Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with you are a fool virus


  • Please log in to reply
1 reply to this topic

#1 Silas1990

Silas1990

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 26 April 2016 - 12:53 PM

My PC is infected with 'You are a fool virus'. A Batch file (Movie.bat) is created automatically by the virus on all the disk partitions and also on whatever secondary storage medium added. The Movie.bat file gets created automatically as soon as it is deleted manually. I have tried few antivirus solutions but all went in vain.Kindly assist to get rid of this virus. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016 Ran by JACK (administrator) on JACK-PC (26-04-2016 23:01:59) Running from C:\Users\JACK\Downloads Loaded Profiles: JACK (Available Profiles: JACK) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe (Google Inc) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe (Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe () C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Waterfox) C:\Program Files\Waterfox\waterfox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited) HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Limited) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [6111312 2015-11-06] (AVAST Software) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation) HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD) HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\Run: [Google Update] => C:\Users\JACK\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.) HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\MountPoints2: J - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\setup.exe HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\MountPoints2: {06f47d6e-7b6a-11e5-a3ed-0220185a0501} - J:\.\StartModem.exe HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\MountPoints2: {0efbdc14-ab23-11e5-ab50-0270fa3a0501} - L:\Lenovo_Suite.exe HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\MountPoints2: {14a0cd63-2265-11e5-b444-0270f9330501} - J:\Lenovo_Suite.exe HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\MountPoints2: {5c0b1e91-384a-11e5-80a2-0250f9330501} - J:\Lenovo_Suite.exe HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\MountPoints2: {6cb4a1b0-ee46-11e4-a245-026097310501} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Start.exe HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\MountPoints2: {bc46fb69-9be0-11e5-881b-02705a5d0501} - J:\OnePlus_setup.exe /s HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\MountPoints2: {bc46fb6d-9be0-11e5-881b-02705a5d0501} - J:\OnePlus_setup.exe /s HKU\S-1-5-21-2883628202-849785546-2145135595-1000\...\MountPoints2: {cf42579b-5dd8-11e4-9c2a-74d4359c236b} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Q:\start.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-08-06] (AVAST Software) Startup: C:\Users\JACK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.bat [2016-04-24] () Startup: C:\Users\JACK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-04-24] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2CA5DE9B-27E1-48EF-96AB-16B9FFD36B80}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-27] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-08-06] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-27] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-08-06] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\JACK\AppData\Roaming\Mozilla\Firefox\Profiles\w0t5bsfq.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-13] () FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-27] (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-28] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2883628202-849785546-2145135595-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\JACK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2883628202-849785546-2145135595-1000: @talk.google.com/O1DPlugin -> C:\Users\JACK\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2883628202-849785546-2145135595-1000: @tools.google.com/Google Update;version=3 -> C:\Users\JACK\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-2883628202-849785546-2145135595-1000: @tools.google.com/Google Update;version=9 -> C:\Users\JACK\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\JACK\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\JACK\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Extension: Firebug - C:\Users\JACK\AppData\Roaming\Mozilla\Firefox\Profiles\w0t5bsfq.default\Extensions\firebug@software.joehewitt.com.xpi [2016-03-31] FF Extension: SaveFrom.net helper - C:\Users\JACK\AppData\Roaming\Mozilla\Firefox\Profiles\w0t5bsfq.default\Extensions\helper@savefrom.net.xpi [2015-07-30] [not signed] FF Extension: Adblock Plus - C:\Users\JACK\AppData\Roaming\Mozilla\Firefox\Profiles\w0t5bsfq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25] FF HKLM-x32\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-10-24] [not signed] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015-12-11] Chrome: ======= CHR Profile: C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14] CHR Extension: (Adblock Plus) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09] CHR Extension: (Google Search) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-14] CHR Extension: (Postman) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-03-15] CHR Extension: (Chrome Remote Desktop) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-03-14] CHR Extension: (Avast Online Security) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13] CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2016-01-22] CHR Extension: (Chrome Web Store Payments) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-20] CHR Extension: (Gmail) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14] CHR Profile: C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Docs) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-20] CHR Extension: (Google Drive) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-20] CHR Extension: (YouTube) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20] CHR Extension: (Tampermonkey) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-12] CHR Extension: (Avast SafePrice) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-15] CHR Extension: (Google Docs Offline) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05] CHR Extension: (Gmail) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20] CHR Extension: (Chrome Media Router) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-04-23] CHR Profile: C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5 CHR Extension: (Google Docs) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-18] CHR Extension: (Google Drive) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18] CHR Extension: (Google Search) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Tampermonkey) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-10-17] CHR Extension: (Google Docs Offline) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19] CHR Extension: (AdBlock) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-19] CHR Extension: (IDM Integration Module) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-10-25] CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2015-10-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-17] CHR Extension: (Gmail) - C:\Users\JACK\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-18] CHR HKU\S-1-5-21-2883628202-849785546-2145135595-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-06] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-08-06] CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2014-10-24] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [146600 2015-08-06] (AVAST Software) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.) R2 GoogleInputService; C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe [164888 2015-04-14] (Google Inc) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo) R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation) R2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini [8924 2014-10-24] () [File not signed] R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.) R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Limited) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed] S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-06] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-06] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-06] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-06] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-06] (AVAST Software) S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) S3 mtkmbim; C:\Windows\System32\DRIVERS\mtkmbim7_x64.sys [208896 2012-10-30] (MediaTek Inc.) [File not signed] S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation) S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [81408 2013-02-21] (MediaTek Inc.) [File not signed] S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation) S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-26 23:01 - 2016-04-26 23:02 - 00028383 _____ C:\Users\JACK\Downloads\FRST.txt 2016-04-26 23:01 - 2016-04-26 23:01 - 00000000 ____D C:\FRST 2016-04-26 22:57 - 2016-04-26 23:00 - 02376192 _____ (Farbar) C:\Users\JACK\Downloads\FRST64.exe 2016-04-25 20:30 - 2016-04-25 20:30 - 00000165 ____H C:\Users\JACK\Downloads\~$Study Plan - AWS Developer (Associate).xlsx 2016-04-25 20:27 - 2016-04-25 20:27 - 00922644 _____ C:\Users\JACK\Downloads\Study Plan - AWS Developer (Associate).xlsx 2016-04-24 00:59 - 2016-04-24 00:59 - 00000959 _____ C:\Users\JACK\AppData\Roaming\vol.bat 2016-04-24 00:59 - 2016-02-12 12:59 - 00001159 _____ C:\Users\JACK\AppData\Roaming\movie.bat 2016-04-24 00:17 - 2016-04-24 00:17 - 00000001 _____ C:\Users\JACK\AppData\Local\llftool.4.40.agreement 2016-04-23 19:43 - 2016-04-23 19:44 - 04759086 _____ C:\Users\JACK\Downloads\sriram.pdf 2016-04-23 19:36 - 2016-04-23 19:36 - 00531773 _____ C:\Users\JACK\Downloads\Qp (2).html 2016-04-23 19:24 - 2016-04-23 19:24 - 00531773 _____ C:\Users\JACK\Downloads\Qp (1).html 2016-04-23 19:23 - 2016-04-23 19:24 - 00531773 _____ C:\Users\JACK\Downloads\Qp.html 2016-04-19 15:46 - 2016-04-19 15:49 - 00000000 ____D C:\Users\JACK\Documents\KONAMI 2016-04-19 15:46 - 2016-04-19 15:46 - 00000000 ____D C:\ProgramData\Steam 2016-04-19 15:46 - 2016-04-19 15:46 - 00000000 ____D C:\ProgramData\KONAMI 2016-04-18 07:47 - 2016-04-18 07:57 - 31408486 _____ C:\Users\JACK\Downloads\projectMBA.rar 2016-04-12 22:51 - 2016-04-13 00:20 - 00773522 _____ C:\Users\JACK\Downloads\Unconfirmed 667099.crdownload 2016-04-11 10:58 - 2016-04-11 13:06 - 00000000 ____D C:\Users\JACK\Desktop\24 (2016) - 320Kbps - (www.songspksongspk.co) 2016-04-09 16:25 - 2016-04-09 16:25 - 00016511 _____ C:\Users\JACK\Desktop\XZIcq5t_.htm 2016-04-08 11:21 - 2016-04-06 22:58 - 369836251 ____N C:\Users\JACK\Desktop\Sawari.mp4 2016-04-05 16:21 - 2016-04-05 16:34 - 00000000 ____D C:\Users\JACK\Documents\Antimafx Street Cricket 2016-04-05 16:21 - 2016-04-05 16:21 - 00000000 ____D C:\Users\JACK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntimaFX 2016-04-05 16:21 - 2016-04-05 16:21 - 00000000 ____D C:\Program Files (x86)\AntimaFX 2016-04-03 20:44 - 2016-04-03 15:14 - 00716210 _____ C:\Users\JACK\Downloads\Manual Handling Employee Quest Downloader_.rar 2016-04-02 16:23 - 2016-04-02 16:23 - 00000000 ____D C:\Users\JACK\AppData\Local\Criterion Games 2016-04-02 16:03 - 2016-04-02 16:03 - 00278407 _____ C:\Users\JACK\Downloads\31092910.pdf 2016-04-02 07:53 - 2016-04-02 08:07 - 00000000 ____D C:\Users\JACK\AppData\Local\UmmyVideoDownloader 2016-04-02 07:53 - 2016-04-02 07:53 - 00001196 _____ C:\Users\Public\Desktop\UmmyVideoDownloader.lnk 2016-04-02 07:53 - 2016-04-02 07:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader 2016-04-02 07:48 - 2016-04-02 07:49 - 01698184 _____ C:\Users\JACK\Downloads\UmmyVD-Web-Loader.exe 2016-04-02 07:30 - 2016-04-02 07:32 - 05517732 _____ C:\Users\JACK\Downloads\OFFICIAL - Is She With You - Batman v Superman Soundtrack - Hans Zimmer & Junkie XL.aac 2016-04-01 22:11 - 2016-04-01 22:11 - 00000000 ____D C:\Users\JACK\Desktop\bbPlan 2016-03-30 11:48 - 2016-03-30 11:48 - 00000000 ____D C:\Users\JACK\Documents\Freedom Fighters 2016-03-30 11:17 - 2016-03-30 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO2Disc 2016-03-29 09:35 - 2016-03-29 10:17 - 146065304 _____ (Sophos Limited) C:\Users\JACK\Downloads\Sophos Virus Removal Tool.exe 2016-03-29 08:44 - 2016-03-29 09:22 - 112569722 _____ (Sophos Limited) C:\Users\JACK\Downloads\Unconfirmed 471850.crdownload 2016-03-29 08:05 - 2016-03-29 08:32 - 90947672 _____ (Kaspersky Lab ZAO) C:\Users\JACK\Downloads\KVRT.exe 2016-03-27 09:09 - 2016-03-27 09:09 - 00001749 _____ C:\Users\JACK\Downloads\Tableau- Stag Query.sql 2016-03-27 09:08 - 2016-03-27 09:08 - 00000593 _____ C:\Users\JACK\Downloads\Tableau - PO.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-26 22:50 - 2014-10-25 20:29 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2883628202-849785546-2145135595-1000UA.job 2016-04-26 22:32 - 2014-10-25 20:29 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2883628202-849785546-2145135595-1000Core.job 2016-04-26 22:21 - 2014-10-24 19:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-26 10:21 - 2014-10-24 18:51 - 00000000 ____D C:\Users\JACK\AppData\Roaming\vlc 2016-04-26 10:01 - 2014-10-24 19:09 - 00000000 ____D C:\Users\JACK\AppData\Local\Adobe 2016-04-25 20:26 - 2015-03-11 20:09 - 00004948 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JACK-PC-JACK JACK-PC 2016-04-25 20:12 - 2009-07-14 10:15 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-25 20:12 - 2009-07-14 10:15 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-25 20:06 - 2014-11-25 20:35 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-04-25 20:05 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-24 23:22 - 2009-07-14 10:43 - 00782166 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-24 23:22 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf 2016-04-24 22:54 - 2015-07-11 23:45 - 00129867 _____ C:\Users\JACK\Documents\roomExpences.xlsx 2016-04-22 10:27 - 2015-11-20 11:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-22 10:27 - 2015-11-20 11:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-04-19 17:02 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF 2016-04-19 15:49 - 2016-02-22 09:58 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics 2016-04-18 09:42 - 2016-03-08 22:44 - 00000000 ____D C:\Users\JACK\Downloads\projectMBA 2016-04-11 08:07 - 2015-03-02 18:11 - 00000000 ____D C:\Users\JACK\AppData\LocalLow\Temp 2016-04-10 22:52 - 2015-10-02 01:42 - 00000000 ____D C:\Users\JACK\Documents\Outlook Files 2016-04-09 21:25 - 2014-10-24 21:57 - 00000000 ____D C:\Users\JACK\AppData\Roaming\BitTorrent 2016-04-06 00:00 - 2015-03-29 21:04 - 00000000 ____D C:\Users\JACK\AppData\Local\Eclipse 2016-04-05 22:29 - 2015-07-15 23:36 - 00266240 ___SH C:\Users\JACK\Documents\Thumbs.db 2016-04-05 09:55 - 2015-02-01 15:40 - 00037852 _____ C:\Users\JACK\Desktop\puma.jpeg 2016-04-03 19:23 - 2016-03-15 20:25 - 00000000 ____D C:\Program Files (x86)\iCare Data Recovery 2016-04-02 01:34 - 2014-11-17 21:33 - 00000000 ____D C:\Users\JACK\Downloads\notes 2016-03-30 12:58 - 2014-10-24 19:05 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-30 11:17 - 2016-01-02 17:01 - 00000000 ____D C:\Program Files (x86)\Top Password 2016-03-27 09:38 - 2016-02-27 20:06 - 00000000 ____D C:\Users\JACK\Downloads\eclipse ==================== Files in the root of some directories ======= 2014-10-25 00:06 - 2014-10-25 00:04 - 0000160 _____ () C:\Program Files (x86)\INSTALL.LOG 2014-11-29 21:19 - 2014-11-29 21:19 - 0000132 _____ () C:\Users\JACK\AppData\Roaming\Adobe GIF Format CS6 Prefs 2015-03-18 00:42 - 2016-02-26 08:34 - 0000132 _____ () C:\Users\JACK\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-04-24 00:59 - 2016-02-12 12:59 - 0001159 _____ () C:\Users\JACK\AppData\Roaming\movie.bat 2016-04-24 00:59 - 2016-04-24 00:59 - 0000959 _____ () C:\Users\JACK\AppData\Roaming\vol.bat 2016-03-24 09:05 - 2016-03-24 09:05 - 0000000 ____H () C:\Users\JACK\AppData\Local\BIT5206.tmp 2016-04-24 00:17 - 2016-04-24 00:17 - 0000001 _____ () C:\Users\JACK\AppData\Local\llftool.4.40.agreement 2015-04-09 14:08 - 2015-09-11 14:45 - 0007601 _____ () C:\Users\JACK\AppData\Local\Resmon.ResmonCfg 2015-07-22 07:36 - 2015-07-22 07:36 - 0000000 _____ () C:\Users\JACK\AppData\Local\{880A91E4-7ED7-4AE9-89E8-D6341A1F73A4} 2016-03-24 09:04 - 2016-03-24 09:04 - 0000000 _____ () C:\Users\JACK\AppData\Local\{8A260755-890D-47F0-ABA0-EA36B7B2D785} 2014-12-30 22:13 - 2014-12-30 22:13 - 0000000 _____ () C:\Users\JACK\AppData\Local\{FF1C1416-3F68-4B80-9ADA-8F18C1E141E4} ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-18 00:51 ==================== End of FRST.txt ============================

BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 26 April 2016 - 01:19 PM

Hello Silas1990 and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 

Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...

Attached Images

 

Ashampoo_Snap_20140927_13h17m38s_001_Far

 

Sincerely . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users