Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/Virus Removal from external H.D.D


  • This topic is locked This topic is locked
21 replies to this topic

#1 Ahmad_GarGar_1997

Ahmad_GarGar_1997

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 07 April 2018 - 10:38 PM

Hello guys, im looking for some help regarding my external HDD.
To further clarify my exact problem :
I gave my external HDD to my friend, and after he returned it to me, i found all of the 752GB that ware saved in ware all random folders with strange symbols & alphabets in their names "Noting that this virus rapidly copy`s itself & takes allot of space when it does, but it didn`t affect my PC"
so i tried to remove them and delete all the files, But !, after i saved new files, i opened it again after 2 weeks, and the same problem occurred, random files with random names, i tried tha "Panda Vaccine Software" as i`ve reed in one of these forum topics, but do i need to do any further steps on cleaning-out my external HDD ? 
 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,364 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 08 April 2018 - 07:24 PM

Greetings Ahmad_GarGar_1997 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this with the external drive removed.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • If your computer is other than English right click on the FRST icon and rename it to FRSTenglish or FRST64english depending on your operating system
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 09 April 2018 - 05:46 AM

First of all, i would like to thank you allot for your attention & intention, To find such people is something indescribable, and ill be sure to check up on my replies & comments to make sure you get the information you need as soon as possible  :), And the 1st log will be in the next reply window, The 2nd "Additional" will be in the one after. 



This is a second reply after running the application & completing the scan, i`ve tried to rename the application twice and restarted the scan so make sure that the logs are in english, but the additional one showed some arabic language because of the system`s original language, if you encounter any problem with it, ill make sure to either translate them or figure out the appropriate thing to do & solve this issue.


Edited by Ahmad_GarGar_1997, 09 April 2018 - 05:57 AM.


#4 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 09 April 2018 - 05:58 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by Administrator (administrator) on AHMAD-GARGAR (09-04-2018 12:52:41)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: الإنجليزية (الولايات المتحدة)‏
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Speedbit Ltd.) C:\Program Files\DAP\DAP.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
() C:\Program Files\ByteFence\rsLggr.exe
(Farbar) C:\Users\Administrator\Desktop\FRST64english.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [DriverPack Notifier] => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe [258560 2015-12-18] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-23] (AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [16463360 2017-03-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1070592 2017-03-23] (Realtek Semiconductor)
HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1846384 2017-06-19] (Smadsoft)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [4242064 2018-02-27] (Speedbit Ltd.)
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01B5F5EC-D8D9-4CF1-A810-ADB10D9643B7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5C208CD5-8AB9-45B4-912A-D2A3EC4B7AE1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5C208CD5-8AB9-45B4-912A-D2A3EC4B7AE1}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2859316622-606813031-2605072976-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-19] (AVAST Software)
BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2018-02-27] (Speedbit Ltd.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: sh4z05w0.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sh4z05w0.default [2018-04-09]
FF Extension: (Web Secure) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sh4z05w0.default\Extensions\{b6d09408-a35e-11e7-bc48-f3e9438e081e}.xpi [2018-03-14]
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: (DAP Link Checker) - C:\Program Files\DAP\daplinkchecker [2018-02-27] [Legacy] [not signed]
FF HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: (Download Accelerator Plus (DAP) extension) - C:\Program Files\DAP\DAPFireFox [2018-02-27] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll [2018-03-13] (Nexon)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://sport.eanswers.com/go/?category=web&s=szds&vert=sporttv&q={searchTerms}
CHR DefaultSearchKeyword: Default -> sportsZone
CHR DefaultSuggestURL: Default -> hxxp://sug.eanswers.com/search/index_sg.php?q={searchTerms}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2018-04-09]
CHR Extension: (Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-21]
CHR Extension: (Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-23]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-23]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-23]
CHR Extension: (Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-21]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2018-02-27]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-23]
CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-13]
CHR Extension: (sportsZone Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio [2018-04-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2018-02-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5906816 2017-12-23] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-23] (AVAST Software)
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [156640 2017-10-03] (Byte Technologies LLC)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [7986848 2018-03-15] (INCA Internet Co., Ltd.)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2018-01-28] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220760 2016-09-20] (Synaptics Incorporated)
S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [158224 2017-12-23] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255584 2017-12-23] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157376 2017-12-23] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276696 2017-12-23] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50344 2017-12-23] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [118144 2017-12-23] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42824 2017-12-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [123880 2018-01-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99528 2017-12-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70832 2017-12-23] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783104 2017-12-23] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [390256 2018-01-12] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [151328 2017-12-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [294680 2017-12-23] (AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3376128 2016-11-27] (Qualcomm Atheros Communications, Inc.)
S3 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2017-11-16] (Bluestack System Inc. )
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [503048 2015-05-29] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27376 2015-05-29] (Intel Corporation)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [28656 2013-05-22] (Synaptics Incorporated)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-09 12:50 - 2018-04-09 12:52 - 000014035 _____ C:\Users\Administrator\Desktop\FRST.txt
2018-04-09 12:34 - 2018-04-09 12:52 - 000000000 ____D C:\FRST
2018-04-09 12:33 - 2018-04-09 12:33 - 001764352 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64english.exe
2018-04-09 12:24 - 2018-04-09 12:24 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-04-08 05:54 - 2018-02-13 20:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-08 05:54 - 2018-02-13 20:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-08 05:54 - 2018-02-13 16:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-08 05:54 - 2018-02-13 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-08 05:54 - 2018-02-13 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-08 05:54 - 2018-02-13 16:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-08 05:54 - 2018-02-13 16:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-08 05:54 - 2018-02-13 16:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-08 05:54 - 2018-02-13 16:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-08 05:54 - 2018-02-13 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-08 05:11 - 2018-04-08 05:11 - 000000000 ____D C:\ProgramData\Panda Security
2018-04-08 05:11 - 2018-04-08 05:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2018-04-08 05:11 - 2018-04-08 05:11 - 000000000 ____D C:\Program Files\Panda USB Vaccine
2018-04-08 05:10 - 2018-04-08 05:11 - 000848856 _____ (Panda Security ) C:\Users\Administrator\Downloads\USBVaccineSetup.exe
2018-04-06 16:13 - 2018-04-06 16:13 - 000159880 _____ C:\Users\Administrator\Downloads\Autonomic_Drugs_Flash_Cards.pdf
2018-04-02 12:26 - 2018-04-02 12:26 - 000004096 ____H C:\Users\Administrator\AppData\Local\keyfile3.drm
2018-03-30 22:59 - 2018-03-30 22:59 - 000000000 ____D C:\Program Files\Common Files\Steam
2018-03-30 22:58 - 2018-03-30 22:58 - 001446792 _____ C:\Users\Administrator\Downloads\SteamSetup.exe
2018-03-28 18:17 - 2018-03-15 13:38 - 007986848 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des
2018-03-28 18:16 - 2018-03-28 18:16 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
2018-03-16 20:04 - 2018-04-03 23:28 - 000000000 ____D C:\Users\Administrator\Desktop\Word Documents
2018-03-13 23:09 - 2018-03-13 23:09 - 000001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-03-13 23:09 - 2018-03-13 23:09 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2018-03-13 23:09 - 2018-03-13 23:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Opera Software
2018-03-13 23:06 - 2018-04-03 20:45 - 000000000 ____D C:\Program Files\Opera
2018-03-13 23:05 - 2018-03-13 23:06 - 001407808 _____ (Opera Software) C:\Users\Administrator\Downloads\OperaSetup.exe
2018-03-13 22:33 - 2018-03-13 22:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2018-03-11 00:16 - 2018-03-13 22:00 - 000000000 ____D C:\ProgramData\Nexon
2018-03-11 00:16 - 2018-03-11 00:16 - 000000000 ____D C:\ProgramData\NexonEU
2018-03-11 00:10 - 2018-03-11 00:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Nexon
2018-03-11 00:09 - 2018-03-11 00:09 - 000000016 _____ C:\ProgramData\mntemp
2018-03-10 23:57 - 2018-03-10 23:57 - 000001625 _____ C:\Users\Public\Desktop\CombatArms.lnk
2018-03-10 23:57 - 2018-03-10 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VALOFEEU
2018-03-10 23:49 - 2018-03-10 23:49 - 000000000 ____D C:\VALOFEEU
2018-03-10 23:46 - 2018-03-10 23:57 - 000000000 ____D C:\Combat Arms
2018-03-10 19:38 - 2018-03-16 19:10 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-10 19:38 - 2018-03-10 19:38 - 000000000 ____D C:\Program Files\Adobe
2018-03-10 18:34 - 2018-03-10 18:34 - 000000000 ____D C:\ProgramData\VALOFEEU
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-09 12:36 - 2017-11-23 13:52 - 000000000 ____D C:\Program Files\ByteFence
2018-04-09 12:31 - 2009-07-14 06:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-09 12:31 - 2009-07-14 06:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-09 12:23 - 2018-02-27 09:10 - 000000000 ____D C:\ProgramData\TEMP
2018-04-09 12:23 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-08 06:18 - 2017-06-19 14:00 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-08 06:17 - 2017-04-07 19:29 - 000690598 _____ C:\Windows\system32\perfh00C.dat
2018-04-08 06:17 - 2017-04-07 19:29 - 000478988 _____ C:\Windows\system32\perfh001.dat
2018-04-08 06:17 - 2017-04-07 19:29 - 000130234 _____ C:\Windows\system32\perfc00C.dat
2018-04-08 06:17 - 2017-04-07 19:29 - 000094774 _____ C:\Windows\system32\perfc001.dat
2018-04-08 06:17 - 2010-11-20 23:01 - 002130048 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-08 06:17 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-04-08 06:16 - 2017-06-13 23:07 - 000000000 ____D C:\Windows\system32\MRT
2018-04-08 05:56 - 2017-11-17 13:36 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-08 05:55 - 2017-06-13 23:07 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-07 21:03 - 2018-01-19 11:59 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-04-07 13:53 - 2018-02-27 18:23 - 000000000 ____D C:\Left4_Dead2
2018-04-07 11:24 - 2016-11-13 11:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-02 19:05 - 2018-01-18 19:57 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2018-03-25 11:01 - 2018-01-19 19:47 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Games
2018-03-21 23:32 - 2017-06-08 17:53 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-18 21:50 - 2009-07-14 06:53 - 000032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-13 22:33 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF
2018-03-13 19:46 - 2016-11-13 11:48 - 000000000 __SHD C:\[Smad-Cage]
2018-03-12 22:01 - 2018-02-16 14:36 - 000000000 _____ C:\Windows\system32\last.dump
2018-03-12 12:33 - 2018-01-25 08:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2018-03-10 19:38 - 2016-11-13 11:52 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-03-10 19:38 - 2016-11-13 11:51 - 000000000 ____D C:\ProgramData\Adobe
2018-03-10 17:22 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2018-03-10 00:12 - 2018-03-09 23:38 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\CDNet_Downloader
 
==================== Files in the root of some directories =======
 
2018-04-02 12:26 - 2018-04-02 12:26 - 000004096 ____H () C:\Users\Administrator\AppData\Local\keyfile3.drm
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-10 17:13
 
==================== End of FRST.txt ============================


#5 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 09 April 2018 - 06:00 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Administrator (09-04-2018 12:53:12)
Running from C:\Users\Administrator\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2016-11-09 12:03:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2859316622-606813031-2605072976-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2859316622-606813031-2605072976-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
BlueStacks 3 (HKLM\...\BlueStacks) (Version: 3.50.66.2547 - BlueStack Systems, Inc.)
ByteFence Anti-Malware (HKLM\...\ByteFence) (Version: 3.16.0.1 - Byte Technologies LLC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
CombatArms (HKLM\...\CombatArms) (Version:  - )
Common (HKLM\...\{C6017EEA-9E51-4129-84BA-EFA9520E69D8}) (Version: 14.0.0.342 - Corel Corporation) Hidden
Contents (HKLM\...\{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}) (Version: 14.0.0.342 - Corel Corporation) Hidden
DeviceIO (HKLM\...\{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}) (Version: 14.0.0.342 - Corel Corporation) Hidden
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.)
DriverPack Notifier (HKLM\...\DriverPack Notifier) (Version: 2.2.12 - DriverPack Solution)
Facebook Gameroom 1.4.1.0 (HKLM\...\{BF83FC65-8072-4850-A4CE-969A5F3570DA}) (Version: 1.4.1.0 - Facebook)
FM PDF To Word Converter Pro 3.05 (HKLM\...\FM PDF To Word Converter Pro_is1) (Version: 3.05 - )
FormatFactory 4.1.0.0 (HKLM\...\FormatFactory) (Version: 4.1.0.0 - Free Time)
Free PDF To Word Converter 2.25 (HKLM\...\Free PDF To Word Converter_is1) (Version: 2.25 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
ICA (HKLM\...\{AA902C31-B49D-4608-BCCF-2519EB77722D}) (Version: 14.0.0.342 - Corel Corporation) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IPM_VS_Pro (HKLM\...\{A567895C-1D23-48ED-BE83-FB3ED7D30442}) (Version: 13.0 - Corel Corporation) Hidden
ISCOM (HKLM\...\{D68897FC-7E8D-4849-819A-726B2489713C}) (Version: 14.0.0.342 - Corel Corporation) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 60.0 (x86 en-US) (HKLM\...\Mozilla Firefox 60.0 (x86 en-US)) (Version: 60.0 - Mozilla)
Nexon Launcher (HKLM\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Opera Stable 52.0.2871.40 (HKLM\...\Opera 52.0.2871.40) (Version: 52.0.2871.40 - Opera Software)
Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PicosmosTools 1.13.0.0 (HKLM\...\PicosmosTools) (Version: 1.13.0.0 - Free Time)
PureHD (HKLM\...\{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}) (Version: 14.0.0.342 - Corel Corporation) Hidden
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8098 - Realtek Semiconductor Corp.)
Setup (HKLM\...\{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}) (Version: 14.0.0.342 - Corel Corporation) Hidden
Share (HKLM\...\{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}) (Version: 14.0.0.342 - Corel Corporation) Hidden
SHAREit (HKLM\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
SMADAV version 11.2 (HKLM\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.2 - Smadsoft)
SmartSound Common Data (HKLM\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (HKLM\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.5.25 - Synaptics Incorporated)
TOSHIBA Wireless LAN Indicator (HKLM\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
VIO (HKLM\...\{C4778408-3268-45CE-AE15-772D1739A1F1}) (Version: 14.0.0.342 - Corel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VSClassic (HKLM\...\{3990E632-42C3-4A25-ADFF-1101E3D6DD47}) (Version: 14.0.0.342 - Corel Corporation) Hidden
VSPro (HKLM\...\{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}) (Version: 14.0.0.342 - Corel Corporation) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement 6(Build 6.3.3) (HKLM\...\{FA1FD35F-E04A-4348-83C6-55FCF8D52C15}_is1) (Version: 6.3.3.2782 - Wondershare Software Co.,Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [Ulead UDF Driver] -> {DBD8E168-244D-448C-9922-25508950D1DC} => c:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll [2011-01-05] (Ulead Systems, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Smadav\SmadExtc.dll [2017-06-08] (Smadsoft)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Smadav\SmadExtc.dll [2017-06-08] (Smadsoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F81F6A9-A2C8-4D3A-B606-864892AE4C64} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2017-06-19] (Smadsoft)
Task: {1B7C74E9-0BC0-4F5C-BA9F-7D8B4A2984E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-06-08] (Google Inc.)
Task: {4508F21A-997D-4A41-BAE8-437280E8F877} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {4A728DD0-7077-4142-853D-58FED86D098B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-06-08] (Google Inc.)
Task: {587668EC-AB45-4EFB-A8A4-B7277DEAED97} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-10-03] (Byte Technologies LLC) <==== ATTENTION
Task: {5CC51472-85B3-4903-B0E4-C2DFE7076ECD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-02-11] (AVAST Software)
Task: {64D9321D-BC6D-4F9B-9858-87D478EEE781} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {6E971411-348F-4373-9771-0B68AB481EC9} - System32\Tasks\Opera scheduled Autoupdate 1491481056 => C:\Users\pc12\AppData\Local\Programs\Opera\launcher.exe
Task: {7B319A99-1421-4061-994A-CFE258F1714B} - System32\Tasks\{718CB890-0F6C-489E-9C3A-A6F143AC732C} => C:\Windows\system32\pcalua.exe -a "C:\Users\pc12\Downloads\FacebookGameroom (2).exe" -d C:\Users\pc12\Downloads
Task: {7C2783B6-21F1-4421-87C2-827B306A5936} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-23] (AVAST Software)
Task: {86AEFF15-8035-4B2B-944A-06FAA3B245AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {8F345FE2-920A-4683-B1AF-3DCC36A8A780} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {986C5B16-896F-4364-AEFF-F111089ECACB} - System32\Tasks\DriverPack Notifier => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe [2015-12-18] ()
Task: {E399A352-BD3D-4448-8E7A-DA127736A7F8} - System32\Tasks\{965762EB-233B-488F-AFC7-FF2B1C323F44} => C:\Windows\system32\pcalua.exe -a C:\Users\pc12\Downloads\FacebookGameroom.exe -d C:\Users\pc12\Downloads
Task: {E977C6C1-78B3-4E39-B5B7-426F074E267C} - System32\Tasks\Opera scheduled Autoupdate 1520975375 => C:\Program Files\Opera\launcher.exe [2018-03-28] (Opera Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-23 16:58 - 2017-12-23 16:58 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-23 16:58 - 2017-12-23 16:58 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-23 16:58 - 2017-12-23 16:58 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-23 16:58 - 2017-12-23 16:58 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-23 16:58 - 2017-12-23 16:58 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-04-07 17:22 - 2018-04-07 17:22 - 005815952 _____ () C:\Program Files\AVAST Software\Avast\defs\18040700\algo.dll
2017-12-23 16:58 - 2017-12-23 16:58 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-23 16:58 - 2017-12-23 16:58 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2017-12-23 16:58 - 2017-12-23 16:58 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-09 12:29 - 2018-04-09 12:29 - 005815952 _____ () C:\Program Files\AVAST Software\Avast\defs\18040900\algo.dll
2018-01-28 21:41 - 2018-01-28 21:42 - 000302920 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2018-01-28 21:41 - 2018-01-28 21:42 - 000620872 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2017-08-20 01:08 - 2017-08-20 01:08 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-23 16:58 - 2017-12-23 16:58 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-03-31 13:50 - 2015-05-26 19:50 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2017-11-19 19:34 - 2016-10-08 16:48 - 001506304 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-11-19 19:34 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2018-02-27 09:11 - 2018-02-27 09:11 - 000011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2018-02-27 09:11 - 2018-02-27 09:11 - 000010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2018-02-27 09:11 - 2018-02-27 09:11 - 000012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2018-02-27 09:11 - 2018-02-27 09:11 - 000012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2018-02-27 09:11 - 2018-02-27 09:11 - 000010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2017-12-23 16:58 - 2017-12-23 16:58 - 000196816 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2018-03-21 23:32 - 2018-03-20 08:07 - 003737944 _____ () C:\Program Files\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-21 23:32 - 2018-03-20 08:07 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\65.0.3325.181\libegl.dll
2017-03-07 20:18 - 2017-03-07 20:18 - 000582936 _____ () C:\Program Files\ByteFence\rsLggr.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2018-04-09 12:23 - 000002103 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2859316622-606813031-2605072976-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3A5938F5-23A2-42A3-A40A-0762575AC646}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F74B7066-8B6A-4233-AB3D-FF9EB7CBC0A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{24C702B5-CFED-4E6C-A7DF-1EE3DC67C56E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B8EB3239-708F-4135-A11B-56C440E079AA}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe
FirewallRules: [{1F8F474C-5D08-4547-ACD8-D86B9B39B616}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{12D468D9-3D62-459E-AE76-7E5EA567FBA9}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{4B14D3DC-BE46-47C4-B191-83CC9B754D06}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{BE50CC56-F420-4F47-8F44-C51B31593078}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{6D8A30A4-9591-40F2-A362-1D7A58B1AB16}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{09A90CD4-872A-4460-807D-7ADD3F0AC39A}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{3FCB0C16-3C92-4208-9FD2-A6618EAD99C0}] => (Allow) C:\Users\pc12\AppData\Local\Programs\Opera\49.0.2725.64\opera.exe
FirewallRules: [TCP Query User{6648FBC8-4141-433B-9BA7-40F6EAB28DA0}I:\all desktop stuff\pc gamer\counter strike 1.6 update\hl.exe] => (Allow) I:\all desktop stuff\pc gamer\counter strike 1.6 update\hl.exe
FirewallRules: [UDP Query User{B204A860-7AD7-47D6-8695-0BB22BCA9376}I:\all desktop stuff\pc gamer\counter strike 1.6 update\hl.exe] => (Allow) I:\all desktop stuff\pc gamer\counter strike 1.6 update\hl.exe
FirewallRules: [{10383976-4E9F-45A8-927A-19482224C759}] => (Allow) C:\Users\pc12\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{4557E8A4-FB49-4516-A5FD-875358EB3C53}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{FE53403F-0B42-471B-8962-6C3377DFF9A1}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{3AA176CC-FDDE-494A-B36D-BA5AB2411168}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{6F6A2D65-113A-4E7F-B96D-DF0B2D0651CF}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{7BB1999B-3307-4383-B36B-B0505B262C6A}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [TCP Query User{8A6ADDFD-3D18-45E8-99CD-E2B64D829D91}C:\left4_dead2\left4dead2.exe] => (Allow) C:\left4_dead2\left4dead2.exe
FirewallRules: [UDP Query User{46749A75-AA85-4838-9729-6777810C456D}C:\left4_dead2\left4dead2.exe] => (Allow) C:\left4_dead2\left4dead2.exe
FirewallRules: [TCP Query User{78529332-F3A8-4737-BB99-3F5334B0D2FD}C:\left4_dead2\left4dead2.exe] => (Allow) C:\left4_dead2\left4dead2.exe
FirewallRules: [UDP Query User{0D81C2AD-C162-429B-B475-17EC894C568F}C:\left4_dead2\left4dead2.exe] => (Allow) C:\left4_dead2\left4dead2.exe
FirewallRules: [{EB9BED4E-C315-4001-94E1-DF8C1AE91973}] => (Allow) C:\ProgramData\VALOFEEU\NGM\NGM.exe
FirewallRules: [{70E10A1F-9FBF-4053-8645-4F8CE25E86C3}] => (Allow) C:\ProgramData\VALOFEEU\NGM\NGM.exe
FirewallRules: [{89256706-FED8-4894-8520-CBADE46715A1}] => (Allow) C:\VALOFEEU\CombatArms\NMService.exe
FirewallRules: [{D0121A42-30E1-4817-88E9-EF2B04F217B3}] => (Allow) C:\VALOFEEU\CombatArms\NMService.exe
FirewallRules: [TCP Query User{C8F4CE90-6817-46CE-A303-15D97E470F96}C:\valofeeu\combatarms\engine.exe] => (Allow) C:\valofeeu\combatarms\engine.exe
FirewallRules: [UDP Query User{659592AA-C8C0-438D-ABE7-088673457DBC}C:\valofeeu\combatarms\engine.exe] => (Allow) C:\valofeeu\combatarms\engine.exe
FirewallRules: [{A873A7F3-C203-4B1C-9879-9BE3470BE699}] => (Allow) C:\Program Files\Opera\51.0.2830.55\opera.exe
FirewallRules: [{C93959CA-CE9D-41AC-8873-E1AC4F419172}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{08C0B49A-2557-4B95-958D-10D9EF989870}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{21364E15-0E0B-4337-85E1-E60977AFE18F}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{E56328F1-BFB4-474A-A5FF-B13F63791248}] => (Allow) C:\Program Files\Opera\52.0.2871.40\opera.exe
 
==================== Restore Points =========================
 
08-04-2018 05:54:32 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2018 12:37:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏توقف البرنامج FRST.exe الإصدار 14.3.2018.0 عن التفاعل مع Windows وتم إغلاقه. لمعرفة ما إذا كان يتوفر مزيد من المعلومات حول المشكلة، قم بالاطلاع على محفوظات المشكلة في "مركز الصيانة" من لوحة التحكم.
 
معرّف العملية: da4
 
وقت بدء التشغيل: 01d3cfee7740812e
 
وقت الإنهاء: 10
 
مسار التطبيق: C:\Users\Administrator\Desktop\FRST.exe
 
معرف التقرير: f1a733dd-3be1-11e8-a302-dc0ea13d399c
 
Error: (04/09/2018 12:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏اسم ‏‏التطبيق الذي يحتوي على أخطاء: ByteFence.exe، الإصدار: 3.16.0.0، الطابع الزمني: 0x59d3543e
اسم الوحدة النمطية التي تحتوي على أخطاء: ntdll.dll، الإصدار: 6.1.7601.24024، الطابع الزمني: 0x5a58e21a
رمز الاستثناء: 0xc0000374
إزاحة الخطأ: 0x000c3b93
معرّف العملية التي تحتوي على خطأ: 0x1550
وقت بدء تشغيل التطبيق الذي يحتوي على خطأ: 0x01d3cfee4b16beea
مسار التطبيق الذي يحتوي على خطأ: C:\Program Files\ByteFence\ByteFence.exe
 مسار الوحدة النمطية التي تحتوي على خطأ: C:\Windows\SYSTEM32\ntdll.dll
معرف التقرير: d99a5291-3be1-11e8-a302-dc0ea13d399c
 
Error: (04/09/2018 12:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏اسم ‏‏التطبيق الذي يحتوي على أخطاء: ByteFence.exe، الإصدار: 3.16.0.0، الطابع الزمني: 0x59d3543e
اسم الوحدة النمطية التي تحتوي على أخطاء: ntdll.dll، الإصدار: 6.1.7601.24024، الطابع الزمني: 0x5a58e21a
رمز الاستثناء: 0xc0000374
إزاحة الخطأ: 0x000c3b93
معرّف العملية التي تحتوي على خطأ: 0xd7c
وقت بدء تشغيل التطبيق الذي يحتوي على خطأ: 0x01d3cfecdff071c9
مسار التطبيق الذي يحتوي على خطأ: C:\Program Files\ByteFence\ByteFence.exe
 مسار الوحدة النمطية التي تحتوي على خطأ: C:\Windows\SYSTEM32\ntdll.dll
معرف التقرير: 78d24883-3be1-11e8-a302-dc0ea13d399c
 
Error: (04/09/2018 12:24:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/08/2018 02:35:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/08/2018 01:38:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/08/2018 06:20:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/08/2018 03:25:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (04/07/2018 11:17:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏لم يتم تسجيل الخادم {995C996E-D918-4A8C-A302-45719A6F4EA7} مع DCOM خلال المهلة المطلوبة.
 
Error: (04/07/2018 05:41:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏لم يتم تسجيل الخادم {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} مع DCOM خلال المهلة المطلوبة.
 
Error: (04/05/2018 03:41:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏لم يتم تسجيل الخادم {995C996E-D918-4A8C-A302-45719A6F4EA7} مع DCOM خلال المهلة المطلوبة.
 
Error: (04/05/2018 01:20:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏لم يتم تسجيل الخادم {995C996E-D918-4A8C-A302-45719A6F4EA7} مع DCOM خلال المهلة المطلوبة.
 
Error: (04/05/2018 10:46:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏لم يتم تسجيل الخادم {995C996E-D918-4A8C-A302-45719A6F4EA7} مع DCOM خلال المهلة المطلوبة.
 
Error: (04/03/2018 11:14:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏لم يتم تسجيل الخادم {995C996E-D918-4A8C-A302-45719A6F4EA7} مع DCOM خلال المهلة المطلوبة.
 
Error: (04/03/2018 08:58:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏لم يتم تسجيل الخادم {F9717507-6651-4EDB-BFF7-AE615179BCCF} مع DCOM خلال المهلة المطلوبة.
 
Error: (04/03/2018 03:44:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏لم يتم تسجيل الخادم {995C996E-D918-4A8C-A302-45719A6F4EA7} مع DCOM خلال المهلة المطلوبة.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 3237.76 MB
Available physical RAM: 1689.41 MB
Total Virtual: 6473.86 MB
Available Virtual: 4876.14 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:99.15 GB) (Free:47.03 GB) NTFS
Drive d: (My Files) (Fixed) (Total:48.99 GB) (Free:30.55 GB) NTFS
Drive e: (Movies & Series) (Fixed) (Total:128 GB) (Free:114.74 GB) NTFS
Drive f: (Medicine) (Fixed) (Total:177.05 GB) (Free:144.88 GB) NTFS
Drive g: () (Fixed) (Total:12.47 GB) (Free:12.36 GB) NTFS
 
\\?\Volume{456f3ec7-a6c7-11e6-a04d-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0560334D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=354 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,364 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 09 April 2018 - 12:49 PM

Greetings.

Renaming FRST helps but doesn't translate everything. Thanks for your offer to help out if needed.

I want to make sure your computer is in good shape before addressing the external drives.

Did you intentionally set these restrictions?
 

HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe


Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

You should only have one antivirus program on your computer so I would like you to uninstall the programs listed below.
  • Please download and install Revo Uninstaller Free
  • Right click Revo Uninstaller and select Run as administrator
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
ByteFence Anti-Malware
SMADAV version 11.2
  • Click Yes to any warning screen that may appear
  • If presented with the program uninstall option click Uninstall
  • If asked to restart now click No
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click Select All, Delete, then Yes
  • If prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
FF Extension: (Web Secure) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sh4z05w0.default\Extensions\{b6d09408-a35e-11e7-bc48-f3e9438e081e}.xpi [2018-03-14]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2018-03-11 00:09 - 2018-03-11 00:09 - 000000016 _____ C:\ProgramData\mntemp
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs uninstall?
  • AdwCleaner log
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 09 April 2018 - 07:46 PM

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 10 00:32:43 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 7 Ultimate (X86)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\Speedbit
Deleted: C:\ProgramData\Application Data\Speedbit
Deleted: C:\Users\Administrator\AppData\LocalLow\Speedbit
Deleted: C:\Users\Administrator\AppData\Roaming\Speedbit
Deleted: C:\Users\All Users\Speedbit
Deleted: C:\Program Files\DriverPack Notifier
 
 
***** [ Files ] *****
 
Deleted: C:\END
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: DriverPack Notifier
 
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\SpeedBit
Deleted: [Key] - HKU\S-1-5-21-2859316622-606813031-2605072976-500\Software\SpeedBit
Deleted: [Key] - HKCU\Software\SpeedBit
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence
Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverPack Notifier
Deleted: [Key] - HKLM\SOFTWARE\drpsu
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [2879 B] - [2018/4/10 0:30:41]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Administrator (10-04-2018 02:37:24) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FF Extension: (Web Secure) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sh4z05w0.default\Extensions\{b6d09408-a35e-11e7-bc48-f3e9438e081e}.xpi [2018-03-14]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2018-03-11 00:09 - 2018-03-11 00:09 - 000000016 _____ C:\ProgramData\mntemp
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sh4z05w0.default\Extensions\{b6d09408-a35e-11e7-bc48-f3e9438e081e}.xpi => moved successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully.
VGPU => service removed successfully.
"HKLM\System\CurrentControlSet\Services\xhunter1" => removed successfully.
xhunter1 => service removed successfully.
C:\ProgramData\mntemp => moved successfully
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53753113 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 17862382 B
Edge => 0 B
Chrome => 378807786 B
Firefox => 40187796 B
Opera => 12973684 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 31645392 B
LocalService => 66228 B
NetworkService => 66228 B
Administrator => 22829393 B
 
RecycleBin => 1187136159 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 02:39:26 ====


#8 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 09 April 2018 - 07:51 PM

Thank you for the attention you have given to this issue, and your precious effort and work that you put in all of this ..
In the previous reply you`ll find all the logs that you`ve requested in order, And i`ve uninstalled the software as you asked me to do in the order it was given in :)


Edited by Ahmad_GarGar_1997, 09 April 2018 - 07:52 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,364 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 09 April 2018 - 07:52 PM

Excellent.

Can you tell me if you set the restrictions I asked about in my previous post?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 09 April 2018 - 07:56 PM

Oh i apologize i forgot to answer, i didnt set these restrictions intentionally 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,364 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 09 April 2018 - 08:13 PM

Thank you.

Please do these things now.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes Anti-Malware Including External Drive Option

----------
  • If Malwarebytes is already installed launch the program, update the database if necessary, attached any external drives you want to scan, and go directly to the Scan instructions below
  • If Malwarebytes is not installed download Malwarebytes Anti-Malware and save it to your desktop
  • Right click the desktop icon and select Run as administrator
  • Click OK for English, then click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Hold down the Shift key then attach any external drives you want to scan
  • Click the Scan button near the top
  • Select Custom Scan then click Configure Scan
  • Place a check mark in Scan for rootkits, Scan Startup and Registry Settings, the C: drive, and any additional drives you would like to scan
  • Click Scan now
  • Note: If Malwarebytes will not launch stop and let me know
  • When completed review the Scan Results list and uncheck any items you want to keep (if there are identified items)
  • Click Quarantine threats
  • If requested restart your computer
  • Relaunch Malwarebytes
  • Click the Reports tab
  • Place a check mark in the most recent Scan Report then click View Report
  • Click Export, then select Text File (/txt)
  • Save the file on your Desktop as MBAM.txt
  • Copy and paste the contents of the report in your reply
===================================================

ESET Online Scanner Including External Drive Option

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Allow the downloading of components
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK
  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • MBAM report
  • ESET report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 09 April 2018 - 08:17 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Administrator (10-04-2018 03:16:47) Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-2859316622-606813031-2605072976-500\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
 
*****************
 
"HKU\S-1-5-21-2859316622-606813031-2605072976-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1" => removed successfully.
"HKU\S-1-5-21-2859316622-606813031-2605072976-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\2" => removed successfully.
"HKU\S-1-5-21-2859316622-606813031-2605072976-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\3" => removed successfully.
 
==== End of Fixlog 03:16:47 ====


#13 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 10 April 2018 - 02:58 AM

i`ve only completed the first step with the first log, now my laptop is currently scanning through malwarebytes software, and im not going to be able to reply within the next 9 hours because i have an upcoming mid-year assessment exam in about 6 hours, and when i get home later tonight ill make sure to complete the remaining steps and send you the next replies with more log information.


Edited by Ahmad_GarGar_1997, 10 April 2018 - 04:23 AM.


#14 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 10 April 2018 - 04:18 AM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/10/18
Scan Time: 3:33 AM
Log File: 393ed30c-3c5f-11e8-8e5e-dc0ea13d399c.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4672
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: AHMAD-GARGAR\Administrator
 
-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 203852
Threats Detected: 39
Threats Quarantined: 39
Time Elapsed: 6 hr, 38 min, 32 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 9
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\js\official, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\_metadata, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\vertical, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\images, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGOECILMGKGGMOJCBHIBNFJADHKPFJIO, Quarantined, [14760], [443078],1.0.4672
 
File: 30
PUP.Optional.PlayMediaCenter.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGOECILMGKGGMOJCBHIBNFJADHKPFJIO\1.0.1_0\MANIFEST.JSON, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts\material-icons.css, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts\MaterialIcons-Regular.eot, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts\MaterialIcons-Regular.ijmap, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts\MaterialIcons-Regular.svg, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts\MaterialIcons-Regular.ttf, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts\MaterialIcons-Regular.woff, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts\MaterialIcons-Regular.woff2, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts\RobotoCondensed-Light.ttf, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\fonts\RobotoCondensed-Regular.ttf, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\css\style.css, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\images\icon128.png, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\images\icon16.png, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\images\icon38.png, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\js\official\bootstrap.min.js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\js\official\jquery.min.js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\js\official\material.min.js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\js\official\onesignal.js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\js\base.js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\js\init.js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\js\main.js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\vertical\440x280.jpg, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\vertical\init.js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\vertical\pop.js, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\_metadata\verified_contents.json, Quarantined, [14760], [443078],1.0.4672
PUP.Optional.PlayMediaCenter.Generic, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoecilmgkggmojcbhibnfjadhkpfjio\1.0.1_0\popup.html, Quarantined, [14760], [443078],1.0.4672
Ransom.GandCrab, C:\USERS\ADMINISTRATOR\DOWNLOADS\UNCONFIRMED 586570.CRDOWNLOAD, Quarantined, [8627], [498196],1.0.4672
HackTool.WpaKill, C:\WINDOWS\SETUP\SCRIPTS\FAXCOOL.EXE, Quarantined, [8521], [75683],1.0.4672
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#15 Ahmad_GarGar_1997

Ahmad_GarGar_1997
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 11 April 2018 - 08:59 AM

C:\_Oceanofgames.com_Left4_Dead2.zip VBS/CoinMiner.HV trojan deleted
C:\Left4_Dead2\bin\steamclient.dll Win32/GameHack.ANE potentially unsafe application cleaned by deleting (after the next restart)
C:\Users\Administrator\Downloads\FFSetup4.1.0.0.exe Win32/FusionCore.L potentially unwanted application cleaned by deleting
D:\_Oceanofgames.com_Left4_Dead2.zip VBS/CoinMiner.HV trojan deleted
D:\Applications\Video Slide.apk a variant of Android/Spy.Agent.WX trojan deleted





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users