Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.BitCoinMiner


  • This topic is locked This topic is locked
18 replies to this topic

#1 keronkkumar

keronkkumar

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:10:59 PM

Posted 12 July 2017 - 08:13 PM

I normally use PutLocker to look at all my favorite tv series, and i'm always getting pop-up pages but this time i got 1 that just would not close. I think i hit F1 and i was able to close it then, but i noticed something by the name of "open.exe " downloaded twice so i deleted them to the recycle bin. A few days after i did a malwearbyte anti malwear  scan and it found Trojan.BitCoinMiner, and  malwearbyte anti malwear  cleaned it. I did a few scane a few times after that and it came up clean, until today that is. After doing a malwearbyte anti malwear  scan it came up again and i'm not even sure how.

 

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2017 (ATTENTION: ====> FRSTversion is 37 days old and could be outdated)

Ran by User (administrator) on USER-PC (12-07-2017 20:49:40)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid\Vid.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7519960 2015-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [986648 2016-10-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [986648 2016-10-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{D87944A2-C95E-4AB3-ACD8-072F5585A6E3}: [DhcpNameServer] 192.168.100.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669 [2017-07-12]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-26]
FF Extension: (Follow-on Search Telemetry) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\features\{62b667ae-b12e-4629-9cb3-9299935cd426}\followonsearch@mozilla.com.xpi [2017-06-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-20]
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-12]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Video Downloader Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [445976 2016-10-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [425496 2016-10-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [466456 2016-10-21] (BlueStack Systems, Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [77872 2017-03-08] (CyberGhost S.R.L)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [86752 2015-04-16] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [179936 2015-04-16] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [139360 2016-10-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2016-10-07] (Bluestack System Inc. )
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-05-14] (Logitech Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [110208 2016-07-02] (BigNox Corporation)
R1 YSDrv; C:\Windows\System32\DRIVERS\YSDrv.sys [220432 2017-04-15] (BigNox Corporation)
S3 eapihdrv; \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-12 20:49 - 2017-07-12 20:50 - 00013609 _____ C:\Users\User\Desktop\FRST.txt
2017-07-12 20:29 - 2017-07-12 20:29 - 00000019 _____ C:\Users\User\Desktop\infewction.txt
2017-07-08 23:08 - 2017-07-08 23:08 - 00000000 ____D C:\Users\User\Downloads\bllueberrylove
2017-07-08 23:06 - 2017-07-09 00:15 - 00000000 ____D C:\Users\User\Downloads\lovehoneyx
2017-07-08 23:05 - 2017-07-08 23:05 - 00000000 ____D C:\Users\User\Downloads\thegirlonyourscreen_
2017-07-08 22:47 - 2017-07-08 22:47 - 00000000 ____D C:\Users\User\Downloads\roxyantebellum
2017-07-08 05:00 - 2017-07-08 05:00 - 00000000 ____D C:\Users\User\Downloads\melanielexxx
2017-07-05 15:58 - 2017-07-09 02:55 - 00000000 ____D C:\Users\User\Downloads\eeeveee
2017-07-04 10:49 - 2017-07-04 11:29 - 00000000 ____D C:\Users\User\Downloads\roseangel6_9
2017-07-03 23:53 - 2017-07-03 23:53 - 00000000 ____D C:\Users\User\Downloads\hotpussytime
2017-07-02 22:29 - 2017-07-02 22:29 - 00000000 ____D C:\Users\User\Downloads\litolbabytits
2017-07-02 04:08 - 2017-07-02 11:09 - 00000000 ____D C:\Users\User\Downloads\dreambleep420
2017-07-01 23:30 - 2017-07-01 23:30 - 00000000 ____D C:\Users\User\Downloads\missy_mell
2017-07-01 22:45 - 2017-07-01 22:52 - 00000000 ____D C:\Users\User\Downloads\pao609
2017-07-01 22:42 - 2017-07-01 22:42 - 00000000 ____D C:\Users\User\Downloads\sexyfoxy707
2017-07-01 22:40 - 2017-07-01 22:40 - 00000000 ____D C:\Users\User\Downloads\fornicatewme
2017-07-01 04:49 - 2017-07-01 04:49 - 00000040 _____ C:\Users\User\Desktop\slug.txt
2017-06-29 09:44 - 2017-07-10 21:59 - 00000000 ____D C:\Users\User\Downloads\1
2017-06-25 23:03 - 2017-06-25 23:04 - 00000000 ____D C:\Users\User\Downloads\romyhime
2017-06-25 04:19 - 2017-06-29 09:55 - 00000000 ____D C:\Users\User\Downloads\milly17
2017-06-25 04:19 - 2017-06-29 09:53 - 00000000 ____D C:\Users\User\Downloads\lilrosiedoll
2017-06-25 01:10 - 2017-06-25 01:10 - 00000000 ____D C:\Users\User\Downloads\natashaa_10
2017-06-25 01:09 - 2017-07-08 04:57 - 00000000 ____D C:\Users\User\Downloads\sophia_jones
2017-06-21 15:36 - 2017-06-24 22:46 - 00000000 ____D C:\Users\User\Downloads\housebate
2017-06-17 23:03 - 2017-06-20 22:27 - 00000000 ____D C:\Users\User\Downloads\jacobandcarolina
2017-06-15 20:28 - 2017-06-17 14:15 - 00000000 ____D C:\Users\User\Downloads\Rec-Tube Female
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-12 20:49 - 2017-06-06 11:10 - 00000000 ____D C:\FRST
2017-07-12 20:46 - 2016-12-09 20:09 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-07-12 20:43 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 20:43 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-12 20:36 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-12 20:34 - 2014-07-25 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-07-12 20:34 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\AppCompat
2017-07-12 20:08 - 2014-07-15 03:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 04:55 - 2016-08-14 00:34 - 00000000 ____D C:\Users\User\AppData\Local\Nox
2017-07-12 02:00 - 2014-08-16 02:00 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-07-12 00:36 - 2014-07-10 05:55 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-07-11 15:11 - 2015-12-28 05:05 - 00000000 ____D C:\Users\User\.android
2017-07-11 15:10 - 2017-04-15 05:58 - 00000000 ____D C:\Users\User\.BigNox
2017-07-11 15:10 - 2016-08-14 00:41 - 00000000 ____D C:\Users\User\vmlogs
2017-07-10 04:20 - 2009-07-13 22:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-09 13:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2017-07-09 13:15 - 2014-07-08 00:58 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-09 13:15 - 2014-07-08 00:58 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-09 13:15 - 2014-07-08 00:58 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-09 12:06 - 2009-07-14 00:53 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-09 03:59 - 2014-07-15 06:26 - 00000000 ____D C:\Users\User\Documents\iWisoft Free Video Converter
2017-07-09 00:53 - 2015-03-12 03:09 - 00001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-07-08 03:17 - 2014-08-02 04:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-07-07 20:11 - 2015-02-22 00:32 - 00000000 ____D C:\Program Files\Opera
2017-07-05 13:56 - 2017-04-08 23:21 - 00000000 ____D C:\Users\User\Downloads\superhotgirl2
2017-07-04 10:15 - 2017-03-15 22:45 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2017-07-04 10:15 - 2016-04-20 15:53 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-04 10:15 - 2016-04-20 15:53 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-04 10:15 - 2016-04-20 15:48 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-04 10:15 - 2016-04-20 15:48 - 00002123 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-04 10:15 - 2015-12-14 01:13 - 00001805 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-07-04 10:15 - 2015-11-23 19:37 - 00000963 _____ C:\Users\Public\Desktop\PowerISO.lnk
2017-07-04 10:15 - 2015-09-02 16:41 - 00001809 _____ C:\Users\Public\Desktop\ooVoo.lnk
2017-07-04 10:15 - 2015-06-10 00:24 - 00000948 _____ C:\Users\Public\Desktop\Logitech Vid.lnk
2017-07-04 10:15 - 2015-02-27 16:02 - 00001759 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2017-07-04 10:15 - 2015-02-27 16:02 - 00001741 _____ C:\Users\Public\Desktop\Eraser.lnk
2017-07-04 10:15 - 2015-02-22 00:32 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-07-04 10:15 - 2015-02-22 00:32 - 00001067 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2017-07-04 10:15 - 2015-02-05 23:01 - 00001576 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2017-07-04 10:15 - 2014-09-15 09:28 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-07-04 10:15 - 2014-09-15 09:26 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-07-04 10:15 - 2014-07-15 03:56 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-07-04 10:15 - 2014-07-14 07:39 - 00001045 _____ C:\Users\Public\Desktop\ManyCam.lnk
2017-07-04 10:15 - 2014-07-14 04:25 - 00001260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2017-07-04 10:15 - 2014-07-14 04:19 - 00001504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-07-04 10:15 - 2014-07-14 04:19 - 00001486 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2017-07-04 10:15 - 2014-07-04 17:04 - 00002184 _____ C:\Users\Public\Desktop\Roxio Creator Home.lnk
2017-07-04 10:15 - 2014-07-04 16:14 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-07-04 10:15 - 2014-07-04 16:04 - 00001022 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-07-04 10:15 - 2014-07-04 16:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-07-04 10:15 - 2014-07-04 16:02 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2017-07-04 10:15 - 2014-07-04 11:25 - 00001393 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-04 10:15 - 2014-07-03 19:46 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-07-04 10:15 - 2014-07-03 19:46 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-07-04 10:15 - 2009-07-14 00:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-04 10:15 - 2009-07-14 00:42 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2017-07-04 10:15 - 2009-07-14 00:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-07-04 10:15 - 2009-07-14 00:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-07-04 10:15 - 2009-07-14 00:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-07-04 10:14 - 2017-04-15 05:59 - 00001018 _____ C:\Users\User\Desktop\Multi-Drive.lnk
2017-07-04 10:14 - 2017-04-15 05:59 - 00000937 _____ C:\Users\User\Desktop\Nox.lnk
2017-07-04 10:14 - 2017-01-28 02:29 - 00001885 _____ C:\Users\User\Desktop\CyberGhost 6.lnk
2017-07-04 10:14 - 2016-11-22 11:33 - 00001817 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-07-04 10:14 - 2016-03-02 09:55 - 00000981 _____ C:\Users\User\Desktop\Handbrake.lnk
2017-07-04 10:14 - 2016-02-29 19:01 - 00001179 _____ C:\Users\User\Desktop\Ann Free Video Converter 4.5.1.lnk
2017-07-04 10:14 - 2016-02-29 12:10 - 00000904 _____ C:\Users\User\Desktop\VideoLobster.lnk
2017-07-04 10:14 - 2014-08-22 04:59 - 00001945 _____ C:\Users\User\Desktop\Widelands - Mapeditor.lnk
2017-07-04 10:14 - 2014-08-22 04:59 - 00001851 _____ C:\Users\User\Desktop\Widelands.lnk
2017-07-04 10:14 - 2014-08-04 02:28 - 00000935 _____ C:\Users\User\Desktop\HyperCam 2.lnk
2017-07-04 10:14 - 2014-08-02 05:08 - 00001456 _____ C:\Users\User\Desktop\Skype.exe - Shortcut.lnk
2017-07-04 10:14 - 2014-07-31 02:00 - 00001064 _____ C:\Users\User\Desktop\NeoDownloader Lite.lnk
2017-07-04 10:14 - 2014-07-14 08:05 - 00001248 _____ C:\Users\User\Desktop\Adobe Photoshop CC 2014 (32 Bit).lnk
2017-07-04 10:14 - 2014-07-13 01:30 - 00001047 _____ C:\Users\User\Desktop\iWisoft Free Video Converter.lnk
2017-07-04 10:14 - 2014-07-05 08:45 - 00002105 _____ C:\Users\User\Desktop\Microsoft Security Essentials.lnk
2017-07-04 10:14 - 2014-07-04 17:03 - 00002675 _____ C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
2017-07-04 10:14 - 2014-07-04 17:03 - 00002637 _____ C:\Users\User\Desktop\Microsoft Office Excel 2007.lnk
2017-07-04 10:14 - 2009-07-14 00:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-07-04 10:14 - 2009-07-14 00:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-07-02 04:51 - 2014-07-04 11:29 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-30 01:01 - 2017-01-28 02:30 - 00000000 ____D C:\Users\User\AppData\Local\CyberGhost
2017-06-26 19:35 - 2017-06-10 20:46 - 00000000 ____D C:\Users\User\Downloads\vanlave
2017-06-21 03:11 - 2016-03-02 09:56 - 00000000 ____D C:\Users\User\AppData\Roaming\HandBrake
2017-06-17 14:37 - 2017-01-05 23:58 - 00000000 ____D C:\Users\User\Downloads\Rec-Tube Couple
 
==================== Files in the root of some directories =======
 
2017-04-06 12:27 - 2017-04-06 12:27 - 325407814 _____ () C:\Users\User\AppData\Local\ACCCx4_0_1_188.zip.aamdownload
2017-04-06 12:27 - 2017-04-06 12:27 - 0003630 _____ () C:\Users\User\AppData\Local\ACCCx4_0_1_188.zip.aamdownload.aamd
2015-03-12 03:09 - 2017-07-09 00:53 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-22 02:28 - 2017-04-28 02:07 - 0000753 _____ () C:\Users\User\AppData\Local\Nox_crash.log
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-06 13:27 - 2015-11-06 13:27 - 0000458 _____ () C:\ProgramData\Local Disk (D) - Shortcut.lnk
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-02 06:54
 
==================== End of FRST.txt ============================
 
 
MBAM (malwearbyte anti malwear)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/12/2017
Scan Time: 8:08 PM
Logfile: MB.07.12.2017.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.07.12.07
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276399
Time Elapsed: 24 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.BitCoinMiner, C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2523BE09-F9C9-45DC-B671-99CFCD62BD9A}-Open.exe, Quarantined, [0e59a1c4b9f045f16513bb32679a07f9], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Attached Files



BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:59 AM

Posted 14 July 2017 - 01:45 AM

Hi ,

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being asked.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from the internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on another system as it may do serious damage.
 
  • Step #1 Scan with Zemana Anti-malware
    Download and install Zemana anti-malware from here.
    • Double-click to run the software;
    • Click on the gear-icon on the top right portion to navigate to Settings.
      • Click on Scan > put a tick on Create System Restore
      • Click on Advanced > put a tick on Check for Suspicious (root CA) Certificates
    • Click the home icon on top left and click on Scan
    • After scan finishes click on the report tab on the top right corner;
    • Choose the latest report by clicking on it and click on Open Report afterward.
    • Copy and Paste the contents of the report in your next reply.
 
  • Step #2 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Option and put a tick mark on everything;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
    • Copy and Paste the contents of this log in your reply.
 

Give me a fresh set of FRST scan logs please.

 
  • Required Log(s):
    • Zemana Fix Log
    • AdwCleaner Log
    • Fresh FRST scan logs
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:10:59 PM

Posted 14 July 2017 - 03:00 AM

Thank you for your assistance. Before we start, there's a few things i'll like to let you know. My system is a 2nd hand custom built computer, when I  got it there was no windows CD or serial code that with came it. There was a sticker at the back and i was told that code was on there but it was badly faded and it came off any ways. I was also advise to keep windows up date turned off. If this does not violate any of your rules and you are still able to help me then plz let me know so i can start the 

zemana scan and the AdwCleaner Fix.


Edited by keronkkumar, 14 July 2017 - 07:01 PM.


#4 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:10:59 PM

Posted 14 July 2017 - 06:59 PM

sorry i was trying to edit spelling errors and i quoted my self


Edited by keronkkumar, 14 July 2017 - 07:03 PM.


#5 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:59 AM

Posted 17 July 2017 - 02:32 AM

I was also advise to keep windows up date turned off.

I am not sure why you were counseled in such way as turning off Windows Update is one of major way to get infected. You can proceed with the steps.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#6 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:10:59 PM

Posted 17 July 2017 - 05:07 PM

Zemana Fix Log

 
Zemana AntiMalware 2.74.2.76 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/7/17
Operating System       : Windows 7 32-bit
Processor              : 2X AMD A4-4000 APU with Radeon™ HD Graphics
BIOS Mode              : Legacy
CUID                   : 1274F856E3DEBF080B4C9D
Scan Type              : System Scan
Duration               : 10m 2s
Scanned Objects        : 95357
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
{05ad7a37-7a28-464d-8f58-c6b726fb72b0}
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\{05ad7a37-7a28-464d-8f58-c6b726fb72b0}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
{d92281de-a16a-4c27-96c9-8ff7564c0e84}
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\{d92281de-a16a-4c27-96c9-8ff7564c0e84}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

Edited by keronkkumar, 17 July 2017 - 06:17 PM.


#7 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:10:59 PM

Posted 17 July 2017 - 05:21 PM

AdwCleaner Log

 

# AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 17 22:15:08 2017

# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Professional (X86)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Image File Execution Options%s keys deleted
::Prefetch files deleted
::Proxy settings cleared
::TCP/IP settings cleared
::Firewall rules cleared
::IPSec settings cleared
::BITS queue cleared
::IE policies deleted
::Chrome policies deleted
::Hosts file cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1592 B] - [2017/7/17 22:14:34]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#8 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:10:59 PM

Posted 17 July 2017 - 06:16 PM

  • Fresh FRST scan logs
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2017
Ran by User (administrator) on USER-PC (17-07-2017 18:24:24)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid\Vid.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7519960 2015-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [986648 2016-10-21] (BlueStack Systems, Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [986648 2016-10-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{D87944A2-C95E-4AB3-ACD8-072F5585A6E3}: [DhcpNameServer] 192.168.100.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669 [2017-07-16]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-20]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-17]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Video Downloader Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [445976 2016-10-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [425496 2016-10-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [466456 2016-10-21] (BlueStack Systems, Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [77872 2017-03-08] (CyberGhost S.R.L)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [86752 2015-04-16] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [179936 2015-04-16] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [139360 2016-10-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2016-10-07] (Bluestack System Inc. )
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-05-14] (Logitech Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [110208 2016-07-02] (BigNox Corporation)
R1 YSDrv; C:\Windows\System32\DRIVERS\YSDrv.sys [220432 2017-04-15] (BigNox Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-17] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-17 18:24 - 2017-07-17 18:25 - 00013827 _____ C:\Users\User\Desktop\FRST.txt
2017-07-17 18:22 - 2017-07-17 18:22 - 01780736 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2017-07-17 18:09 - 2017-07-17 18:10 - 08162248 _____ (Malwarebytes) C:\Users\User\Desktop\adwcleaner_7.0.0.0.exe
2017-07-17 18:08 - 2017-07-17 18:15 - 00000000 ____D C:\AdwCleaner
2017-07-17 17:51 - 2017-07-17 18:25 - 00045139 _____ C:\Windows\ZAM.krnl.trace
2017-07-17 17:51 - 2017-07-17 18:25 - 00016612 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-17 17:51 - 2017-07-17 17:51 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-17 17:51 - 2017-07-17 17:51 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-17 17:51 - 2017-07-17 17:51 - 00001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-07-17 17:51 - 2017-07-17 17:51 - 00000000 ____D C:\Users\User\AppData\Local\Zemana
2017-07-17 17:51 - 2017-07-17 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-17 17:51 - 2017-07-17 17:51 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-17 17:50 - 2017-07-17 17:50 - 06589840 _____ (Zemana Ltd. ) C:\Users\User\Downloads\Zemana.AntiMalware.Setup.exe
2017-07-17 00:53 - 2017-07-17 00:54 - 00000000 ____D C:\Users\User\Downloads\your_little_asian_secret
2017-07-16 22:31 - 2017-07-16 22:32 - 00000000 ____D C:\Users\User\Downloads\pony_pinkie_pie
2017-07-16 05:26 - 2017-07-17 00:14 - 00000000 ____D C:\Users\User\Downloads\kkandcc
2017-07-16 01:35 - 2017-07-16 01:35 - 00000000 ____D C:\Users\User\Downloads\yungnymphs
2017-07-16 01:34 - 2017-07-16 01:34 - 00000000 ____D C:\Users\User\Downloads\livykittyy
2017-07-16 01:32 - 2017-07-16 01:41 - 00000000 ____D C:\Users\User\Downloads\miss_katy69
2017-07-16 00:33 - 2017-07-16 00:33 - 00000000 ____D C:\Users\User\Downloads\lilgypsymoon
2017-07-08 23:08 - 2017-07-15 23:48 - 00000000 ____D C:\Users\User\Downloads\bllueberrylove
2017-07-08 23:05 - 2017-07-08 23:05 - 00000000 ____D C:\Users\User\Downloads\thegirlonyourscreen_
2017-07-08 05:00 - 2017-07-08 05:00 - 00000000 ____D C:\Users\User\Downloads\melanielexxx
2017-07-05 15:58 - 2017-07-15 04:28 - 00000000 ____D C:\Users\User\Downloads\eeeveee
2017-07-04 10:49 - 2017-07-04 11:29 - 00000000 ____D C:\Users\User\Downloads\roseangel6_9
2017-07-03 23:53 - 2017-07-13 21:44 - 00000000 ____D C:\Users\User\Downloads\hotpussytime
2017-07-02 22:29 - 2017-07-02 22:29 - 00000000 ____D C:\Users\User\Downloads\litolbabytits
2017-07-02 04:08 - 2017-07-02 11:09 - 00000000 ____D C:\Users\User\Downloads\dreambleep420
2017-07-01 23:30 - 2017-07-01 23:30 - 00000000 ____D C:\Users\User\Downloads\missy_mell
2017-07-01 22:45 - 2017-07-01 22:52 - 00000000 ____D C:\Users\User\Downloads\pao609
2017-07-01 22:42 - 2017-07-01 22:42 - 00000000 ____D C:\Users\User\Downloads\sexyfoxy707
2017-07-01 22:40 - 2017-07-01 22:40 - 00000000 ____D C:\Users\User\Downloads\fornicatewme
2017-07-01 04:49 - 2017-07-01 04:49 - 00000040 _____ C:\Users\User\Desktop\slug.txt
2017-06-29 09:44 - 2017-07-16 22:13 - 00000000 ____D C:\Users\User\Downloads\1
2017-06-25 23:03 - 2017-06-25 23:04 - 00000000 ____D C:\Users\User\Downloads\romyhime
2017-06-25 04:19 - 2017-07-15 03:21 - 00000000 ____D C:\Users\User\Downloads\lilrosiedoll
2017-06-25 04:19 - 2017-06-29 09:55 - 00000000 ____D C:\Users\User\Downloads\milly17
2017-06-25 01:10 - 2017-06-25 01:10 - 00000000 ____D C:\Users\User\Downloads\natashaa_10
2017-06-25 01:09 - 2017-07-08 04:57 - 00000000 ____D C:\Users\User\Downloads\sophia_jones
2017-06-21 15:36 - 2017-06-24 22:46 - 00000000 ____D C:\Users\User\Downloads\housebate
2017-06-17 23:03 - 2017-06-20 22:27 - 00000000 ____D C:\Users\User\Downloads\jacobandcarolina
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-17 18:25 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-17 18:25 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-17 18:24 - 2017-06-06 11:10 - 00000000 ____D C:\FRST
2017-07-17 18:18 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-17 18:15 - 2014-07-25 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-07-17 03:13 - 2016-08-14 00:34 - 00000000 ____D C:\Users\User\AppData\Local\Nox
2017-07-17 02:01 - 2014-08-16 02:00 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-07-17 00:27 - 2014-07-10 05:55 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-07-17 00:12 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2017-07-16 23:56 - 2014-07-15 06:26 - 00000000 ____D C:\Users\User\Documents\iWisoft Free Video Converter
2017-07-16 18:16 - 2015-12-28 05:05 - 00000000 ____D C:\Users\User\.android
2017-07-16 18:15 - 2017-04-15 05:58 - 00000000 ____D C:\Users\User\.BigNox
2017-07-16 18:15 - 2016-08-14 00:41 - 00000000 ____D C:\Users\User\vmlogs
2017-07-16 18:00 - 2017-01-05 23:58 - 00000000 ____D C:\Users\User\Downloads\Rec-Tube Couple
2017-07-16 00:04 - 2016-12-09 20:09 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-07-14 20:13 - 2015-02-22 00:32 - 00000000 ____D C:\Program Files\Opera
2017-07-12 21:02 - 2014-07-15 03:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 20:34 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\AppCompat
2017-07-09 13:15 - 2014-07-08 00:58 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-09 13:15 - 2014-07-08 00:58 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-09 13:15 - 2014-07-08 00:58 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-09 12:06 - 2009-07-14 00:53 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-09 00:53 - 2015-03-12 03:09 - 00001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-07-08 03:17 - 2014-08-02 04:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-07-05 13:56 - 2017-04-08 23:21 - 00000000 ____D C:\Users\User\Downloads\superhotgirl2
2017-07-04 10:15 - 2017-03-15 22:45 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2017-07-04 10:15 - 2016-04-20 15:53 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-04 10:15 - 2016-04-20 15:53 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-04 10:15 - 2016-04-20 15:48 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-04 10:15 - 2016-04-20 15:48 - 00002123 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-04 10:15 - 2015-12-14 01:13 - 00001805 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-07-04 10:15 - 2015-11-23 19:37 - 00000963 _____ C:\Users\Public\Desktop\PowerISO.lnk
2017-07-04 10:15 - 2015-09-02 16:41 - 00001809 _____ C:\Users\Public\Desktop\ooVoo.lnk
2017-07-04 10:15 - 2015-06-10 00:24 - 00000948 _____ C:\Users\Public\Desktop\Logitech Vid.lnk
2017-07-04 10:15 - 2015-02-27 16:02 - 00001759 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2017-07-04 10:15 - 2015-02-27 16:02 - 00001741 _____ C:\Users\Public\Desktop\Eraser.lnk
2017-07-04 10:15 - 2015-02-22 00:32 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-07-04 10:15 - 2015-02-22 00:32 - 00001067 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2017-07-04 10:15 - 2015-02-05 23:01 - 00001576 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2017-07-04 10:15 - 2014-09-15 09:28 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-07-04 10:15 - 2014-09-15 09:26 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-07-04 10:15 - 2014-07-15 03:56 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-07-04 10:15 - 2014-07-14 07:39 - 00001045 _____ C:\Users\Public\Desktop\ManyCam.lnk
2017-07-04 10:15 - 2014-07-14 04:25 - 00001260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2017-07-04 10:15 - 2014-07-14 04:19 - 00001504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-07-04 10:15 - 2014-07-14 04:19 - 00001486 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2017-07-04 10:15 - 2014-07-04 17:04 - 00002184 _____ C:\Users\Public\Desktop\Roxio Creator Home.lnk
2017-07-04 10:15 - 2014-07-04 16:14 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-07-04 10:15 - 2014-07-04 16:04 - 00001022 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-07-04 10:15 - 2014-07-04 16:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-07-04 10:15 - 2014-07-04 16:02 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2017-07-04 10:15 - 2014-07-04 11:25 - 00001393 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-04 10:15 - 2014-07-03 19:46 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-07-04 10:15 - 2014-07-03 19:46 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-07-04 10:15 - 2009-07-14 00:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-04 10:15 - 2009-07-14 00:42 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2017-07-04 10:15 - 2009-07-14 00:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-07-04 10:15 - 2009-07-14 00:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-07-04 10:15 - 2009-07-14 00:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-07-04 10:14 - 2017-04-15 05:59 - 00001018 _____ C:\Users\User\Desktop\Multi-Drive.lnk
2017-07-04 10:14 - 2017-04-15 05:59 - 00000937 _____ C:\Users\User\Desktop\Nox.lnk
2017-07-04 10:14 - 2017-01-28 02:29 - 00001885 _____ C:\Users\User\Desktop\CyberGhost 6.lnk
2017-07-04 10:14 - 2016-11-22 11:33 - 00001817 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-07-04 10:14 - 2016-03-02 09:55 - 00000981 _____ C:\Users\User\Desktop\Handbrake.lnk
2017-07-04 10:14 - 2016-02-29 19:01 - 00001179 _____ C:\Users\User\Desktop\Ann Free Video Converter 4.5.1.lnk
2017-07-04 10:14 - 2016-02-29 12:10 - 00000904 _____ C:\Users\User\Desktop\VideoLobster.lnk
2017-07-04 10:14 - 2014-08-22 04:59 - 00001945 _____ C:\Users\User\Desktop\Widelands - Mapeditor.lnk
2017-07-04 10:14 - 2014-08-22 04:59 - 00001851 _____ C:\Users\User\Desktop\Widelands.lnk
2017-07-04 10:14 - 2014-08-04 02:28 - 00000935 _____ C:\Users\User\Desktop\HyperCam 2.lnk
2017-07-04 10:14 - 2014-08-02 05:08 - 00001456 _____ C:\Users\User\Desktop\Skype.exe - Shortcut.lnk
2017-07-04 10:14 - 2014-07-31 02:00 - 00001064 _____ C:\Users\User\Desktop\NeoDownloader Lite.lnk
2017-07-04 10:14 - 2014-07-14 08:05 - 00001248 _____ C:\Users\User\Desktop\Adobe Photoshop CC 2014 (32 Bit).lnk
2017-07-04 10:14 - 2014-07-13 01:30 - 00001047 _____ C:\Users\User\Desktop\iWisoft Free Video Converter.lnk
2017-07-04 10:14 - 2014-07-05 08:45 - 00002105 _____ C:\Users\User\Desktop\Microsoft Security Essentials.lnk
2017-07-04 10:14 - 2014-07-04 17:03 - 00002675 _____ C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
2017-07-04 10:14 - 2014-07-04 17:03 - 00002637 _____ C:\Users\User\Desktop\Microsoft Office Excel 2007.lnk
2017-07-04 10:14 - 2009-07-14 00:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-07-04 10:14 - 2009-07-14 00:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-07-02 04:51 - 2014-07-04 11:29 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-30 01:01 - 2017-01-28 02:30 - 00000000 ____D C:\Users\User\AppData\Local\CyberGhost
2017-06-26 19:35 - 2017-06-10 20:46 - 00000000 ____D C:\Users\User\Downloads\vanlave
2017-06-21 03:11 - 2016-03-02 09:56 - 00000000 ____D C:\Users\User\AppData\Roaming\HandBrake
2017-06-17 14:15 - 2017-06-15 20:28 - 00000000 ____D C:\Users\User\Downloads\Rec-Tube Female
 
==================== Files in the root of some directories =======
 
2017-04-06 12:27 - 2017-04-06 12:27 - 325407814 _____ () C:\Users\User\AppData\Local\ACCCx4_0_1_188.zip.aamdownload
2017-04-06 12:27 - 2017-04-06 12:27 - 0003630 _____ () C:\Users\User\AppData\Local\ACCCx4_0_1_188.zip.aamdownload.aamd
2015-03-12 03:09 - 2017-07-09 00:53 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-22 02:28 - 2017-04-28 02:07 - 0000753 _____ () C:\Users\User\AppData\Local\Nox_crash.log
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-06 13:27 - 2015-11-06 13:27 - 0000458 _____ () C:\ProgramData\Local Disk (D) - Shortcut.lnk
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-14 23:00
 
==================== End of FRST.txt ============================


#9 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:59 AM

Posted 24 July 2017 - 06:44 AM

Sorry for the delay,
  • Step #3 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#10 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:10:59 PM

Posted 24 July 2017 - 10:13 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7e0bb07e9f8d7b41b61bc5b37ecfad02
# end=init
# utc_time=2015-12-01 12:02:58
# local_time=2015-11-30 08:02:58 (-0400, SA Western Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26981
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7e0bb07e9f8d7b41b61bc5b37ecfad02
# end=updated
# utc_time=2015-12-01 12:39:03
# local_time=2015-11-30 08:39:03 (-0400, SA Western Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7e0bb07e9f8d7b41b61bc5b37ecfad02
# engine=26981
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-12-01 02:03:50
# local_time=2015-11-30 10:03:50 (-0400, SA Western Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 44344183 70965424 0 0
# scanned=233565
# found=7
# cleaned=0
# scan_time=5086
sh=48AE3824B3A8C6E707E34441109CF212114C7FBB ft=1 fh=b4d97fc719b685e8 vn="a variant of Win32/Amonetize.LM potentially unwanted application" ac=I fn="C:\Program Files\DAEMON Tools Lite\Extractor.exe"
sh=E3C2201537FCCF95A2432CBEBB7141F3B9F6515E ft=1 fh=afbbbaf3b18df18e vn="a variant of Win32/Amonetize.MA potentially unwanted application" ac=I fn="C:\Users\User\AppData\Local\Temp\ZKxral+y.exe.part"
sh=9DA0691FFB632275FA186ABB4DA6CC7D9D73F5DA ft=0 fh=0000000000000000 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\User\AppData\Local\Temp\HYD967B.tmp.1448299508\HTA\install.1448299508.zip"
sh=9DA0691FFB632275FA186ABB4DA6CC7D9D73F5DA ft=0 fh=0000000000000000 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\User\AppData\Local\Temp\HYDC284.tmp.1448774335\HTA\install.1448774335.zip"
sh=4F592C5F94A3C1E4C71BE050655BCAA6CEA4FA89 ft=1 fh=3bb05daa335fee6d vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\User\AppData\Local\Temp\HYDC284.tmp.1448774335\HTA\3rdparty\OCSetupHlp.dll"
sh=B147F7D44153FA8034DF292A673965438F5E2C9F ft=1 fh=2fc806f6b217b8c9 vn="a variant of Win32/InstallCore.ACL potentially unwanted application" ac=I fn="C:\Users\User\AppData\Local\Temp\ns6C7051C9\236AC3DC_stp\icmac.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Keygen.GU potentially unsafe application" ac=I fn="C:\Users\User\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7e0bb07e9f8d7b41b61bc5b37ecfad02
# end=init
# utc_time=2017-07-25 01:45:50
# local_time=2017-07-24 09:45:50 (-0400, SA Western Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 34165
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7e0bb07e9f8d7b41b61bc5b37ecfad02
# end=updated
# utc_time=2017-07-25 01:49:03
# local_time=2017-07-24 09:49:03 (-0400, SA Western Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7e0bb07e9f8d7b41b61bc5b37ecfad02
# engine=34165
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-07-25 02:47:57
# local_time=2017-07-24 10:47:57 (-0400, SA Western Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 96359630 122980871 0 0
# scanned=197172
# found=1
# cleaned=0
# scan_time=3533
sh=760F6CDFEE18848D7BCAA722DBDF2871FA2DAEB9 ft=1 fh=03880904db866991 vn="Win32/FusionCore.L potentially unwanted application" ac=I fn="C:\Users\User\AppData\Roaming\PowerISO\Upgrade\PowerISO6.exe"


#11 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:59 AM

Posted 25 July 2017 - 12:52 AM

Are you still getting the malware warning?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#12 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:10:59 PM

Posted 25 July 2017 - 01:32 AM

i'll do a scan and check. i did not bother to do and scans after we started cos i did not want to tamper with any progress



#13 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:59 AM

Posted 25 July 2017 - 01:51 AM

Please, do so and tell me the result.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#14 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:10:59 PM

Posted 25 July 2017 - 02:01 AM

nothing in MalwearBytes

 

nothing in microsoft security essentials 


Edited by keronkkumar, 25 July 2017 - 02:07 AM.


#15 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:59 AM

Posted 25 July 2017 - 04:42 AM

Please, monitor the PC for a day and if you do not see any issue, we can close the thread as solved.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users