Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VBS: malware-gen PLEASE HELP


  • This topic is locked This topic is locked
11 replies to this topic

#1 Daanyal

Daanyal

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 22 February 2017 - 12:55 AM

hello everyone, I believe that my computer is infected with the VBS: malware-gen. I ran a boot time scan with avast and it showed many files that were infected and moved to quarantine. Avast also pops up with a notification saying it has blocked a threat whenever I am using google chrome. Please help me as soon as possible. I really appreciate everyone that is taking the time to help out and fix our computers. Please check the HJT log below. Thanks!

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:41:13 PM, on 2/21/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
 
FIREFOX: 47.0.2 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Daanyal Siddiqui\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - A:\Plugins\ArcPluginIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Daanyal Siddiqui\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Daanyal Siddiqui\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Steam] "A:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKCU\..\Run: [Kaspersky Software Updater] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe" ksu autorun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: ACP User Service (amdacpusrsvc) - Advanced Micro Devices - C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - A:\ArcService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: KSU Service (ksu) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MSI_Trigger_Service - MICRO-STAR INTERNATIONAL CO., LTD. - C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\Windows\system32\\spdsvc.exe
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12675 bytes
 


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 22 February 2017 - 11:53 AM

Hello Daanyal and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: Additional.txt
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Daanyal

Daanyal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 22 February 2017 - 10:47 PM

Ok thanks for your quick reply! Here are the frst and additional logs from farbar rescue scan tool

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by Daanyal Siddiqui (administrator) on DESKTOP-AQSASO0 (22-02-2017 19:42:53)
Running from C:\Users\Daanyal Siddiqui\Desktop
Loaded Profiles: Daanyal Siddiqui (Available Profiles: Daanyal Siddiqui & mujee)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
() C:\Windows\SysWOW64\spdsvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Google Inc.) C:\Users\Daanyal Siddiqui\Downloads\ChromeSetup (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7705.42037.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7705.42037.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-09] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\Run: [Spotify Web Helper] => C:\Users\Daanyal Siddiqui\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-24] (Spotify Ltd)
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\Run: [Spotify] => C:\Users\Daanyal Siddiqui\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-24] (Spotify Ltd)
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\Run: [Steam] => "A:\Steam\steam.exe" -silent
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\RunOnce: [Uninstall C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\RunOnce: [Uninstall C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-05-17]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{16d1502b-f7d9-4069-b4f0-66ab1b92af6f}: [DhcpNameServer] 192.168.1.254 75.153.171.122
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> A:\Plugins\ArcPluginIE.dll [2017-01-10] (Perfect World Entertainment Inc)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 4sn0miog.default
FF ProfilePath: C:\Users\Daanyal Siddiqui\AppData\Roaming\Mozilla\Firefox\Profiles\4sn0miog.default [2017-02-22]
FF Extension: (Firefox Hotfix) - C:\Users\Daanyal Siddiqui\AppData\Roaming\Mozilla\Firefox\Profiles\4sn0miog.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> A:\Plugins\npArcPluginFF.dll [2017-01-10] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1843944655-2499827863-2729128396-1001: @nsroblox.roblox.com/launcher -> C:\Users\Daanyal Siddiqui\AppData\Local\Roblox\Versions\version-d31f23e3f760404e\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1843944655-2499827863-2729128396-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Daanyal Siddiqui\AppData\Local\Roblox\Versions\version-d31f23e3f760404e\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1843944655-2499827863-2729128396-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daanyal Siddiqui\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-25] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.instructables.com/id/5-Mini-USB-Fridge!/?ALLSTEPS","hxxps://www.amazon.ca/11mm-Aluminum-Heat-Heatsink-Cooling/dp/B00INWWAGE/ref=sr_1_10?s=electronics&ie=UTF8&qid=1461030803&sr=1-10&keywords=heat+sink","hxxps://www.amazon.ca/Providing-Transfer-50x25x10mm-Cooling-Heatsink/dp/B00H8V5TD2/ref=sr_1_29?ie=UTF8&qid=1461030916&sr=8-29&keywords=heatsink","hxxps://www.amazon.ca/5-Color-Double-Ended-Alligator-Jumper/dp/B00D10KTLQ/ref=pd_rhf_ee_s_cp_9?ie=UTF8&dpID=51uhH7sphwL&dpSrc=sims&preST=_SL500_SR135%2C135_&refRID=1QVDCJ4Y4347R3WJF2PR","hxxps://www.amazon.ca/SODIAL-Thermal-Compound-Silicone-Heatsink/dp/B00JZET774/ref=sr_1_6?s=electronics&ie=UTF8&qid=1460959395&sr=1-6&keywords=thermal+paste","hxxps://www.amazon.ca/SODIAL-Heatsink-Thermoelectric-Cooler-Peltier/dp/B00K67XG5I/ref=sr_1_6?ie=UTF8&qid=1461005108&sr=8-6&keywords=peltier+cooler","hxxp://www.history.com/this-day-in-history/the-battle-of-hastings","hxxp://www.britroyals.com/kings.asp?id=william1","hxxps://answers.yahoo.com/question/index?qid=20130408222759AAEl7HD","hxxps://docs.google.com/document/d/1Qm4Z67eK50qSFLEC8kyAeXfdXPbF3Wi1QFmmRz8yj40/edit"
CHR Profile: C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Extension: (Google Drive) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-29]
CHR Extension: (YouTube) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-29]
CHR Extension: (Adblock Plus) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-10]
CHR Extension: (Google Search) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-29]
CHR Extension: (Avast SafePrice) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-16]
CHR Extension: (AdBlock) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-16]
CHR Extension: (Avast Online Security) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-01]
CHR Extension: (True Key™ by Intel Security) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn [2017-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
CHR Extension: (Gmail) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] ()
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-03-21] (Advanced Micro Devices) [File not signed]
S3 ArcService; A:\ArcService.exe [87064 2017-01-10] (Perfect World Entertainment Inc)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-14] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-09] (AVAST Software)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2677880 2017-02-14] (AnchorFree Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [491328 2015-12-05] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFTrafMgr1.2; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_2_64.sys [57272 2017-02-02] (AnchorFree Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmdag.sys [26568856 2016-10-26] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmpag.sys [536592 2016-10-26] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-09] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-09] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-14] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-03-01] (Anchorfree Inc.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-22 19:42 - 2017-02-22 19:43 - 00022411 _____ C:\Users\Daanyal Siddiqui\Desktop\FRST.txt
2017-02-22 19:41 - 2017-02-22 19:42 - 00042723 _____ C:\Users\Daanyal Siddiqui\Downloads\Addition.txt
2017-02-22 19:41 - 2017-02-22 19:42 - 00040116 _____ C:\Users\Daanyal Siddiqui\Downloads\FRST.txt
2017-02-22 19:41 - 2017-02-22 19:42 - 00000000 ____D C:\FRST
2017-02-22 19:40 - 2017-02-22 19:40 - 02423296 _____ (Farbar) C:\Users\Daanyal Siddiqui\Desktop\FRST64.exe
2017-02-22 18:54 - 2017-02-22 18:54 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-22 18:54 - 2017-02-22 18:54 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-22 18:52 - 2017-02-22 18:52 - 01129376 _____ (Google Inc.) C:\Users\Daanyal Siddiqui\Downloads\ChromeSetup (1).exe
2017-02-21 22:18 - 2017-02-21 22:18 - 05383999 _____ C:\Users\Daanyal Siddiqui\Downloads\Scanned Documents.zip
2017-02-21 22:18 - 2017-02-21 22:18 - 05383999 _____ C:\Users\Daanyal Siddiqui\Downloads\Scanned Documents (1).zip
2017-02-21 21:39 - 2017-02-21 21:39 - 00388608 _____ (Trend Micro Inc.) C:\Users\Daanyal Siddiqui\Downloads\HijackThis.exe
2017-02-21 21:33 - 2017-02-22 19:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-21 21:33 - 2017-02-22 19:37 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-02-21 21:33 - 2017-02-21 21:33 - 00001313 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-02-21 21:33 - 2017-02-21 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-02-21 21:31 - 2017-02-22 19:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-02-21 21:30 - 2017-02-21 21:31 - 02622304 _____ (Kaspersky Lab) C:\Users\Daanyal Siddiqui\Downloads\kss16.0.0.1344en_9702.exe
2017-02-21 21:27 - 2017-02-21 21:28 - 00274048 _____ C:\TDSSKiller.3.1.0.12_21.02.2017_21.27.35_log.txt
2017-02-21 21:27 - 2017-02-21 21:27 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Daanyal Siddiqui\Downloads\tdsskiller.exe
2017-02-21 21:26 - 2017-02-21 21:27 - 05659775 _____ (Swearware) C:\Users\Daanyal Siddiqui\Downloads\ComboFix.exe
2017-02-21 21:04 - 2017-02-21 21:04 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-21 18:33 - 2017-02-21 19:02 - 00000000 ____D C:\Users\TEMP.DESKTOP-AQSASO0.000\AppData\Local\Comms
2017-02-21 18:32 - 2017-02-21 18:32 - 00000000 ____D C:\Users\TEMP.DESKTOP-AQSASO0.000\AppData\Roaming\AVAST Software
2017-02-21 18:31 - 2017-02-22 19:36 - 00000000 ____D C:\Users\TEMP.DESKTOP-AQSASO0.000
2017-02-21 18:30 - 2017-02-21 18:30 - 00000000 ____D C:\Users\TEMP.DESKTOP-AQSASO0\AppData\Roaming\AVAST Software
2017-02-21 18:29 - 2017-02-22 19:36 - 00000000 ____D C:\Users\TEMP.DESKTOP-AQSASO0
2017-02-21 18:28 - 2017-02-21 18:28 - 00000000 ____D C:\Users\mujee\AppData\LocalLow\AMD
2017-02-21 18:20 - 2017-02-21 18:20 - 01711437 _____ C:\Users\mujee\Downloads\shireen.zip
2017-02-21 18:20 - 2017-02-21 18:20 - 00000000 ____D C:\Users\mujee\AppData\Roaming\WinRAR
2017-02-21 18:20 - 2017-02-21 18:20 - 00000000 ____D C:\Users\mujee\AppData\Roaming\Samsung
2017-02-21 18:20 - 2017-02-21 18:20 - 00000000 ____D C:\Users\mujee\AppData\LocalLow\Adobe
2017-02-21 18:20 - 2017-02-21 18:20 - 00000000 ____D C:\Users\mujee\AppData\Local\Adobe
2017-02-21 18:16 - 2017-02-21 18:16 - 00001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-02-21 18:16 - 2017-02-21 18:16 - 00001970 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-21 18:16 - 2017-02-09 12:58 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-21 18:15 - 2017-02-21 18:15 - 00000000 ____D C:\Users\mujee\AppData\Roaming\TP-LINK
2017-02-21 18:15 - 2017-02-21 18:15 - 00000000 ____D C:\Users\mujee\AppData\Roaming\Macromedia
2017-02-21 18:15 - 2017-02-21 18:15 - 00000000 ____D C:\Users\mujee\AppData\Local\MicrosoftEdge
2017-02-21 18:15 - 2017-02-21 18:15 - 00000000 ____D C:\Users\mujee\AppData\Local\CEF
2017-02-21 18:14 - 2017-02-21 18:15 - 00000000 ____D C:\Users\mujee\AppData\Local\ConnectedDevicesPlatform
2017-02-21 18:14 - 2017-02-21 18:14 - 00000020 ___SH C:\Users\mujee\ntuser.ini
2017-02-20 20:50 - 2017-02-21 18:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-19 14:30 - 2017-02-19 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-02-19 14:30 - 2017-02-19 14:30 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-02-19 14:18 - 2017-02-19 14:18 - 02179856 _____ C:\Users\Daanyal Siddiqui\Downloads\winrar-x64-540.exe
2017-02-19 14:18 - 2017-02-19 14:18 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Roaming\WinRAR
2017-02-19 14:18 - 2017-02-19 14:18 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-19 14:18 - 2017-02-19 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-19 14:18 - 2017-02-19 14:18 - 00000000 ____D C:\Program Files\WinRAR
2017-02-18 21:15 - 2017-02-18 21:16 - 00001006 _____ C:\Users\Daanyal Siddiqui\Desktop\nativelog.txt
2017-02-18 21:05 - 2017-02-18 21:06 - 00000174 _____ C:\Users\Daanyal Siddiqui\AppData\LocalLow\rbxcsettings.rbx
2017-02-18 21:05 - 2017-02-18 21:06 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-02-18 21:04 - 2017-02-18 21:10 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Local\Roblox
2017-02-18 19:09 - 2017-02-19 13:38 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\LocalLow\BitTorrent
2017-02-18 17:37 - 2017-02-18 17:37 - 00217422 _____ C:\Users\Daanyal Siddiqui\Downloads\Battlefield.1.Ultimate.Edition-FULL.UNLOCKED.torrent
2017-02-18 17:21 - 2017-02-18 17:26 - 00000632 _____ C:\Users\Public\Desktop\Blacklight Retribution.lnk
2017-02-18 17:21 - 2017-02-18 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2017-02-18 17:21 - 2017-02-18 17:23 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Roaming\Arc
2017-02-18 17:21 - 2017-02-18 17:21 - 00000277 _____ C:\Users\Public\Desktop\Arc.lnk
2017-02-18 17:21 - 2017-02-18 17:21 - 00000000 ____D C:\Users\Public\Documents\Arc
2017-02-18 17:21 - 2017-02-18 17:21 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Local\Steam
2017-02-18 17:20 - 2017-02-18 17:20 - 00417488 _____ (Perfect World Entertainment) C:\Users\Daanyal Siddiqui\Downloads\Blacklight-retribution_ArcSetup.exe
2017-02-18 17:20 - 2017-02-18 17:20 - 00000000 ____D C:\Users\Daanyal Siddiqui\Downloads\Log
2017-02-18 17:20 - 2016-08-19 15:16 - 10760440 _____ (Perfect World Entertainment) C:\Users\Daanyal Siddiqui\Downloads\ArcInstall_BL_v20160818a.exe
2017-02-18 17:19 - 2017-02-18 17:19 - 00000552 _____ C:\Users\Public\Desktop\Steam.lnk
2017-02-18 17:19 - 2017-02-18 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-18 17:18 - 2017-02-18 17:18 - 01446792 _____ C:\Users\Daanyal Siddiqui\Downloads\SteamSetup.exe
2017-02-16 21:13 - 2017-02-16 21:13 - 00001153 _____ C:\Users\Daanyal Siddiqui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\toast.lnk
2017-02-16 21:08 - 2017-02-20 21:18 - 00000000 ____D C:\Users\Daanyal Siddiqui\Documents\Other
2017-02-16 21:08 - 2017-02-16 21:10 - 00000000 ____D C:\Users\Daanyal Siddiqui\Documents\School Stuff
2017-02-16 20:49 - 2017-02-16 20:49 - 09341656 _____ (Grammarly) C:\Users\Daanyal Siddiqui\Downloads\GrammarlyAddInSetup.exe
2017-02-16 20:49 - 2017-02-16 20:49 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Local\Package Cache
2017-02-16 20:49 - 2017-02-16 20:49 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Local\Grammarly
2017-02-16 20:48 - 2017-02-16 20:49 - 48419896 _____ (Grammarly) C:\Users\Daanyal Siddiqui\Downloads\GrammarlySetup.exe
2017-02-15 17:16 - 2017-02-15 17:17 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2017-02-15 17:16 - 2017-02-15 17:16 - 00001126 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2017-02-15 17:16 - 2017-02-15 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2017-02-15 17:16 - 2017-02-15 17:16 - 00000000 ____D C:\ProgramData\Hotspot Shield
2017-02-15 17:10 - 2017-02-15 17:10 - 14810248 _____ (AnchorFree Inc.) C:\Users\Daanyal Siddiqui\Downloads\HSS-6.4.4-install-hss-816-ext.exe
2017-02-15 16:24 - 2017-02-15 17:09 - 00000000 ____D C:\Program Files\CyberGhost 6
2017-02-15 16:24 - 2017-02-15 16:24 - 00002078 _____ C:\Users\Daanyal Siddiqui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk
2017-02-15 16:16 - 2017-02-15 16:16 - 00000792 _____ C:\Users\Daanyal Siddiqui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-02-15 11:26 - 2017-02-15 21:10 - 00000000 ____D C:\Users\TEMP\AppData\Local\Comms
2017-02-15 11:25 - 2017-02-15 11:25 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-15 11:24 - 2017-02-22 19:36 - 00000000 ____D C:\Users\TEMP
2017-02-13 11:27 - 2017-02-13 11:27 - 00200498 _____ C:\Users\Daanyal Siddiqui\Downloads\RDIMS-#9366076-v3-DIRECT_DEPOSIT_ENROLMENT_FORM_(PWGSC)%3b_FORMULAIRE_D_INSCRIPTION_AU_DEPOT_DIRECT_(TPSGC).PDF
2017-02-11 15:28 - 2017-02-11 15:28 - 01372952 _____ C:\Users\Daanyal Siddiqui\Downloads\Semiahmoo Totems Logos.zip
2017-02-09 12:58 - 2017-02-21 18:16 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-09 12:58 - 2017-02-09 12:58 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-09 12:58 - 2017-02-09 12:58 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-09 12:58 - 2017-02-09 12:58 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-09 12:58 - 2017-02-09 12:58 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-08 16:07 - 2017-02-08 16:07 - 02147715 _____ C:\Users\Daanyal Siddiqui\Downloads\Marine Medical form (1).pdf
2017-02-08 16:06 - 2017-02-08 16:06 - 00159224 _____ C:\Users\Daanyal Siddiqui\Downloads\reliability form (1).pdf
2017-02-08 15:53 - 2017-02-08 15:53 - 00094063 _____ C:\Users\Daanyal Siddiqui\Downloads\Reservation for Mujeeb Siddiqui.pdf
2017-02-08 15:51 - 2017-02-08 15:51 - 00051267 _____ C:\Users\Daanyal Siddiqui\Downloads\N4VJM6 (1).pdf
2017-02-08 15:50 - 2017-02-08 15:50 - 02147715 _____ C:\Users\Daanyal Siddiqui\Downloads\Marine Medical form.pdf
2017-02-08 15:49 - 2017-02-08 15:49 - 00159224 _____ C:\Users\Daanyal Siddiqui\Downloads\reliability form.pdf
2017-02-07 22:04 - 2017-02-07 22:05 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Roaming\vlc
2017-02-07 22:02 - 2017-02-07 22:02 - 30533688 _____ C:\Users\Daanyal Siddiqui\Downloads\vlc-2.2.4-win32.exe
2017-02-05 12:10 - 2017-02-05 12:10 - 00051267 _____ C:\Users\Daanyal Siddiqui\Downloads\N4VJM6.pdf
2017-01-31 20:23 - 2017-02-15 19:51 - 00000000 ____D C:\Users\Daanyal Siddiqui\Documents\Daanyal's Codes
2017-01-31 15:58 - 2017-02-22 19:15 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-29 14:13 - 2017-01-29 14:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-29 14:13 - 2017-01-29 14:13 - 00000000 ____D C:\Program Files\Common Files\AV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-22 19:36 - 2015-10-29 22:28 - 00000000 ____D C:\Users\Default.migrated
2017-02-22 19:26 - 2016-02-17 19:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 19:21 - 2016-01-30 12:12 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-22 19:15 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-22 19:03 - 2016-10-06 02:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 18:54 - 2016-01-30 15:03 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-22 18:51 - 2016-08-01 15:05 - 00000000 ___RD C:\Users\Daanyal Siddiqui\Google Drive
2017-02-21 22:41 - 2016-10-10 12:29 - 00000000 ___RD C:\Users\Daanyal Siddiqui\Documents\Scanned Documents
2017-02-21 21:18 - 2016-10-06 02:53 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1465164712
2017-02-21 21:18 - 2016-06-05 14:11 - 00001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-21 21:07 - 2016-01-30 14:59 - 01124166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 21:03 - 2016-10-06 02:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-21 19:03 - 2016-10-06 02:47 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-21 19:03 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-21 19:00 - 2016-10-06 02:49 - 00000000 ____D C:\Users\mujee
2017-02-21 18:39 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-21 18:31 - 2016-01-30 14:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-21 18:20 - 2016-01-30 12:07 - 00000000 ____D C:\Users\mujee\AppData\Roaming\Adobe
2017-02-21 18:18 - 2016-05-21 16:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 18:17 - 2016-01-30 12:09 - 00000000 ____D C:\Users\mujee\AppData\Local\Comms
2017-02-21 18:16 - 2016-01-30 12:07 - 00000000 ____D C:\Users\mujee\AppData\Local\Packages
2017-02-21 18:15 - 2016-01-30 12:08 - 00002416 _____ C:\Users\mujee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-21 18:15 - 2016-01-30 12:08 - 00000000 ___RD C:\Users\mujee\OneDrive
2017-02-21 18:14 - 2016-01-30 12:08 - 00000000 ____D C:\Users\mujee\AppData\Local\AMD
2017-02-19 19:58 - 2016-10-06 02:49 - 00000000 ____D C:\Users\Daanyal Siddiqui
2017-02-19 14:20 - 2016-01-30 15:43 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Roaming\BitTorrent
2017-02-18 21:20 - 2016-01-30 20:37 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Roaming\.minecraft
2017-02-18 21:16 - 2016-06-23 16:59 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-02-18 17:27 - 2016-03-22 21:18 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Local\u-launcher
2017-02-18 17:27 - 2016-01-30 15:27 - 00000000 ____D C:\ProgramData\GFACE
2017-02-18 17:21 - 2016-01-29 23:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-16 15:32 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-15 17:16 - 2016-10-06 02:47 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-15 16:24 - 2016-01-30 14:55 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Local\VirtualStore
2017-02-14 00:59 - 2016-01-30 12:20 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-02-11 13:40 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-09 12:58 - 2016-05-28 23:28 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-09 12:58 - 2016-01-30 12:20 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-09 12:58 - 2016-01-30 12:20 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-09 12:58 - 2016-01-30 12:20 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-09 12:58 - 2016-01-30 12:20 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-09 12:58 - 2016-01-30 12:20 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-09 12:58 - 2016-01-30 12:20 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-09 12:58 - 2016-01-30 12:20 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-01-31 18:02 - 2016-05-21 15:14 - 00000000 ____D C:\Users\Daanyal Siddiqui\AppData\Local\ElevatedDiagnostics
2017-01-31 17:27 - 2016-07-24 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 15:58 - 2016-10-06 02:47 - 04962168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-29 14:14 - 2016-07-15 22:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
 
==================== Files in the root of some directories =======
 
2016-01-30 14:54 - 2016-01-30 21:35 - 1065984 _____ () C:\Users\Daanyal Siddiqui\AppData\Local\file__0.localstorage
2016-06-07 19:40 - 2016-06-07 19:40 - 0000744 _____ () C:\Users\Daanyal Siddiqui\AppData\Local\recently-used.xbel
2016-06-04 23:23 - 2016-06-04 23:23 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-13 11:45
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by Daanyal Siddiqui (22-02-2017 19:43:13)
Running from C:\Users\Daanyal Siddiqui\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-06 10:55:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1843944655-2499827863-2729128396-500 - Administrator - Disabled)
Daanyal Siddiqui (S-1-5-21-1843944655-2499827863-2729128396-1001 - Administrator - Enabled) => C:\Users\Daanyal Siddiqui
DefaultAccount (S-1-5-21-1843944655-2499827863-2729128396-503 - Limited - Disabled)
Guest (S-1-5-21-1843944655-2499827863-2729128396-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1843944655-2499827863-2729128396-1005 - Limited - Enabled)
mujee (S-1-5-21-1843944655-2499827863-2729128396-1003 - Limited - Enabled) => C:\Users\mujee
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
BitTorrent (HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\{c0b3c46d-8b25-4fcd-bdd5-1cf3302047ff}) (Version: 6.5.86 - Grammarly)
Grammarly for Microsoft® Office Suite (Version: 6.5.86 - Grammarly) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Hotspot Shield 6.4.4 (HKLM-x32\...\{55df7f5b-ea5f-4eec-ad50-40bc50c5626c}) (Version: 6.4.4.10306 - AnchorFree Inc.)
Hotspot Shield 6.4.4 (x32 Version: 6.4.4 - AnchorFree Inc.) Hidden
Hotspot Shield 6.4.4 (x32 Version: 6.4.4.10306 - AnchorFree Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)
Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
Kaspersky Software Updater (x32 Version: 2.0.0.623 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
ROBLOX Player for Daanyal Siddiqui (HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.2 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
SetIP (HKLM-x32\...\SetIP) (Version: 1.05.08.00 - Samsung Electronics Co., Ltd.)
Spotify (HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-LINK TL-WN881ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1843944655-2499827863-2729128396-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Daanyal Siddiqui\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.5.86\1A82A42C36604DDDA4141500B03EC281\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-1843944655-2499827863-2729128396-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1843944655-2499827863-2729128396-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Daanyal Siddiqui\AppData\Local\Roblox\Versions\version-d31f23e3f760404e\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07ADD05C-A219-4A13-8DEF-D6D3066B804F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.)
Task: {0F03373D-6FE7-4DFA-886F-1C917A6283C4} - System32\Tasks\SafeZone scheduled Autoupdate 1465164712 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {3A18DE9F-B97A-46B5-B9CB-D8917105D3AF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)
Task: {3C025A7A-E4E9-4E98-BF57-C3AEC0DD2C30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.)
Task: {67E7E0FA-8D11-4638-882A-52E45ABCDE29} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {733BD655-2F5A-4633-92FD-5D9F3207428A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-09] (AVAST Software)
Task: {787CC919-5BAD-4C91-9242-CB2CE451CC61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {80A21284-44BA-46C1-BCD9-70BCD382C141} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 
Task: {D1B2691F-91BA-470D-85C5-5D6419AF94C9} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {D24C6059-B3B1-4EBF-9801-31401E5846E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-15 21:01 - 2016-02-15 21:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-02-22 17:39 - 2013-10-03 20:53 - 00734720 _____ () C:\WINDOWS\system32\SnMinDrv.dll
2016-02-22 17:39 - 2013-06-28 06:36 - 00091136 _____ () C:\WINDOWS\system32\ssdevm64.dll
2016-02-22 17:39 - 2013-02-21 20:29 - 00365568 _____ () C:\WINDOWS\system32\SaMinDrv.dll
2016-02-22 17:40 - 2015-12-05 12:02 - 00491328 _____ () C:\WINDOWS\SysWoW64\spdsvc.exe
2016-09-16 15:38 - 2016-09-16 15:38 - 00155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-10 12:37 - 2016-09-15 09:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-10 12:37 - 2016-09-15 09:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-10 12:37 - 2016-09-15 09:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-10 12:17 - 2016-10-10 12:17 - 00959168 _____ () C:\Users\Daanyal Siddiqui\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-10-06 03:44 - 2016-10-06 03:44 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-17 19:51 - 2016-11-02 02:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-05-17 17:46 - 2013-04-09 10:05 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2016-11-17 19:51 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-17 19:51 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-17 19:51 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-17 19:51 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-17 19:51 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-17 19:51 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-24 16:52 - 2016-11-24 16:52 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-24 16:52 - 2016-11-24 16:52 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-04 18:50 - 2016-06-04 18:50 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-24 16:52 - 2016-11-24 16:52 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-24 16:52 - 2016-11-24 16:52 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-03-03 18:50 - 2016-03-03 18:50 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-02-22 18:54 - 2017-02-01 01:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-22 18:54 - 2017-02-01 01:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-14 13:32 - 2017-02-14 13:32 - 00166520 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2016-11-26 23:42 - 2016-11-26 23:42 - 00332104 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\dblite.dll
2016-11-26 23:37 - 2016-11-26 23:37 - 00418512 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll
2017-02-09 12:58 - 2017-02-09 12:58 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-07 23:17 - 2017-01-07 23:17 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-09 12:58 - 2017-02-09 12:58 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-09 12:58 - 2017-02-09 12:58 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-22 18:51 - 2017-02-22 18:51 - 00098816 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32api.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00110080 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pywintypes27.dll
2017-02-22 18:51 - 2017-02-22 18:51 - 00364544 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pythoncom27.dll
2017-02-22 18:51 - 2017-02-22 18:51 - 00320512 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32com.shell.shell.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00914432 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_hashlib.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 01176576 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._core_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00806400 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._gdi_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00816128 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._windows_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 01067008 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._controls_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00733184 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._misc_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00682496 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pysqlite2._sqlite.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00088064 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_ctypes.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00686080 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\unicodedata.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00119808 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32file.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00108544 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32security.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00007168 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\hashobjs_ext.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00017920 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\thumbnails_ext.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00088064 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\usb_ext.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00012800 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\common.time34.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00018432 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32event.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00167936 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32gui.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00046080 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_socket.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 01303552 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_ssl.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00128512 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_elementtree.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00127488 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pyexpat.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00038912 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32inet.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00036864 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_psutil_windows.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00524248 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\windows._lib_cacheinvalidation.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00011264 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32crypt.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00123392 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._wizard.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00077312 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._html2.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00027648 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_multiprocessing.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00020480 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_yappi.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00035840 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32process.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00078848 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._animate.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00024064 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32pipe.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00010240 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\select.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00025600 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32pdh.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00017408 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32profile.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00022528 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32ts.pyd
2016-12-21 20:21 - 2016-12-21 20:21 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libcef.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libglesv2.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libegl.dll
2016-05-17 17:46 - 2013-01-22 13:40 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-17 17:46 - 2013-04-02 12:41 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-17 17:46 - 2013-05-07 10:16 - 00138752 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2016-05-17 17:46 - 2013-05-07 10:16 - 00115712 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-29 23:24 - 2015-10-29 23:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "GIGABYTE OC_GURU.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\StartupApproved\Run: => "nw"
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\StartupApproved\Run: => "KSS"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{81AB6CCC-D693-4926-A4D6-E464BB6441CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D28075ED-6660-43FD-880A-658DD59C8E69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{07C31CEB-B8E8-46DF-9024-8197675230EE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{88CB79B1-00A1-42CF-910A-FA2C55962880}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0029949B-29F5-4874-8727-FEB665AAE314}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{7A28472C-414A-438C-A465-B71FA3A04A9D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{FB5F2E24-BEAF-4A13-A133-02D5FD512C82}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{A9C05B0E-50CB-41F9-A222-A66D7399EE25}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [UDP Query User{F6DB6090-2867-4574-AC78-CB797A264DC8}C:\users\daanyal siddiqui\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daanyal siddiqui\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{03952376-8F57-4682-9B54-1671C212DB25}C:\users\daanyal siddiqui\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daanyal siddiqui\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1F572D92-DF35-4877-9F79-2FEDB60910C7}] => (Allow) C:\Users\Daanyal Siddiqui\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B3C1F7AF-E4B0-4155-A451-51FF8913F417}] => (Allow) C:\Users\Daanyal Siddiqui\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A5A72D55-FC19-4961-9F4A-2CD4C957787D}] => (Allow) C:\Users\Daanyal Siddiqui\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8F156EB9-FFBA-414A-A75A-B8D149EB81D8}] => (Allow) C:\Users\Daanyal Siddiqui\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FFC518C5-6CEA-47CA-A5F3-DEF12768F6CA}] => (Allow) C:\Users\Daanyal Siddiqui\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E4D4C986-3822-4512-A044-1904AB5C73C2}] => (Allow) C:\Users\Daanyal Siddiqui\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{22D91DA1-AA61-496F-A8CA-F965446CFEB6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B3566EA1-9515-4530-9162-4D84DA6D50D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D3F0E731-28B2-422E-BC2E-5AECE1AE4C2C}] => (Allow) A:\Steam\Steam.exe
FirewallRules: [{B4410E2D-A1EE-40EA-ABA2-39A1783655B9}] => (Allow) A:\Steam\Steam.exe
FirewallRules: [{2CD147CD-D0F6-459C-A196-821BE4D012F7}] => (Allow) A:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DA34FCFF-12B3-4CF6-A1CD-F8B92B0EDCE7}] => (Allow) A:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{944D8C23-BF34-494A-A64E-FEF734EEA169}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{2298C7C9-BCF8-4486-A32E-82933FA2100E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-02-2017 21:13:19 Scheduled Checkpoint
21-02-2017 21:55:48 Windows Backup
22-02-2017 19:00:07 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/22/2017 07:41:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/22/2017 07:23:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/22/2017 07:05:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-AQSASO0)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/22/2017 07:05:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DESKTOP-AQSASO0)
Description: App Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App did not launch within its allotted time.
 
Error: (02/22/2017 07:01:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/22/2017 07:01:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/22/2017 07:01:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/22/2017 07:00:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/22/2017 07:00:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/22/2017 06:50:54 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-AQSASO0)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.
 
 
System errors:
=============
Error: (02/22/2017 07:42:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.83.
The computer with the IP address 192.168.1.68 did not allow the name to be claimed by
this computer.
 
Error: (02/22/2017 07:40:02 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (02/22/2017 07:40:02 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (02/22/2017 07:37:16 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.83.
The computer with the IP address 192.168.1.68 did not allow the name to be claimed by
this computer.
 
Error: (02/22/2017 07:32:06 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.83.
The computer with the IP address 192.168.1.68 did not allow the name to be claimed by
this computer.
 
Error: (02/22/2017 07:30:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.83.
The computer with the IP address 192.168.1.68 did not allow the name to be claimed by
this computer.
 
Error: (02/22/2017 07:25:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.83.
The computer with the IP address 192.168.1.68 did not allow the name to be claimed by
this computer.
 
Error: (02/22/2017 07:19:58 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.83.
The computer with the IP address 192.168.1.68 did not allow the name to be claimed by
this computer.
 
Error: (02/22/2017 07:18:07 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.83.
The computer with the IP address 192.168.1.68 did not allow the name to be claimed by
this computer.
 
Error: (02/22/2017 07:12:57 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.83.
The computer with the IP address 192.168.1.68 did not allow the name to be claimed by
this computer.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 21%
Total physical RAM: 16308.88 MB
Available physical RAM: 12867.52 MB
Total Virtual: 18740.88 MB
Available Virtual: 14760.79 MB
 
==================== Drives ================================
 
Drive a: (HDD) (Fixed) (Total:931.51 GB) (Free:918.27 GB) NTFS
Drive c: (SSD) (Fixed) (Total:223.08 GB) (Free:170.29 GB) NTFS
Drive e: (BACKUPS DO NOT MODIFY) (Fixed) (Total:931.52 GB) (Free:628.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: DCA61967)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=42)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4968209E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 880B8533)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=42)
 
==================== End of Addition.txt ============================

 

 



#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 23 February 2017 - 03:30 AM

Hi Daanyal,

 

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

Please uninstall:

BitTorrent
Hotspot Shield

Kaspersky Lab

 

Please PC reset now.

==========================================================================

 

C:\Users\TEMP.DESKTOP-AQSASO0.000

 

Is this familiar to you?

========================

 

Have a nice day

 

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Daanyal

Daanyal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 26 February 2017 - 04:10 PM

Yes there is a folder in C:\users\TEMP.DESKTOP-AQSASO0.000

 

there are two temp desktops in the users folder. Is this where the virus is contained?

 

I have also uninstalled Bittorrent, kaspersky lab, and hotspot shield.


Edited by Daanyal, 26 February 2017 - 04:11 PM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 26 February 2017 - 04:34 PM

Hi Daanyal,

Is this where the virus is contained?

No,no.

===============================

 

Please do the following.

 

Step1:
Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

CreateRestorePoint:
CloseProcesses:
Task: {67E7E0FA-8D11-4638-882A-52E45ABCDE29} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
2016-11-26 23:42 - 2016-11-26 23:42 - 00332104 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\dblite.dll
2016-11-26 23:37 - 2016-11-26 23:37 - 00418512 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll
2017-02-22 18:51 - 2017-02-22 18:51 - 00098816 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32api.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00110080 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pywintypes27.dll
2017-02-22 18:51 - 2017-02-22 18:51 - 00364544 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pythoncom27.dll
2017-02-22 18:51 - 2017-02-22 18:51 - 00320512 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32com.shell.shell.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00914432 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_hashlib.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 01176576 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._core_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00806400 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._gdi_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00816128 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._windows_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 01067008 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._controls_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00733184 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._misc_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00682496 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pysqlite2._sqlite.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00088064 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_ctypes.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00686080 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\unicodedata.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00119808 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32file.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00108544 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32security.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00007168 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\hashobjs_ext.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00017920 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\thumbnails_ext.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00088064 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\usb_ext.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00012800 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\common.time34.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00018432 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32event.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00167936 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32gui.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00046080 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_socket.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 01303552 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_ssl.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00128512 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_elementtree.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00127488 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pyexpat.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00038912 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32inet.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00036864 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_psutil_windows.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00524248 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\windows._lib_cacheinvalidation.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00011264 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32crypt.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00123392 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._wizard.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00077312 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._html2.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00027648 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_multiprocessing.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00020480 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_yappi.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00035840 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32process.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00078848 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._animate.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00024064 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32pipe.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00010240 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\select.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00025600 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32pdh.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00017408 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32profile.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00022528 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32ts.pyd
2016-12-21 20:21 - 2016-12-21 20:21 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libcef.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libglesv2.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libegl.dll
C:\Users\Daanyal Siddiqui\AppData\Local\Temp
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\StartupApproved\Run: => "KSS"
FirewallRules: [UDP Query User{07C31CEB-B8E8-46DF-9024-8197675230EE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{88CB79B1-00A1-42CF-910A-FA2C55962880}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{22D91DA1-AA61-496F-A8CA-F965446CFEB6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B3566EA1-9515-4530-9162-4D84DA6D50D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
CHR StartupUrls: Default -> "hxxp://www.instructables.com/id/5-Mini-USB-Fridge!/?ALLSTEPS","hxxps://www.amazon.ca/11mm-Aluminum-Heat-Heatsink-Cooling/dp/B00INWWAGE/ref=sr_1_10?s=electronics&ie=UTF8&qid=1461030803&sr=1-10&keywords=heat+sink","hxxps://www.amazon.ca/Providing-Transfer-50x25x10mm-Cooling-Heatsink/dp/B00H8V5TD2/ref=sr_1_29?ie=UTF8&qid=1461030916&sr=8-29&keywords=heatsink","hxxps://www.amazon.ca/5-Color-Double-Ended-Alligator-Jumper/dp/B00D10KTLQ/ref=pd_rhf_ee_s_cp_9?ie=UTF8&dpID=51uhH7sphwL&dpSrc=sims&preST=_SL500_SR135%2C135_&refRID=1QVDCJ4Y4347R3WJF2PR","hxxps://www.amazon.ca/SODIAL-Thermal-Compound-Silicone-Heatsink/dp/B00JZET774/ref=sr_1_6?s=electronics&ie=UTF8&qid=1460959395&sr=1-6&keywords=thermal+paste","hxxps://www.amazon.ca/SODIAL-Heatsink-Thermoelectric-Cooler-Peltier/dp/B00K67XG5I/ref=sr_1_6?ie=UTF8&qid=1461005108&sr=8-6&keywords=peltier+cooler","hxxp://www.history.com/this-day-in-history/the-battle-of-hastings","hxxp://www.britroyals.com/kings.asp?id=william1","hxxps://answers.yahoo.com/question/index?qid=20130408222759AAEl7HD","hxxps://docs.google.com/document/d/1Qm4Z67eK50qSFLEC8kyAeXfdXPbF3Wi1QFmmRz8yj40/edit"
CHR HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
2017-02-21 21:33 - 2017-02-22 19:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-21 21:33 - 2017-02-22 19:37 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-02-21 21:33 - 2017-02-21 21:33 - 00001313 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-02-21 21:33 - 2017-02-21 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-02-21 21:31 - 2017-02-22 19:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-02-21 21:30 - 2017-02-21 21:31 - 02622304 _____ (Kaspersky Lab) C:\Users\Daanyal Siddiqui\Downloads\kss16.0.0.1344en_9702.exe
2017-02-21 21:27 - 2017-02-21 21:28 - 00274048 _____ C:\TDSSKiller.3.1.0.12_21.02.2017_21.27.35_log.txt
2017-02-21 21:27 - 2017-02-21 21:27 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Daanyal Siddiqui\Downloads\tdsskiller.exe
2017-02-21 21:26 - 2017-02-21 21:27 - 05659775 _____ (Swearware) C:\Users\Daanyal Siddiqui\Downloads\ComboFix.exe
2016-01-30 14:54 - 2016-01-30 21:35 - 1065984 _____ () C:\Users\Daanyal Siddiqui\AppData\Local\file__0.localstorage
2016-06-07 19:40 - 2016-06-07 19:40 - 0000744 _____ () C:\Users\Daanyal Siddiqui\AppData\Local\recently-used.xbel
2016-06-04 23:23 - 2016-06-04 23:23 - 0000057 _____ () C:\ProgramData\Ament.ini
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
ManualProxies:
EmptyTemp:

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.
When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.
 
Step2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Daanyal

Daanyal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 26 February 2017 - 05:18 PM

Ok here are the logs

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/26/2017
Scan Time: 2:10 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.02.26.08
Rootkit Database: v2017.02.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Daanyal Siddiqui
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397066
Time Elapsed: 6 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
 
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Daanyal Siddiqui (26-02-2017 14:03:51) Run:1
Running from C:\Users\Daanyal Siddiqui\Desktop
Loaded Profiles: Daanyal Siddiqui & mujee (Available Profiles: Daanyal Siddiqui & mujee)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {67E7E0FA-8D11-4638-882A-52E45ABCDE29} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
2016-11-26 23:42 - 2016-11-26 23:42 - 00332104 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\dblite.dll
2016-11-26 23:37 - 2016-11-26 23:37 - 00418512 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll
2017-02-22 18:51 - 2017-02-22 18:51 - 00098816 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32api.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00110080 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pywintypes27.dll
2017-02-22 18:51 - 2017-02-22 18:51 - 00364544 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pythoncom27.dll
2017-02-22 18:51 - 2017-02-22 18:51 - 00320512 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32com.shell.shell.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00914432 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_hashlib.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 01176576 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._core_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00806400 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._gdi_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00816128 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._windows_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 01067008 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._controls_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00733184 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._misc_.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00682496 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pysqlite2._sqlite.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00088064 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_ctypes.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00686080 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\unicodedata.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00119808 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32file.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00108544 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32security.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00007168 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\hashobjs_ext.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00017920 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\thumbnails_ext.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00088064 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\usb_ext.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00012800 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\common.time34.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00018432 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32event.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00167936 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32gui.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00046080 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_socket.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 01303552 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_ssl.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00128512 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_elementtree.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00127488 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pyexpat.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00038912 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32inet.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00036864 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_psutil_windows.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00524248 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\windows._lib_cacheinvalidation.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00011264 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32crypt.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00123392 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._wizard.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00077312 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._html2.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00027648 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_multiprocessing.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00020480 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_yappi.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00035840 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32process.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00078848 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._animate.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00024064 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32pipe.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00010240 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\select.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00025600 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32pdh.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00017408 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32profile.pyd
2017-02-22 18:51 - 2017-02-22 18:51 - 00022528 ____R () C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32ts.pyd
2016-12-21 20:21 - 2016-12-21 20:21 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libcef.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libglesv2.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libegl.dll
C:\Users\Daanyal Siddiqui\AppData\Local\Temp
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\StartupApproved\Run: => "KSS"
FirewallRules: [UDP Query User{07C31CEB-B8E8-46DF-9024-8197675230EE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{88CB79B1-00A1-42CF-910A-FA2C55962880}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{22D91DA1-AA61-496F-A8CA-F965446CFEB6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B3566EA1-9515-4530-9162-4D84DA6D50D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
CHR StartupUrls: Default -> "hxxp://www.instructables.com/id/5-Mini-USB-Fridge!/?ALLSTEPS","hxxps://www.amazon.ca/11mm-Aluminum-Heat-Heatsink-Cooling/dp/B00INWWAGE/ref=sr_1_10?s=electronics&ie=UTF8&qid=1461030803&sr=1-10&keywords=heat+sink","hxxps://www.amazon.ca/Providing-Transfer-50x25x10mm-Cooling-Heatsink/dp/B00H8V5TD2/ref=sr_1_29?ie=UTF8&qid=1461030916&sr=8-29&keywords=heatsink","hxxps://www.amazon.ca/5-Color-Double-Ended-Alligator-Jumper/dp/B00D10KTLQ/ref=pd_rhf_ee_s_cp_9?ie=UTF8&dpID=51uhH7sphwL&dpSrc=sims&preST=_SL500_SR135%2C135_&refRID=1QVDCJ4Y4347R3WJF2PR","hxxps://www.amazon.ca/SODIAL-Thermal-Compound-Silicone-Heatsink/dp/B00JZET774/ref=sr_1_6?s=electronics&ie=UTF8&qid=1460959395&sr=1-6&keywords=thermal+paste","hxxps://www.amazon.ca/SODIAL-Heatsink-Thermoelectric-Cooler-Peltier/dp/B00K67XG5I/ref=sr_1_6?ie=UTF8&qid=1461005108&sr=8-6&keywords=peltier+cooler","hxxp://www.history.com/this-day-in-history/the-battle-of-hastings","hxxp://www.britroyals.com/kings.asp?id=william1","hxxps://answers.yahoo.com/question/index?qid=20130408222759AAEl7HD","hxxps://docs.google.com/document/d/1Qm4Z67eK50qSFLEC8kyAeXfdXPbF3Wi1QFmmRz8yj40/edit"
CHR HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
2017-02-21 21:33 - 2017-02-22 19:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-21 21:33 - 2017-02-22 19:37 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-02-21 21:33 - 2017-02-21 21:33 - 00001313 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-02-21 21:33 - 2017-02-21 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-02-21 21:31 - 2017-02-22 19:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-02-21 21:30 - 2017-02-21 21:31 - 02622304 _____ (Kaspersky Lab) C:\Users\Daanyal Siddiqui\Downloads\kss16.0.0.1344en_9702.exe
2017-02-21 21:27 - 2017-02-21 21:28 - 00274048 _____ C:\TDSSKiller.3.1.0.12_21.02.2017_21.27.35_log.txt
2017-02-21 21:27 - 2017-02-21 21:27 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Daanyal Siddiqui\Downloads\tdsskiller.exe
2017-02-21 21:26 - 2017-02-21 21:27 - 05659775 _____ (Swearware) C:\Users\Daanyal Siddiqui\Downloads\ComboFix.exe
2016-01-30 14:54 - 2016-01-30 21:35 - 1065984 _____ () C:\Users\Daanyal Siddiqui\AppData\Local\file__0.localstorage
2016-06-07 19:40 - 2016-06-07 19:40 - 0000744 _____ () C:\Users\Daanyal Siddiqui\AppData\Local\recently-used.xbel
2016-06-04 23:23 - 2016-06-04 23:23 - 0000057 _____ () C:\ProgramData\Ament.ini
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
ManualProxies:
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67E7E0FA-8D11-4638-882A-52E45ABCDE29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67E7E0FA-8D11-4638-882A-52E45ABCDE29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\dblite.dll" => not found.
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32api.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pywintypes27.dll" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pythoncom27.dll" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32com.shell.shell.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_hashlib.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._core_.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._gdi_.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._windows_.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._controls_.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._misc_.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pysqlite2._sqlite.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_ctypes.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\unicodedata.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32file.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32security.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\hashobjs_ext.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\thumbnails_ext.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\usb_ext.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\common.time34.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32event.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32gui.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_socket.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_ssl.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_elementtree.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\pyexpat.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32inet.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_psutil_windows.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\windows._lib_cacheinvalidation.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32crypt.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._wizard.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._html2.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_multiprocessing.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\_yappi.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32process.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\wx._animate.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32pipe.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\select.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32pdh.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32profile.pyd" => not found.
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp\_MEI52202\win32ts.pyd" => not found.
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libcef.dll" => not found.
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libglesv2.dll" => not found.
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libegl.dll" => not found.
 
"C:\Users\Daanyal Siddiqui\AppData\Local\Temp" folder move:
 
Could not move "C:\Users\Daanyal Siddiqui\AppData\Local\Temp" => Scheduled to move on reboot.
 
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\KSS => value removed successfully
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KSS => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{07C31CEB-B8E8-46DF-9024-8197675230EE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{88CB79B1-00A1-42CF-910A-FA2C55962880}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{22D91DA1-AA61-496F-A8CA-F965446CFEB6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B3566EA1-9515-4530-9162-4D84DA6D50D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe" => not found.
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe => No running process found
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe => No running process found
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe => No running process found
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Kaspersky Software Updater => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\KSS => value removed successfully
Chrome StartupUrls => removed successfully
HKU\S-1-5-21-1843944655-2499827863-2729128396-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
ksu => service not found.
C:\ProgramData\Kaspersky Lab => moved successfully
C:\Program Files (x86)\Kaspersky Lab => moved successfully
"C:\Users\Public\Desktop\Kaspersky Software Updater.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater" => not found.
C:\ProgramData\Kaspersky Lab Setup Files => moved successfully
C:\Users\Daanyal Siddiqui\Downloads\kss16.0.0.1344en_9702.exe => moved successfully
C:\TDSSKiller.3.1.0.12_21.02.2017_21.27.35_log.txt => moved successfully
C:\Users\Daanyal Siddiqui\Downloads\tdsskiller.exe => moved successfully
C:\Users\Daanyal Siddiqui\Downloads\ComboFix.exe => moved successfully
C:\Users\Daanyal Siddiqui\AppData\Local\file__0.localstorage => moved successfully
C:\Users\Daanyal Siddiqui\AppData\Local\recently-used.xbel => moved successfully
C:\ProgramData\Ament.ini => moved successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{5AB5C389-0CFB-4EDD-834C-88D184228CCE} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29750543 B
Java, Flash, Steam htmlcache => 19896847 B
Windows/system/drivers => 425172 B
Edge => 0 B
Chrome => 329465543 B
Firefox => 9870356 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Daanyal Siddiqui => 443255504 B
mujee => 316474912 B
 
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-02-2017 14:04:59)
 
C:\Users\Daanyal Siddiqui\AppData\Local\Temp => moved successfully
 
==== End of Fixlog 14:04:59 ====


#8 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 26 February 2017 - 05:51 PM

Good work,

 

 Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

 

=========================================================

 

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 Daanyal

Daanyal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 27 February 2017 - 08:53 PM

ok here are the logs

 

# AdwCleaner v6.043 - Logfile created 27/02/2017 at 17:25:23
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-27.1 [Local]
# Operating System : Windows 10 Pro  (X64)
# Username : Daanyal Siddiqui - DESKTOP-AQSASO0
# Running from : C:\Users\Daanyal Siddiqui\Downloads\AdwCleaner (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKLM\SOFTWARE\FFinder LTD
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Daanyal Siddiqui\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cjonbnnoflopmbacbicphohfappebbkf
[-] [C:\Users\mujee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\mujee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1443 Bytes] - [27/02/2017 17:25:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [1723 Bytes] - [27/02/2017 17:20:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [1799 Bytes] - [27/02/2017 17:25:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1662 Bytes] ##########
 
 
 
RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Daanyal Siddiqui [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/27/2017 17:32:38 (Duration : 00:14:23)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Grammarly for Chrome [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.instructables.com/id/5-Mini-USB-Fridge!/?ALLSTEPS|https://www.amazon.ca/11mm-Aluminum-Heat-Heatsink-Cooling/dp/B00INWWAGE/ref=sr_1_10?s=electronics&ie=UTF8&qid=1461030803&sr=1-10&keywords=heat+sink|https://www.amazon.ca/Providing-Transfer-50x25x10mm-Cooling-Heatsink/dp/B00H8V5TD2/ref=sr_1_29?ie=UTF8&qid=1461030916&sr=8-29&keywords=heatsink|https://www.amazon.ca/5-Color-Double-Ended-Alligator-Jumper/dp/B00D10KTLQ/ref=pd_rhf_ee_s_cp_9?ie=UTF8&dpID=51uhH7sphwL&dpSrc=sims&preST=_SL500_SR135%2C135_&refRID=1QVDCJ4Y4347R3WJF2PR|https://www.amazon.ca/SODIAL-Thermal-Compound-Silicone-Heatsink/dp/B00JZET774/ref=sr_1_6?s=electronics&ie=UTF8&qid=1460959395&sr=1-6&keywords=thermal+paste|https://www.amazon.ca/SODIAL-Heatsink-Thermoelectric-Cooler-Peltier/dp/B00K67XG5I/ref=sr_1_6?ie=UTF8&qid=1461005108&sr=8-6&keywords=peltier+cooler|http://www.history.com/this-day-in-history/the-battle-of-hastings|http://www.britroyals.com/kings.asp?id=william1|https://answers.yahoo.com/question/index?qid=20130408222759AAEl7HD|https://docs.google.com/document/d/1Qm4Z67eK50qSFLEC8kyAeXfdXPbF3Wi1QFmmRz8yj40/edit] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: CT240BX200SSD1 +++++
--- User ---
[MBR] 11420be87b9fd54e2ad603d543b62514
[BSP] 970121a65ead6787fce19c176089f758 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 228434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] dbce76beabef812cd102cc7f0c599a97
[BSP] 4b5bcc814be1d88611b652eded6af566 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 715403 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: ST1000DM003-1SB10C +++++
--- User ---
[MBR] 5c345bdddd22fb211fecad9f30979b93
[BSP] 883839ba35d43b812e8be98749a46693 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: ST9250315AS +++++
--- User ---
[MBR] bee5744be5b81f5fb40cd034857e886d
[BSP] c4f9f3edbfa7e7bc5ca3961a65513fff : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 238474 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by Daanyal Siddiqui (Administrator) on Mon 02/27/2017 at 17:28:56.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Daanyal Siddiqui\AppData\Local\crashrpt (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/27/2017 at 17:30:23.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 


#10 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 28 February 2017 - 06:48 AM

Good. :thumbup2:

 

Please open RogueKiller again.

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure only the following lines are checked:-
[PUP.Gen0][Chrome:Addon] Default : Grammarly for Chrome [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.instructables.com/id/5-Mini-USB-Fridge!/?ALLSTEPS|https://www.amazon.ca/11mm-Aluminum-Heat-Heatsink-Cooling/dp/B00INWWAGE/ref=sr_1_10?s=electronics&ie=UTF8&qid=1461030803&sr=1-10&keywords=heat+sink|https://www.amazon.ca/Providing-Transfer-50x25x10mm-Cooling-Heatsink/dp/B00H8V5TD2/ref=sr_1_29?ie=UTF8&qid=1461030916&sr=8-29&keywords=heatsink|https://www.amazon.ca/5-Color-Double-Ended-Alligator-Jumper/dp/B00D10KTLQ/ref=pd_rhf_ee_s_cp_9?ie=UTF8&dpID=51uhH7sphwL&dpSrc=sims&preST=_SL500_SR135%2C135_&refRID=1QVDCJ4Y4347R3WJF2PR|https://www.amazon.ca/SODIAL-Thermal-Compound-Silicone-Heatsink/dp/B00JZET774/ref=sr_1_6?s=electronics&ie=UTF8&qid=1460959395&sr=1-6&keywords=thermal+paste|https://www.amazon.ca/SODIAL-Heatsink-Thermoelectric-Cooler-Peltier/dp/B00K67XG5I/ref=sr_1_6?ie=UTF8&qid=1461005108&sr=8-6&keywords=peltier+cooler|http://www.history.com/this-day-in-history/the-battle-of-hastings|http://www.britroyals.com/kings.asp?id=william1|https://answers.yahoo.com/question/index?qid=20130408222759AAEl7HD|https://docs.google.com/document/d/1Qm4Z67eK50qSFLEC8kyAeXfdXPbF3Wi1QFmmRz8yj40/edit] -> Found
  • Now click the Delete button.
  • Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop.

========================================

 ESET Online Scanner:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked 
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Delete found harmfulPlace a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!

--------------------------------------------------------------------------------------------------------

 

How is your machine now and Any issue ?

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 02 March 2017 - 06:31 AM

Are you still with me ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 04 March 2017 - 03:32 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users