Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with airtostrong and browser have feed.snapdo infection.


  • This topic is locked This topic is locked
18 replies to this topic

#1 amnewone

amnewone

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 26 May 2016 - 11:48 PM

Attached File  Addition.txt   59.6KB   7 downloads

Hi

 

my system is infected with airtostrong infection.

also my browsers contains feed.snapdo infection.

 

I have used MBAM to scan the computer. it cleans it for sometime but these infection re occure off and on.

 

 

here is the FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
Ran by sara.asif (administrator) on HO-IT01 (27-05-2016 09:37:30)
Running from D:\bleeping
Loaded Profiles: sara.asif (Available Profiles: ska & Administrator & Ayesha.Anwar & Madeeha.Saeed & Muhammad.Azam & sara.asif & Maryam.Zafar & Mohsin.Zubair & Administrator & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\wamp\bin\apache\Apache2.4.4\bin\httpd.exe
(Apache Software Foundation) C:\wamp\bin\apache\Apache2.4.4\bin\httpd.exe
() C:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\sara.asif\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\sara.asif\AppData\Local\FluxSoftware\Flux\flux.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Dropbox, Inc.) C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\Dropbox.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Temp\8E97F267-8E73-4E44-BDE7-71E858696DE7\DismHost.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-05-26] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Run: [Dropbox Update] => C:\Users\sara.asif\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Run: [f.lux] => C:\Users\sara.asif\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-05-26]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2016-05-26]
ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\sara.asif\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2014-04-17]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2016-05-26]
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 All the Editions ISO Direct Download Links !.lnk [2015-04-22]
ShortcutTarget: Windows 7 All the Editions ISO Direct Download Links !.lnk -> C:\ProgramData\{7bac3b37-15ba-7819-7bac-c3b3715becdc}\Windows 7 All the Editions ISO Direct Download Links !.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{26C439BF-7C6E-4217-9991-50215B641323}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7F2AA801-3661-4D2A-ACBE-29A617545623}: [NameServer] 10.0.1.95,8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130934189143142443&GUID=FB0E630D-2709-4AED-BF72-7107A849A6D8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-10-28] (FreeDownloadManager.ORG)
DPF: HKLM-x32 {5554DCB0-700B-498D-9B58-4E40E5814405} hxxp://10.0.1.6/demo/Reserved.ReportViewerWebControl.axd?Culture=1033&CultureOverrides=True&UICulture=1033&UICultureOverrides=True&ReportStack=1&ControlID=57b7ac3d4c8442688e863d304f1976b8&Mode=true&OpType=PrintCab&Arch=X86
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\sara.asif\AppData\Roaming\Mozilla\Firefox\Profiles\4dashwsr.default-1463558220835
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1102\npxbdcntb.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager extension - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2016-04-01]
 
Chrome: 
=======
CHR Profile: C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (No Name) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce [2014-09-17]
CHR Extension: (Google Slides) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Gmail) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-17]
CHR Profile: C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2016-05-17]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac [2015-01-28]
CHR Extension: (Docs) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (__MSG_appName__) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-29]
CHR Extension: (YouTube) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (__MSG_appName__) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Farm Frenzy 2) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcfpkddmnpgkibhaebjicfmgmmbdjmap [2015-02-09]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchjcpaccnemnmhnnmkcpapjieaknljk [2016-03-31]
CHR Extension: (__MSG_appName__) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-25]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Little Alchemy) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-02-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-04]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Quick Note) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2015-04-10] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2015-04-20] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21]
CHR HKU\S-1-5-21-848746688-1814740212-1687354804-2642\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-07] (ABBYY (BIT Software))
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 MSSQL$MSSQLSERVERR2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\sqlservr.exe [61916000 2011-04-24] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7442493 2000-08-06] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S4 SQLAgent$MSSQLSERVERR2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-24] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe [303170 2000-08-06] (Microsoft Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [File not signed]
R2 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45304 2016-04-19] (电脑管家)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S1 eiktpzvt; \??\C:\Windows\system32\drivers\eiktpzvt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-27 09:36 - 2016-05-27 09:37 - 00000000 ____D C:\FRST
2016-05-26 16:09 - 2016-05-26 17:13 - 00183222 _____ C:\Windows\ntbtlog.txt
2016-05-26 10:58 - 2016-05-26 10:59 - 03072609 _____ () C:\Program Files\Common Files\zpdbpcju.exe
2016-05-25 16:24 - 2016-05-25 16:25 - 00203501 _____ C:\Users\sara.asif\Desktop\18446.xps
2016-05-24 10:59 - 2016-05-24 10:59 - 03072609 _____ () C:\Program Files\Common Files\ymn2s2c4.exe
2016-05-23 09:42 - 2016-05-23 09:42 - 03066514 _____ () C:\Program Files\Common Files\e0j1mkts.exe
2016-05-20 10:59 - 2016-05-20 10:59 - 03066514 _____ () C:\Program Files\Common Files\2pga4j43.exe
2016-05-19 11:55 - 2016-05-19 11:55 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-05-19 11:55 - 2016-05-19 11:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-05-19 11:01 - 2016-05-19 11:01 - 03030746 _____ () C:\Program Files\Common Files\qwtdjyki.exe
2016-05-18 17:53 - 2016-05-26 16:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-18 17:53 - 2016-05-18 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-18 17:52 - 2016-05-26 17:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-18 17:52 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-18 17:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-18 17:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-18 15:32 - 2016-05-18 15:33 - 14324408 _____ (Microsoft Corporation) C:\Users\sara.asif\Downloads\mseinstall.exe
2016-05-18 12:45 - 2016-05-26 15:21 - 00002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-18 12:45 - 2016-05-26 15:21 - 00002249 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-17 12:06 - 2016-05-17 12:06 - 00000000 ____D C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-17 11:08 - 2016-05-17 11:08 - 00144968 _____ C:\Users\Administrator.HO-IT01\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-17 11:08 - 2016-05-17 11:08 - 00000000 ____D C:\Users\Administrator.HO-IT01\AppData\Local\Adobe
2016-05-17 11:07 - 2016-05-17 11:09 - 00000000 ____D C:\Users\Administrator.HO-IT01\AppData\Roaming\Adobe
2016-05-17 11:07 - 2016-05-17 11:07 - 00002251 _____ C:\Users\Administrator.HO-IT01\Desktop\Google Chrome.lnk
2016-05-17 11:07 - 2016-05-17 11:07 - 00001409 _____ C:\Users\Administrator.HO-IT01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-17 11:07 - 2016-05-17 11:07 - 00000000 ____D C:\Users\Administrator.HO-IT01\AppData\Roaming\Mozilla
2016-05-17 11:07 - 2016-05-17 11:07 - 00000000 ____D C:\Users\Administrator.HO-IT01\AppData\Local\Google
2016-05-17 11:06 - 2016-05-17 11:07 - 00000000 ____D C:\Users\Administrator.HO-IT01
2016-05-17 11:06 - 2016-05-17 11:06 - 00000020 ___SH C:\Users\Administrator.HO-IT01\ntuser.ini
2016-05-17 11:06 - 2016-05-17 11:06 - 00000000 _SHDL C:\Users\Administrator.HO-IT01\My Documents
2016-05-17 11:06 - 2016-05-17 11:06 - 00000000 _SHDL C:\Users\Administrator.HO-IT01\Documents\My Videos
2016-05-17 11:06 - 2016-05-17 11:06 - 00000000 _SHDL C:\Users\Administrator.HO-IT01\Documents\My Pictures
2016-05-17 11:06 - 2016-05-17 11:06 - 00000000 _SHDL C:\Users\Administrator.HO-IT01\Documents\My Music
2016-05-17 11:06 - 2016-04-25 09:23 - 00001151 _____ C:\Users\Administrator.HO-IT01\Desktop\Google Search.lnk
2016-05-17 11:06 - 2014-04-18 18:41 - 00000000 ____D C:\Users\Administrator.HO-IT01\Documents\Visual Studio 2010
2016-05-17 11:06 - 2013-09-23 12:00 - 00000000 ____D C:\Users\Administrator.HO-IT01\AppData\Roaming\Macromedia
2016-05-17 11:06 - 2013-09-20 15:09 - 00000000 ____D C:\Users\Administrator.HO-IT01\AppData\Local\Microsoft Help
2016-05-17 11:06 - 2009-07-14 12:45 - 00000000 ____D C:\Users\Administrator.HO-IT01\AppData\Roaming\Media Center Programs
2016-05-17 10:35 - 2016-05-17 10:35 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Local\GWX
2016-05-17 10:33 - 2016-05-17 10:33 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Roaming\Foxit Software
2016-05-17 10:05 - 2016-05-17 10:05 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Roaming\Mozilla
2016-05-16 15:57 - 2016-05-16 15:57 - 00000000 ____D C:\Users\mohsin.zubair\Tracing
2016-05-16 15:56 - 2016-05-24 11:19 - 00002267 _____ C:\Users\mohsin.zubair\Desktop\Google Chrome.lnk
2016-05-16 15:56 - 2016-05-24 11:19 - 00001401 _____ C:\Users\mohsin.zubair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-16 15:56 - 2016-05-16 16:54 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Local\Google
2016-05-16 15:56 - 2016-05-16 15:58 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Roaming\Adobe
2016-05-16 15:56 - 2016-05-16 15:57 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Local\Adobe
2016-05-16 15:56 - 2016-05-16 15:56 - 00144968 _____ C:\Users\mohsin.zubair\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-16 15:56 - 2016-05-16 15:56 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Local\VirtualStore
2016-05-16 12:10 - 2016-05-16 15:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-09 12:13 - 2016-03-02 15:39 - 00016376 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\TVMonitor.sys
2016-05-04 12:41 - 2016-05-16 15:42 - 00000000 ____D C:\Users\sara.asif\AppData\Roaming\Baidu
2016-05-04 12:41 - 2016-05-04 12:57 - 00000000 ____D C:\Users\sara.asif\AppData\LocalLow\Baidu
2016-05-04 11:55 - 2016-05-04 11:55 - 00000000 ____D C:\Users\administrator\AppData\Local\IsolatedStorage
2016-05-04 11:54 - 2016-05-04 12:28 - 00000000 ____D C:\Users\administrator\Documents\SQL Server Management Studio
2016-05-04 11:54 - 2016-05-04 11:55 - 00000000 ____D C:\Users\administrator\AppData\Local\Red Gate
2016-05-04 11:54 - 2016-05-04 11:54 - 00000000 ____D C:\Users\administrator\Documents\Visual Studio 2005
2016-05-04 11:50 - 2016-05-04 11:50 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Tencent
2016-05-04 11:49 - 2016-05-04 11:50 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Baidu
2016-05-04 11:49 - 2016-05-04 11:49 - 00000000 ____D C:\Users\administrator\AppData\LocalLow\Baidu
2016-05-04 11:49 - 2016-05-04 11:49 - 00000000 ____D C:\ProgramData\Baidu
2016-05-04 11:49 - 2016-05-04 11:49 - 00000000 ____D C:\Program Files\Common Files\Baidu
2016-05-04 11:36 - 2016-05-04 11:52 - 00000000 ____D C:\Users\administrator\Tracing
2016-05-04 11:35 - 2016-05-24 11:19 - 00001401 _____ C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-04 11:35 - 2016-05-04 11:39 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Adobe
2016-05-04 11:35 - 2016-05-04 11:37 - 00000000 ____D C:\Users\administrator\AppData\Local\Adobe
2016-05-04 11:35 - 2016-05-04 11:35 - 00144968 _____ C:\Users\administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-04 11:34 - 2016-05-24 11:19 - 00002267 _____ C:\Users\administrator\Desktop\Google Chrome.lnk
2016-05-04 11:34 - 2016-05-04 11:34 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Mozilla
2016-05-04 11:34 - 2016-05-04 11:34 - 00000000 ____D C:\Users\administrator\AppData\Local\Google
2016-05-04 11:24 - 2016-05-16 15:57 - 00000000 ____D C:\Users\mohsin.zubair
2016-05-04 11:24 - 2016-05-04 11:24 - 00000020 ___SH C:\Users\mohsin.zubair\ntuser.ini
2016-05-04 11:24 - 2016-05-04 11:24 - 00000000 _SHDL C:\Users\mohsin.zubair\My Documents
2016-05-04 11:24 - 2016-05-04 11:24 - 00000000 _SHDL C:\Users\mohsin.zubair\Documents\My Videos
2016-05-04 11:24 - 2016-05-04 11:24 - 00000000 _SHDL C:\Users\mohsin.zubair\Documents\My Pictures
2016-05-04 11:24 - 2016-05-04 11:24 - 00000000 _SHDL C:\Users\mohsin.zubair\Documents\My Music
2016-05-04 11:24 - 2016-04-25 09:23 - 00001151 _____ C:\Users\mohsin.zubair\Desktop\Google Search.lnk
2016-05-04 11:24 - 2014-04-18 18:41 - 00000000 ____D C:\Users\mohsin.zubair\Documents\Visual Studio 2010
2016-05-04 11:24 - 2013-09-23 12:00 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Roaming\Macromedia
2016-05-04 11:24 - 2013-09-20 15:09 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Local\Microsoft Help
2016-05-04 11:24 - 2009-07-14 12:45 - 00000000 ____D C:\Users\mohsin.zubair\AppData\Roaming\Media Center Programs
2016-05-04 11:00 - 2016-05-04 11:00 - 00000000 ____D C:\Users\ayesha.anwar\AppData\Roaming\Mozilla
2016-05-04 10:59 - 2016-05-04 10:59 - 02876652 _____ () C:\Program Files\Common Files\c5fehqqe.exe
2016-05-04 10:58 - 2016-05-04 12:00 - 00000000 ____D C:\Users\administrator\Documents\Visual Studio 2010
2016-05-04 10:58 - 2016-05-04 11:36 - 00000000 ____D C:\Users\administrator
2016-05-04 10:58 - 2016-05-04 10:58 - 00000020 ___SH C:\Users\administrator\ntuser.ini
2016-05-04 10:58 - 2016-05-04 10:58 - 00000000 _SHDL C:\Users\administrator\My Documents
2016-05-04 10:58 - 2016-05-04 10:58 - 00000000 _SHDL C:\Users\administrator\Documents\My Videos
2016-05-04 10:58 - 2016-05-04 10:58 - 00000000 _SHDL C:\Users\administrator\Documents\My Pictures
2016-05-04 10:58 - 2016-05-04 10:58 - 00000000 _SHDL C:\Users\administrator\Documents\My Music
2016-05-04 10:58 - 2016-04-25 09:23 - 00001151 _____ C:\Users\administrator\Desktop\Google Search.lnk
2016-05-04 10:58 - 2013-09-23 12:00 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Macromedia
2016-05-04 10:58 - 2013-09-20 15:09 - 00000000 ____D C:\Users\administrator\AppData\Local\Microsoft Help
2016-05-04 10:58 - 2009-07-14 12:45 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Media Center Programs
2016-04-29 10:58 - 2016-04-29 10:58 - 02876652 _____ () C:\Program Files\Common Files\xzjdthfc.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-27 09:37 - 2015-06-15 10:20 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-848746688-1814740212-1687354804-2642UA.job
2016-05-27 09:37 - 2013-09-24 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 09:37 - 2009-07-14 09:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 09:37 - 2009-07-14 09:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 09:28 - 2016-01-04 15:47 - 00000000 ___RD C:\Users\sara.asif\Google Drive
2016-05-27 09:28 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-05-27 09:26 - 2013-09-25 09:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-27 09:26 - 2013-09-23 15:24 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2016-05-27 09:25 - 2009-07-14 10:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-26 17:57 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-26 17:51 - 2013-09-25 09:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-26 15:47 - 2014-10-17 11:25 - 00000000 ____D C:\Users\sara.asif\AppData\Local\Clipboarder
2016-05-26 15:21 - 2016-04-25 09:23 - 00001151 _____ C:\Users\Public\Desktop\Google Search.lnk
2016-05-26 15:21 - 2016-04-20 16:18 - 00002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2016-05-26 15:21 - 2016-04-20 15:54 - 00001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-05-26 15:21 - 2016-04-20 15:54 - 00001203 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-05-26 15:21 - 2016-02-15 16:59 - 00002493 _____ C:\Users\Public\Desktop\Express Profiler.lnk
2016-05-26 15:21 - 2016-01-12 11:55 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-26 15:21 - 2015-12-11 11:38 - 00000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-26 15:21 - 2015-11-04 15:33 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-26 15:21 - 2015-10-28 12:46 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-05-26 15:21 - 2015-04-21 10:47 - 00001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-05-26 15:21 - 2014-04-21 14:40 - 00001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2016-05-26 15:21 - 2014-04-18 10:18 - 00002047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2016-05-26 15:21 - 2014-01-30 11:40 - 00002599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Resizer.lnk
2016-05-26 15:21 - 2013-09-24 15:08 - 00000987 _____ C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-26 15:21 - 2013-09-23 16:48 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-26 15:21 - 2013-09-23 12:48 - 00001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
2016-05-26 15:21 - 2013-09-23 12:47 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-05-26 15:21 - 2013-09-23 12:47 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-05-26 15:21 - 2013-09-23 12:46 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-05-26 15:21 - 2013-09-23 12:46 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-05-26 15:21 - 2013-09-23 12:24 - 00002053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS.lnk
2016-05-26 15:21 - 2013-09-23 12:24 - 00002046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
2016-05-26 15:21 - 2013-09-23 12:04 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CS5.lnk
2016-05-26 15:21 - 2013-09-23 12:03 - 00001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-05-26 15:21 - 2013-09-23 12:03 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2016-05-26 15:21 - 2013-09-23 12:03 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
2016-05-26 15:21 - 2013-09-23 12:00 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-05-26 15:21 - 2013-09-23 12:00 - 00001493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
2016-05-26 15:21 - 2013-09-23 12:00 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-05-26 15:21 - 2013-09-23 10:11 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
2016-05-26 15:21 - 2013-09-19 23:31 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-26 15:21 - 2013-09-19 23:31 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-26 15:21 - 2013-09-19 12:15 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-05-26 15:21 - 2009-07-14 09:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-26 15:21 - 2009-07-14 09:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-26 15:21 - 2009-07-14 09:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-26 15:21 - 2009-07-14 09:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-26 15:20 - 2016-04-25 09:23 - 00001151 _____ C:\Users\sara.asif\Desktop\Google Search.lnk
2016-05-26 15:20 - 2016-04-19 12:39 - 00001029 _____ C:\Users\sara.asif\Desktop\Continue installation .lnk
2016-05-26 15:20 - 2015-04-21 18:07 - 00000797 _____ C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-05-26 15:20 - 2014-05-26 12:51 - 00001428 _____ C:\Users\sara.asif\Desktop\host366.hostmonster.com Secure WebDisk.lnk
2016-05-26 15:20 - 2009-07-14 10:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-26 15:20 - 2009-07-14 09:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-26 11:37 - 2015-06-15 10:20 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-848746688-1814740212-1687354804-2642Core.job
2016-05-26 09:45 - 2013-09-23 15:57 - 00000000 ____D C:\Users\sara.asif\AppData\Local\Adobe
2016-05-26 09:43 - 2016-04-20 15:55 - 00000000 ___RD C:\Users\sara.asif\Creative Cloud Files
2016-05-26 09:43 - 2015-10-27 11:59 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-25 16:21 - 2013-09-23 12:14 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-24 13:35 - 2014-04-18 09:43 - 00000000 ____D C:\Users\sara.asif\Documents\Visual Studio 2010
2016-05-24 12:03 - 2013-10-02 16:33 - 00000000 ____D C:\Users\sara.asif\Documents\SQL Server Management Studio
2016-05-24 11:19 - 2016-01-27 11:11 - 00002267 _____ C:\Users\ayesha.anwar\Desktop\Google Chrome.lnk
2016-05-24 11:19 - 2016-01-27 11:11 - 00001401 _____ C:\Users\ayesha.anwar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 11:19 - 2015-05-08 18:26 - 00001401 _____ C:\Users\madeeha.saeed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 11:19 - 2014-11-26 12:28 - 00001401 _____ C:\Users\maryam.zafar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 11:19 - 2014-02-13 09:17 - 00001401 _____ C:\Users\Muhammad.Azam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 11:19 - 2013-09-19 23:45 - 00001431 _____ C:\Users\ska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 11:15 - 2013-09-23 16:04 - 00002336 ____H C:\Users\sara.asif\Documents\Default.rdp
2016-05-23 11:30 - 2009-07-14 12:46 - 00000000 ____D C:\Windows\CSC
2016-05-19 11:56 - 2016-01-04 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-19 11:46 - 2013-09-25 09:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-19 11:46 - 2013-09-25 09:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-19 11:41 - 2013-09-23 15:26 - 00003560 __RSH C:\ProgramData\ntuser.pol
2016-05-19 11:39 - 2016-04-19 13:05 - 00000000 ____D C:\Program Files\BitTorrent
2016-05-19 11:39 - 2013-09-20 00:28 - 00000000 ____D C:\Windows\Panther
2016-05-18 15:38 - 2013-09-19 12:35 - 00002198 _____ C:\Windows\epplauncher.mif
2016-05-18 12:57 - 2016-04-20 10:54 - 00000000 ____D C:\Users\sara.asif\Desktop\Old Firefox Data
2016-05-18 12:45 - 2013-09-25 09:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-18 12:44 - 2013-09-25 09:22 - 00987728 _____ (Google Inc.) C:\Users\sara.asif\Downloads\ChromeSetup.exe
2016-05-17 12:06 - 2013-10-08 10:23 - 00000000 ____D C:\Users\sara.asif\AppData\Roaming\Dropbox
2016-05-17 11:59 - 2015-12-03 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-05-17 11:59 - 2015-10-21 16:17 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-05-17 11:59 - 2013-09-23 12:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-17 11:26 - 2015-11-03 11:14 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-05-16 17:07 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\registration
2016-05-16 16:26 - 2009-07-14 08:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-16 16:01 - 2013-10-09 16:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Office Communicator
2016-05-16 15:42 - 2013-09-23 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-16 12:37 - 2013-09-24 15:34 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-16 12:37 - 2013-09-24 15:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-16 12:37 - 2013-09-24 15:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-16 11:13 - 2015-05-14 10:26 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-09 12:14 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\inf
2016-05-04 10:58 - 2016-01-27 11:11 - 00000000 ____D C:\Users\ayesha.anwar\AppData\Roaming\Adobe
2016-05-04 10:57 - 2016-01-27 11:12 - 00000000 ____D C:\Users\ayesha.anwar\Tracing
2016-05-04 10:57 - 2016-01-27 11:11 - 00144968 _____ C:\Users\ayesha.anwar\AppData\Local\GDIPFONTCACHEV1.DAT
 
==================== Files in the root of some directories =======
 
2005-03-28 14:02 - 2005-03-28 14:02 - 0013925 _____ () C:\Program Files\license.txt
2005-05-03 21:27 - 2005-05-03 21:27 - 0166001 _____ () C:\Program Files\ReadmeSql2k32sp4.htm
2005-03-28 14:02 - 2005-03-28 14:02 - 0029119 _____ () C:\Program Files\redist.txt
2002-10-20 15:21 - 2002-10-20 15:21 - 0000045 _____ () C:\Program Files\setup.bat
2005-05-03 21:27 - 2005-05-03 21:27 - 0000403 _____ () C:\Program Files\smssql2ksp4.pdf
2014-10-17 11:26 - 2008-04-13 19:12 - 0102912 _____ (Microsoft Corporation) C:\Program Files (x86)\clipbrd.exe
2005-03-28 14:02 - 2005-03-28 14:02 - 0013925 _____ () C:\Program Files (x86)\license.txt
2005-05-03 21:27 - 2005-05-03 21:27 - 0166001 _____ () C:\Program Files (x86)\ReadmeSql2k32sp4.htm
2005-03-28 14:02 - 2005-03-28 14:02 - 0029119 _____ () C:\Program Files (x86)\redist.txt
2002-10-20 15:21 - 2002-10-20 15:21 - 0000045 _____ () C:\Program Files (x86)\setup.bat
2005-05-03 21:27 - 2005-05-03 21:27 - 0000403 _____ () C:\Program Files (x86)\smssql2ksp4.pdf
2016-05-20 10:59 - 2016-05-20 10:59 - 3066514 _____ () C:\Program Files\Common Files\2pga4j43.exe
2016-05-04 10:59 - 2016-05-04 10:59 - 2876652 _____ () C:\Program Files\Common Files\c5fehqqe.exe
2016-05-23 09:42 - 2016-05-23 09:42 - 3066514 _____ () C:\Program Files\Common Files\e0j1mkts.exe
2016-05-19 11:01 - 2016-05-19 11:01 - 3030746 _____ () C:\Program Files\Common Files\qwtdjyki.exe
2016-04-29 10:58 - 2016-04-29 10:58 - 2876652 _____ () C:\Program Files\Common Files\xzjdthfc.exe
2016-05-24 10:59 - 2016-05-24 10:59 - 3072609 _____ () C:\Program Files\Common Files\ymn2s2c4.exe
2016-05-26 10:58 - 2016-05-26 10:59 - 3072609 _____ () C:\Program Files\Common Files\zpdbpcju.exe
2014-10-21 13:00 - 2014-10-21 13:03 - 0000132 _____ () C:\Users\sara.asif\AppData\Roaming\Adobe GIF Format CC Prefs
2014-08-25 10:46 - 2014-08-25 11:02 - 0000132 _____ () C:\Users\sara.asif\AppData\Roaming\Adobe IllExport Filter CC Prefs
2013-09-25 16:03 - 2015-09-18 15:35 - 0000132 _____ () C:\Users\sara.asif\AppData\Roaming\Adobe PNG Format CC Prefs
2014-11-26 10:33 - 2014-11-26 10:33 - 0000033 _____ () C:\Users\sara.asif\AppData\Roaming\AdobeWLCMCache.dat
2016-04-19 12:43 - 2016-04-19 12:43 - 6494208 _____ () C:\Users\sara.asif\AppData\Roaming\agent.dat
2015-07-06 12:33 - 2015-07-06 12:40 - 0022273 _____ () C:\Users\sara.asif\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-04-14 21:28 - 2015-04-14 21:28 - 0004387 _____ () C:\Users\sara.asif\AppData\Roaming\EYMZIRadC7u0xhPym0sJFkTHkpr
2016-04-19 13:28 - 2016-04-19 13:28 - 0005120 _____ () C:\Users\sara.asif\AppData\Roaming\GiftBag.db
2016-04-19 12:40 - 2016-04-19 12:40 - 0127488 _____ () C:\Users\sara.asif\AppData\Roaming\Installer.dat
2016-04-19 12:43 - 2016-04-19 12:43 - 0018432 _____ () C:\Users\sara.asif\AppData\Roaming\Main.dat
2015-04-19 17:20 - 2015-04-19 17:20 - 0005872 _____ () C:\Users\sara.asif\AppData\Roaming\uQ7R9xNurZDjYzqeYyDnY9Tx
2014-08-26 12:15 - 2014-08-26 12:23 - 0017094 _____ () C:\Users\sara.asif\AppData\Roaming\UserTile.png
2013-12-11 16:30 - 2013-12-11 16:30 - 0001456 _____ () C:\Users\sara.asif\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-16 16:58 - 2014-10-16 16:58 - 2269251 _____ () C:\Users\sara.asif\AppData\Local\debuggee.mdmp
2014-02-27 11:40 - 2015-01-30 12:49 - 0007605 _____ () C:\Users\sara.asif\AppData\Local\resmon.resmoncfg
2015-04-23 11:18 - 2015-04-23 11:18 - 0011806 _____ () C:\Users\sara.asif\AppData\Local\Temp-log.txt
2013-10-04 15:28 - 2014-02-14 16:31 - 0000734 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\BDWebAdapterZip.dll
C:\Users\administrator\AppData\Local\Temp\QQPCDownload71691.exe
C:\Users\Administrator.HO-IT01\AppData\Local\Temp\56a190le_1202000526.exe
C:\Users\mohsin.zubair\AppData\Local\Temp\56a190le_1202000526.exe
C:\Users\sara.asif\AppData\Local\Temp\BDWebAdapterZip.dll
C:\Users\sara.asif\AppData\Local\Temp\QQPCDownload71650.exe
C:\Users\sara.asif\AppData\Local\Temp\Quarantine.exe
C:\Users\sara.asif\AppData\Local\Temp\sqlite3.dll
C:\Users\ska\AppData\Local\Temp\InstallAX.exe
C:\Users\ska\AppData\Local\Temp\InstallPlugin.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-18 13:27
 
==================== End of FRST.txt ============================
 
 
 
and other file is attached. 

Attached Files


Edited by amnewone, 27 May 2016 - 01:24 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 27 May 2016 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Run: [AdobeBridge] => [X]
Startup: C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 All the Editions ISO Direct Download Links !.lnk [2015-04-22]
ShortcutTarget: Windows 7 All the Editions ISO Direct Download Links !.lnk -> C:\ProgramData\{7bac3b37-15ba-7819-7bac-c3b3715becdc}\Windows 7 All the Editions ISO Direct Download Links !.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1102\npxbdcntb.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2016-05-17]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac [2015-01-28]
CHR Extension: (Docs) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (__MSG_appName__) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchjcpaccnemnmhnnmkcpapjieaknljk [2016-03-31]
CHR Extension: (Little Alchemy) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-02-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Quick Note) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2015-04-10] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2015-04-20] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S1 eiktpzvt; \??\C:\Windows\system32\drivers\eiktpzvt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {C822B018-AEEA-4E89-99AF-D6291CFA9FFB} - System32\Tasks\ifhlchb4 => C:\Program Files\Common Files\dmvboqr0\97ce53caabfvk.exe [2016-04-14] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:F4CA4D70 
C:\Program Files\Common Files\dmvboqr0
C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 All the Editions ISO Direct Download Links !.lnk
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Please post the log and let me know if the problem persists.

#3 amnewone

amnewone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 30 May 2016 - 01:10 AM

hi

 

thanks nasdaq for replying to the post

 

here is the fix log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-05-2016 01

Ran by sara.asif (2016-05-30 10:16:00) Run:1
Running from D:\bleeping
Loaded Profiles: sara.asif (Available Profiles: ska & Administrator & Ayesha.Anwar & Madeeha.Saeed & Muhammad.Azam & sara.asif & Maryam.Zafar & Mohsin.Zubair & Administrator & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Run: [AdobeBridge] => [X]
Startup: C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 All the Editions ISO Direct Download Links !.lnk [2015-04-22]
ShortcutTarget: Windows 7 All the Editions ISO Direct Download Links !.lnk -> C:\ProgramData\{7bac3b37-15ba-7819-7bac-c3b3715becdc}\Windows 7 All the Editions ISO Direct Download Links !.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1102\npxbdcntb.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2016-05-17]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac [2015-01-28]
CHR Extension: (Docs) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (__MSG_appName__) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchjcpaccnemnmhnnmkcpapjieaknljk [2016-03-31]
CHR Extension: (Little Alchemy) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-02-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Quick Note) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2015-04-10] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2015-04-20] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S1 eiktpzvt; \??\C:\Windows\system32\drivers\eiktpzvt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {C822B018-AEEA-4E89-99AF-D6291CFA9FFB} - System32\Tasks\ifhlchb4 => C:\Program Files\Common Files\dmvboqr0\97ce53caabfvk.exe [2016-04-14] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:F4CA4D70 
C:\Program Files\Common Files\dmvboqr0
C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 All the Editions ISO Direct Download Links !.lnk
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 All the Editions ISO Direct Download Links !.lnk => moved successfully
C:\ProgramData\{7bac3b37-15ba-7819-7bac-c3b3715becdc}\Windows 7 All the Editions ISO Direct Download Links !.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/npxbdcntb" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp => moved successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac => moved successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchjcpaccnemnmhnnmkcpapjieaknljk => moved successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found
easytether => service removed successfully
eiktpzvt => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C822B018-AEEA-4E89-99AF-D6291CFA9FFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C822B018-AEEA-4E89-99AF-D6291CFA9FFB}" => key removed successfully
C:\Windows\System32\Tasks\ifhlchb4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ifhlchb4" => key removed successfully
"C:\ProgramData\TEMP" => "AlternateDataStreams: C:\ProgramData\TEMP:F4CA4D70" ADS not found.
C:\Program Files\Common Files\dmvboqr0 => moved successfully
"C:\Users\sara.asif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 All the Editions ISO Direct Download Links !.lnk" => not found.
"C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp" => not found.
"C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac" => not found.
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake => moved successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd => moved successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja => moved successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok => moved successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk => moved successfully
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
EmptyTemp: => 1.7 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:23:12 ====
 
 
 
i am also attaching the pre fixing FRST log 

Attached Files

  • Attached File  FRST.txt   83.71KB   1 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 30 May 2016 - 08:05 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\ProgramData\Airtostrong\Airtostrong.exe
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Run: [AdobeBridge] => [X]
AppInit_DLLs: C:\ProgramData\Airtostrong\K-fan.dll => C:\ProgramData\Airtostrong\K-fan.dll [363008 2016-05-27] ()
AppInit_DLLs-x32: C:\ProgramData\Airtostrong\Domdex.dll => C:\ProgramData\Airtostrong\Domdex.dll [257536 2016-05-27] ()
ShortcutTarget: Windows 7 All the Editions ISO Direct Download Links !.lnk -> C:\ProgramData\{7bac3b37-15ba-7819-7bac-c3b3715becdc}\Windows 7 All the Editions ISO Direct Download Links !.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpSqx4r8Ka14iWIFCBXEFSJlL8W8xRhXVZU8tDF7evGgzrlGbvERuROQY3Dlnatl4A0NpdAhI2T_NUt7Dk3Sxs2Ov_sJ4MI,
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-848746688-1814740212-1687354804-2642 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-848746688-1814740212-1687354804-2642 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1102\npxbdcntb.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2016-05-17]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac [2015-01-28]
CHR Extension: (Docs) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (__MSG_appName__) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchjcpaccnemnmhnnmkcpapjieaknljk [2016-03-31]
CHR Extension: (Little Alchemy) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-02-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Quick Note) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2015-04-10] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2015-04-20] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [692736 2016-05-26] () [File not signed]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S1 eiktpzvt; \??\C:\Windows\system32\drivers\eiktpzvt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\Airtostrong\Airtostrong.exe
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#5 amnewone

amnewone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 31 May 2016 - 01:09 AM

here is the fix log now

 

and adwcleaner is not working. the error comes saying adwcleaner's database cannot load. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by sara.asif (2016-05-31 10:32:27) Run:2
Running from D:\bleeping
Loaded Profiles: sara.asif (Available Profiles: ska & Administrator & Ayesha.Anwar & Madeeha.Saeed & Muhammad.Azam & sara.asif & Maryam.Zafar & Mohsin.Zubair & Administrator & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\ProgramData\Airtostrong\Airtostrong.exe
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\...\Run: [AdobeBridge] => [X]
AppInit_DLLs: C:\ProgramData\Airtostrong\K-fan.dll => C:\ProgramData\Airtostrong\K-fan.dll [363008 2016-05-27] ()
AppInit_DLLs-x32: C:\ProgramData\Airtostrong\Domdex.dll => C:\ProgramData\Airtostrong\Domdex.dll [257536 2016-05-27] ()
ShortcutTarget: Windows 7 All the Editions ISO Direct Download Links !.lnk -> C:\ProgramData\{7bac3b37-15ba-7819-7bac-c3b3715becdc}\Windows 7 All the Editions ISO Direct Download Links !.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpSqx4r8Ka14iWIFCBXEFSJlL8W8xRhXVZU8tDF7evGgzrlGbvERuROQY3Dlnatl4A0NpdAhI2T_NUt7Dk3Sxs2Ov_sJ4MI,
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-848746688-1814740212-1687354804-2642 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-848746688-1814740212-1687354804-2642 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vHadSmlYo8uylvBNz1Rv1INOKDUKm0zrRHvOubrt7CJo5usjK6ryLynyWGXrqRYZ9HfuN6UOs2ylpiLhHD9HTvrgBwi_8qLQrUxL-8Dm_ne2A9oMdN1-5YBRCDWlhu5tFDbKuXut_1PGee9GiR0a7kT7kTYomWixsXzRZkSI2g,&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1102\npxbdcntb.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2016-05-17]
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac [2015-01-28]
CHR Extension: (Docs) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (__MSG_appName__) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchjcpaccnemnmhnnmkcpapjieaknljk [2016-03-31]
CHR Extension: (Little Alchemy) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-02-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-01-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Quick Note) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2015-04-10] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Web Store) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2015-04-20] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [692736 2016-05-26] () [File not signed]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S1 eiktpzvt; \??\C:\Windows\system32\drivers\eiktpzvt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\Airtostrong\Airtostrong.exe
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Airtostrong\Airtostrong.exe => No running process found
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
"C:\ProgramData\Airtostrong\K-fan.dll" => Value data not found.
"C:\ProgramData\Airtostrong\Domdex.dll" => Value data not found.
C:\ProgramData\{7bac3b37-15ba-7819-7bac-c3b3715becdc}\Windows 7 All the Editions ISO Direct Download Links !.exe => not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key not found. 
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-848746688-1814740212-1687354804-2642\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key not found. 
HKCR\CLSID\{ielnksrch} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/npxbdcntb => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml" => not found.
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajedaeoideoipodoijpbpabhhadnniac => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchjcpaccnemnmhnnmkcpapjieaknljk => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk <==== ATTENTION => not found
C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found
Airtostrong => service not found.
easytether => service not found.
eiktpzvt => service not found.
Synth3dVsc => service not found.
tsusbhub => service not found.
VGPU => service not found.
"C:\ProgramData\Airtostrong\Airtostrong.exe" => not found.
"C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp" => not found.
"C:\Users\sara.asif\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 275.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:34:14 ====
 
 
 
the infection also temporarily disconnects me from internet and the network. and remote access to my system is also blocked. 


#6 amnewone

amnewone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 31 May 2016 - 02:11 AM

also my firewall is disabled and cannot enable it. 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 31 May 2016 - 08:33 AM

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#8 amnewone

amnewone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 31 May 2016 - 11:54 PM

here is the fss.txt text
 
Farbar Service Scanner Version: 27-01-2016
Ran by sara.asif (administrator) on 01-06-2016 at 09:53:32
Running from "C:\Users\sara.asif\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.
 
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 01 June 2016 - 08:56 AM

Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    06 - Repair Windows Firewall
    07 - Repair Internet Explorer
    08 - Repair MDAC/MS Jet
    09 - Repair HOSTS File
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    Please run the Farbar Service Scanner one more time and post the log for my review.

    Let me know what problem persists.


#10 amnewone

amnewone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 02 June 2016 - 07:32 AM

Hi

 

Today i didn't get time to do these instructions. I'll do it either tomorrow or on Monday. will get back to you with the required log.

 

 

lots of thanks for all the help. 



#11 amnewone

amnewone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 03 June 2016 - 05:23 AM

here is the fss.txt log

 

Farbar Service Scanner Version: 27-01-2016
Ran by sara.asif (administrator) on 03-06-2016 at 11:46:35
Running from "D:\bleeping"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
and I am attaching the log files of Tweaking.com repair tool 
also my network and internet connectivity is worsen and still can't access system remotely.

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 03 June 2016 - 06:41 AM

Run the Farbar Service Scanner one more time and post the log for my review.

#13 amnewone

amnewone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 03 June 2016 - 07:03 AM

Farbar Service Scanner Version: 27-01-2016
Ran by sara.asif (administrator) on 03-06-2016 at 17:02:52
Running from "D:\bleeping"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 03 June 2016 - 10:40 AM

All clean.

remote access to my system is also blocked

Control Panel > System and Security > Remove setting on the left.
Set the Remote Assistance if not already marked.

===
How is it now?

#15 amnewone

amnewone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 06 June 2016 - 06:37 AM

that option was already checked. 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users