User\Desktop\Handbrake.lnk
2016-04-25 09:51 - 2016-02-29 19:01 - 00001179 _____ C:\Users\User\Desktop\Ann Free Video Converter 4.5.1.lnk
2016-04-25 09:51 - 2016-02-29 12:10 - 00000904 _____ C:\Users\User\Desktop\VideoLobster.lnk
2016-04-25 09:51 - 2015-12-22 22:39 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-25 09:51 - 2015-12-14 01:13 - 00001701 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-04-25 09:51 - 2015-12-14 01:13 - 00001641 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-04-25 09:51 - 2015-11-25 20:50 - 00000935 _____ C:\Users\Public\Desktop\Origin.lnk
2016-04-25 09:51 - 2015-11-23 19:37 - 00000963 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-04-25 09:51 - 2015-09-02 16:41 - 00001809 _____ C:\Users\Public\Desktop\ooVoo.lnk
2016-04-25 09:51 - 2015-06-10 00:24 - 00000948 _____ C:\Users\Public\Desktop\Logitech Vid.lnk
2016-04-25 09:51 - 2015-02-27 16:02 - 00001741 _____ C:\Users\Public\Desktop\Eraser.lnk
2016-04-25 09:51 - 2015-02-22 00:32 - 00001067 _____ C:\Users\Public\Desktop\Opera.lnk
2016-04-25 09:51 - 2015-02-05 23:01 - 00001576 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2016-04-25 09:51 - 2014-09-15 09:28 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-25 09:51 - 2014-08-22 04:59 - 00001945 _____ C:\Users\User\Desktop\Widelands - Mapeditor.lnk
2016-04-25 09:51 - 2014-08-22 04:59 - 00001851 _____ C:\Users\User\Desktop\Widelands.lnk
2016-04-25 09:51 - 2014-08-04 02:28 - 00000935 _____ C:\Users\User\Desktop\HyperCam 2.lnk
2016-04-25 09:51 - 2014-08-02 05:08 - 00001456 _____ C:\Users\User\Desktop\Skype.exe - Shortcut.lnk
2016-04-25 09:51 - 2014-07-31 02:00 - 00001064 _____ C:\Users\User\Desktop\NeoDownloader Lite.lnk
2016-04-25 09:51 - 2014-07-15 07:46 - 00001885 _____ C:\Users\User\Desktop\CyberGhost 5.lnk
2016-04-25 09:51 - 2014-07-15 03:56 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-25 09:51 - 2014-07-14 08:05 - 00001248 _____ C:\Users\User\Desktop\Adobe Photoshop CC 2014 (32 Bit).lnk
2016-04-25 09:51 - 2014-07-14 07:39 - 00001045 _____ C:\Users\Public\Desktop\ManyCam.lnk
2016-04-25 09:51 - 2014-07-14 04:19 - 00001486 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-04-25 09:51 - 2014-07-13 01:30 - 00001047 _____ C:\Users\User\Desktop\iWisoft Free Video Converter.lnk
2016-04-25 09:51 - 2014-07-05 08:45 - 00002105 _____ C:\Users\User\Desktop\Microsoft Security Essentials.lnk
2016-04-25 09:51 - 2014-07-04 17:04 - 00002184 _____ C:\Users\Public\Desktop\Roxio Creator Home.lnk
2016-04-25 09:51 - 2014-07-04 17:03 - 00002675 _____ C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
2016-04-25 09:51 - 2014-07-04 17:03 - 00002637 _____ C:\Users\User\Desktop\Microsoft Office Excel 2007.lnk
2016-04-25 09:51 - 2014-07-04 16:04 - 00001022 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-25 09:51 - 2014-07-04 16:02 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-04-25 09:51 - 2009-07-14 00:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-25 09:51 - 2009-07-14 00:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-25 09:31 - 2014-07-15 03:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-23 00:25 - 2015-02-22 00:32 - 00000000 ____D C:\Program Files\Opera
2016-04-22 21:43 - 2014-07-15 06:26 - 00000000 ____D C:\Users\User\Documents\iWisoft Free Video Converter
2016-04-22 10:49 - 2014-08-02 04:36 - 00000000 ___RD C:\Program Files\Skype
2016-04-22 10:48 - 2014-08-02 04:36 - 00000000 ____D C:\ProgramData\Skype
2016-04-22 03:57 - 2014-07-04 15:26 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-20 15:53 - 2014-07-07 17:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-20 15:48 - 2014-12-30 05:06 - 00000000 ____D C:\Program Files\Google
2016-04-20 12:00 - 2016-02-28 21:42 - 00000000 ____D C:\Users\User\Downloads\1
2016-04-14 21:13 - 2014-09-05 09:59 - 00000000 ____D C:\Users\User\Desktop\Tor Browser
2016-04-14 10:30 - 2015-11-13 17:19 - 00000351 _____ C:\Users\User\Desktop\my kik names.txt
2016-04-13 11:50 - 2015-11-16 09:45 - 00000000 ____D C:\Users\User\Downloads\NeoDownloader
2016-04-12 14:06 - 2016-03-18 22:07 - 00000000 ____D C:\Users\User\Downloads\pinkrbelle
2016-04-12 00:24 - 2016-03-02 09:56 - 00000000 ____D C:\Users\User\AppData\Roaming\HandBrake
2016-04-08 16:08 - 2014-07-08 00:58 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-08 16:08 - 2014-07-08 00:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-31 18:29 - 2016-02-18 00:22 - 00000000 ____D C:\Users\User\Downloads\wildkittens1

==================== Files in the root of some directories =======

2015-03-12 03:09 - 2016-04-26 12:52 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-06 13:27 - 2015-11-06 13:27 - 0000458 _____ () C:\ProgramData\Local Disk (D) - Shortcut.lnk

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\msvcr120.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-21 11:15

==================== End of FRST.txt ============================



#11 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:01 AM

Posted 28 April 2016 - 04:25 PM

Hi,

 

1. Please download Attached File  fixlist.txt   443bytes   2 downloads to your Desktop.

  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!


2. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.


3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.


4. Please remove fixlist.txt from your PC.

5. Please reboot your PC.

6. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.


7. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#12 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 28 April 2016 - 05:31 PM

RKill

 

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/28/2016 06:27:22 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/28/2016 06:28:11 PM
Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)
 



#13 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 28 April 2016 - 05:34 PM

FRST

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by User (2016-04-28 18:32:20) Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
2016-04-20 12:00 - 2016-02-28 21:42 - 00000000 ____D C:\Users\User\Downloads\1
2016-04-14 10:30 - 2015-11-13 17:19 - 00000351 _____ C:\Users\User\Desktop\my kik names.txt
2016-04-13 11:50 - 2015-11-16 09:45 - 00000000 ____D C:\Users\User\Downloads\NeoDownloader
2016-04-12 14:06 - 2016-03-18 22:07 - 00000000 ____D C:\Users\User\Downloads\pinkrbelle
2016-03-31 18:29 - 2016-02-18 00:22 - 00000000 ____D C:\Users\User\Downloads\wildkittens1
*****************

C:\Users\User\Downloads\1 => moved successfully
"C:\Users\User\Desktop\my kik names.txt" => not found.
C:\Users\User\Downloads\NeoDownloader => moved successfully
C:\Users\User\Downloads\pinkrbelle => moved successfully
C:\Users\User\Downloads\wildkittens1 => moved successfully

==== End of Fixlog 18:32:23 ====



#14 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 28 April 2016 - 05:44 PM

FRST 2

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by User (administrator) on USER-PC (28-04-2016 18:40:34)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid\Vid.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7519960 2015-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [883280 2015-12-10] (BlueStack Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D87944A2-C95E-4AB3-ACD8-072F5585A6E3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-20] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\extensions\artur.dubovoy@gmail.com [2016-04-03]
FF Extension: Download YouTube Videos as MP4 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-26]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-20]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Video Downloader Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [432720 2015-12-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [412240 2015-12-10] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [854608 2015-12-10] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2099720 2015-11-25] (Electronic Arts)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [86752 2015-04-16] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [179936 2015-04-16] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [132216 2015-12-10] (BlueStack Systems)
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-05-14] (Logitech Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 eapihdrv; \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 18:40 - 2016-04-28 18:41 - 00013525 _____ C:\Users\User\Desktop\FRST.txt
2016-04-28 18:32 - 2016-04-28 18:32 - 00001088 _____ C:\Users\User\Desktop\Fixlog.txt
2016-04-28 18:27 - 2016-04-28 18:28 - 00002040 _____ C:\Users\User\Desktop\Rkill.txt
2016-04-28 18:24 - 2016-04-28 18:24 - 00000000 ____D C:\Users\User\Desktop\text
2016-04-26 21:18 - 2016-04-26 21:28 - 63980091 _____ C:\Users\User\Downloads\51307.mp4
2016-04-26 13:16 - 2016-04-26 13:17 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
2016-04-26 13:05 - 2016-04-26 13:09 - 00000000 ____D C:\AdwCleaner
2016-04-26 13:04 - 2016-04-26 13:04 - 03580480 _____ C:\Users\User\Desktop\adwcleaner_5.113.exe
2016-04-26 11:18 - 2016-04-26 11:18 - 00000000 _____ C:\Users\User\defogger_reenable
2016-04-26 11:17 - 2016-04-26 11:17 - 00050477 _____ C:\Users\User\Desktop\Defogger.exe
2016-04-25 10:13 - 2016-04-28 18:40 - 00000000 ____D C:\FRST
2016-04-25 10:11 - 2016-04-25 10:11 - 01726464 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3.lnk
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3 Supernatural.lnk
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3 Seasons.lnk
2016-04-25 09:51 - 2016-04-25 09:51 - 00000080 _____ C:\Users\Public\Desktop\The SimsT 3 Island Paradise.lnk
2016-04-20 15:53 - 2016-04-25 09:52 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-20 15:53 - 2016-04-25 09:51 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-20 15:48 - 2016-04-25 09:52 - 00002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-20 15:48 - 2016-04-25 09:51 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-20 15:46 - 2016-04-28 18:37 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 15:46 - 2016-04-28 13:51 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 14:12 - 2016-04-20 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-05 23:18 - 2016-04-05 23:18 - 00000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 18:37 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-28 18:34 - 2014-07-25 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-04-28 18:27 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-28 18:27 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-28 18:25 - 2014-07-07 19:22 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-28 18:24 - 2014-07-04 11:29 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-28 18:24 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-04-28 18:20 - 2014-08-16 02:00 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-04-28 14:08 - 2014-07-08 00:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-26 12:52 - 2015-03-12 03:09 - 00001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-25 14:36 - 2014-08-02 04:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-04-25 12:32 - 2014-07-10 05:55 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-04-25 09:52 - 2015-02-27 16:02 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2016-04-25 09:52 - 2015-02-22 00:32 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-25 09:52 - 2014-09-15 09:26 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-25 09:52 - 2014-07-14 04:25 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2016-04-25 09:52 - 2014-07-14 04:19 - 00001492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-04-25 09:52 - 2014-07-04 16:14 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-25 09:52 - 2014-07-04 16:02 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-25 09:52 - 2014-07-04 11:25 - 00001393 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-25 09:52 - 2014-07-03 19:46 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-25 09:52 - 2014-07-03 19:46 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-25 09:52 - 2009-07-14 00:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-25 09:52 - 2009-07-14 00:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-25 09:51 - 2016-03-02 09:55 - 00000981 _____ C:\Users\User\Desktop\Handbrake.lnk
2016-04-25 09:51 - 2016-02-29 19:01 - 00001179 _____ C:\Users\User\Desktop\Ann Free Video Converter 4.5.1.lnk
2016-04-25 09:51 - 2016-02-29 12:10 - 00000904 _____ C:\Users\User\Desktop\VideoLobster.lnk
2016-04-25 09:51 - 2015-12-22 22:39 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-25 09:51 - 2015-12-14 01:13 - 00001701 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-04-25 09:51 - 2015-12-14 01:13 - 00001641 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-04-25 09:51 - 2015-11-25 20:50 - 00000935 _____ C:\Users\Public\Desktop\Origin.lnk
2016-04-25 09:51 - 2015-11-23 19:37 - 00000963 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-04-25 09:51 - 2015-09-02 16:41 - 00001809 _____ C:\Users\Public\Desktop\ooVoo.lnk
2016-04-25 09:51 - 2015-06-10 00:24 - 00000948 _____ C:\Users\Public\Desktop\Logitech Vid.lnk
2016-04-25 09:51 - 2015-02-27 16:02 - 00001741 _____ C:\Users\Public\Desktop\Eraser.lnk
2016-04-25 09:51 - 2015-02-22 00:32 - 00001067 _____ C:\Users\Public\Desktop\Opera.lnk
2016-04-25 09:51 - 2015-02-05 23:01 - 00001576 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2016-04-25 09:51 - 2014-09-15 09:28 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-25 09:51 - 2014-08-22 04:59 - 00001945 _____ C:\Users\User\Desktop\Widelands - Mapeditor.lnk
2016-04-25 09:51 - 2014-08-22 04:59 - 00001851 _____ C:\Users\User\Desktop\Widelands.lnk
2016-04-25 09:51 - 2014-08-04 02:28 - 00000935 _____ C:\Users\User\Desktop\HyperCam 2.lnk
2016-04-25 09:51 - 2014-08-02 05:08 - 00001456 _____ C:\Users\User\Desktop\Skype.exe - Shortcut.lnk
2016-04-25 09:51 - 2014-07-31 02:00 - 00001064 _____ C:\Users\User\Desktop\NeoDownloader Lite.lnk
2016-04-25 09:51 - 2014-07-15 07:46 - 00001885 _____ C:\Users\User\Desktop\CyberGhost 5.lnk
2016-04-25 09:51 - 2014-07-15 03:56 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-25 09:51 - 2014-07-14 08:05 - 00001248 _____ C:\Users\User\Desktop\Adobe Photoshop CC 2014 (32 Bit).lnk
2016-04-25 09:51 - 2014-07-14 07:39 - 00001045 _____ C:\Users\Public\Desktop\ManyCam.lnk
2016-04-25 09:51 - 2014-07-14 04:19 - 00001486 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-04-25 09:51 - 2014-07-13 01:30 - 00001047 _____ C:\Users\User\Desktop\iWisoft Free Video Converter.lnk
2016-04-25 09:51 - 2014-07-05 08:45 - 00002105 _____ C:\Users\User\Desktop\Microsoft Security Essentials.lnk
2016-04-25 09:51 - 2014-07-04 17:04 - 00002184 _____ C:\Users\Public\Desktop\Roxio Creator Home.lnk
2016-04-25 09:51 - 2014-07-04 17:03 - 00002675 _____ C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
2016-04-25 09:51 - 2014-07-04 17:03 - 00002637 _____ C:\Users\User\Desktop\Microsoft Office Excel 2007.lnk
2016-04-25 09:51 - 2014-07-04 16:04 - 00001022 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-25 09:51 - 2014-07-04 16:02 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-04-25 09:51 - 2009-07-14 00:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-25 09:51 - 2009-07-14 00:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-25 09:31 - 2014-07-15 03:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-23 00:25 - 2015-02-22 00:32 - 00000000 ____D C:\Program Files\Opera
2016-04-22 21:43 - 2014-07-15 06:26 - 00000000 ____D C:\Users\User\Documents\iWisoft Free Video Converter
2016-04-22 10:49 - 2014-08-02 04:36 - 00000000 ___RD C:\Program Files\Skype
2016-04-22 10:49 - 2014-08-02 04:36 - 00000000 ____D C:\ProgramData\Skype
2016-04-22 03:57 - 2014-07-04 15:26 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-20 15:53 - 2014-07-07 17:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-20 15:48 - 2014-12-30 05:06 - 00000000 ____D C:\Program Files\Google
2016-04-14 21:13 - 2014-09-05 09:59 - 00000000 ____D C:\Users\User\Desktop\Tor Browser
2016-04-12 00:24 - 2016-03-02 09:56 - 00000000 ____D C:\Users\User\AppData\Roaming\HandBrake
2016-04-08 16:08 - 2014-07-08 00:58 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-08 16:08 - 2014-07-08 00:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-03-12 03:09 - 2016-04-26 12:52 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-06 13:27 - 2015-11-06 13:27 - 0000458 _____ () C:\ProgramData\Local Disk (D) - Shortcut.lnk

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\msvcr120.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-28 10:14

==================== End of FRST.txt ============================



#15 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:02:01 AM

Posted 28 April 2016 - 05:47 PM

PC is running fine. I would even go as far as to say , it seems a bit faster than normal .






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users