Jump to content

mashad

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mashad
    hye kevin , attach is a malware.txt file which was from the scan . I was not doing any windows update but was installing something from the internet. Anyways my laptop is running as per normal . malware.txt
  2. mashad
    Hye Kevin , thanks ,everything is back to normal i suppose , i have attach the file from the scan . Can i know if this was a trojan/virus/malware ? Thanks, also any extra steps you think i should do , please suggest . malware.txt fixlist.txt
  3. mashad
    hye guys , firstly can i know why this happen ? was it a virus or trojan or something ? i read some already some other pages and have run frst64. here is my log, should i continue to click fix ? Please help Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2017 Ran by SYSTEM on MININT-9BIPCN6 (21-10-2017 12:56:09) Running from g:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM-x32\...\Run: [ITSecMng] => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START HKLM-x32\...\Run: [TSleepSrv] => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe BootExecute: autocheck autochk /p \??\C:autocheck autochk * GroupPolicy: Restriction <==== ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-02] (Apple Inc.) S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-27] (AO Kaspersky Lab) S2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-08-16] (Ellora Assets Corp.) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-27] (AO Kaspersky Lab) S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-27] (AO Kaspersky Lab) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-20] (Malwarebytes) S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [417456 2017-08-22] () S2 SaferVPN.Service; C:\Program Files (x86)\SaferVPN\SaferVPN.Service.exe [2233704 2017-08-24] () S2 SageUBSBackupService; C:\Program Files (x86)\Common Files\Sage Software\BackupService\UBS.UBSService.exe [9216 2011-08-22] () S2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-05-21] (SoftEther VPN Project at University of Tsukuba, Japan.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [34416 2016-03-23] (AnvSoft Inc.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare) S0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-09] (AO Kaspersky Lab) S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-09] () S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd) S3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd) S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-01] (AO Kaspersky Lab) S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab) S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195288 2017-10-15] (AO Kaspersky Lab) S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [348376 2017-10-15] (AO Kaspersky Lab) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1038552 2017-10-15] (AO Kaspersky Lab) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2017-04-27] (AO Kaspersky Lab) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-18] (AO Kaspersky Lab) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-06] (Kaspersky Lab ZAO) S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) S3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-06] (The OpenVPN Project) S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab) S1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-04-27] (AO Kaspersky Lab) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199640 2017-07-25] (AO Kaspersky Lab) S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-12] () S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0050.sys [38432 2017-05-22] (SoftEther Corporation) S2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) S1 SaferVPNNetfilter2; C:\Windows\System32\drivers\SaferVPNNetfilter2.sys [79536 2017-08-01] (Windows (R) Win 7 DDK provider) S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2016-09-13] (The OpenVPN Project) S3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-21 12:31 - 2017-10-21 12:56 - 000000000 ____D C:\FRST 2017-10-20 18:44 - 2017-10-20 18:44 - 000000000 __SHD C:\found.000 2017-10-19 11:53 - 2017-10-19 11:53 - 000000723 _____ C:\Users\User\Desktop\New Text Document.txt 2017-10-19 04:03 - 2017-10-19 04:03 - 000000000 ____D C:\Users\User\AppData\Local\Meltytech 2017-10-19 02:05 - 2017-10-19 02:06 - 000000000 ____D C:\Program Files\Shotcut 2017-10-19 01:42 - 2017-10-19 01:47 - 193067608 _____ C:\Users\User\Downloads\shotcut-win64-171002(1).exe 2017-10-19 01:41 - 2017-10-19 01:41 - 000000367 _____ C:\Users\User\Downloads\shotcut-win64-171002.exe 2017-10-19 01:33 - 2017-10-19 01:33 - 010416099 _____ C:\Users\User\Desktop\Mashad Pino on Instagram “Mashmakanchat 0206 Its easy and tasty well almost nak tau cara ⬇️⬇️⬇️⬇️⬇️⬇️⬇️ Items 1Red onion sliced 2Big chili and chili padi…” • Instagram.mp4 2017-10-19 01:31 - 2017-10-19 01:31 - 008800447 _____ C:\Users\User\Desktop\Mashad Pino on Instagram “Mashmakanchat 0106 All Cameron Highlands produce well almost nak tau cara ⬇️⬇️⬇️⬇️⬇️⬇️⬇️ Items 1Organic baby carrots 2Spinach…” • Instagram.mp4 2017-10-19 01:26 - 2017-10-19 01:27 - 012899391 _____ C:\Users\User\Desktop\Mashad Pino on Instagram “Mashmakanchat 0306 NASI TOMATO ?Its easy and tasty well almost nak tau cara ⬇️⬇️⬇️⬇️⬇️⬇️⬇️ Items 1Red onion chip 2Garlic chop…” • Instagram.mp4 2017-10-19 01:21 - 2017-10-19 01:21 - 000002099 _____ C:\Users\Public\Desktop\Xilisoft HD Video Converter.lnk 2017-10-19 01:19 - 2017-10-19 01:19 - 008960493 _____ C:\Users\User\Desktop\Princess keys.mp4 2017-10-19 01:16 - 2017-10-19 01:16 - 003290324 _____ C:\Users\User\Desktop\Mashad Pino (@mashadpino) • Instagram photos and videos.mp4 2017-10-19 00:43 - 2017-10-19 00:43 - 000000548 _____ C:\Users\User\wallet 2017-10-19 00:40 - 2017-10-19 00:46 - 000000000 ____D C:\Users\User\AppData\Local\RippleAdminConsole 2017-10-19 00:39 - 2017-10-19 00:39 - 000000000 ____D C:\Program Files\Ripple Desktop Wallet 2017-10-19 00:24 - 2017-10-19 00:38 - 050948969 _____ (Rippex) C:\Users\User\Downloads\ripple-wallet-win64-1.4.1(1).exe 2017-10-19 00:19 - 2017-10-19 00:21 - 050948969 _____ (Rippex) C:\Users\User\Downloads\ripple-wallet-win64-1.4.1.exe 2017-10-18 09:56 - 2017-10-19 09:09 - 000002154 _____ C:\Users\User\Desktop\Bit degree BOUNTY.txt 2017-10-18 05:47 - 2017-10-18 05:48 - 052078337 _____ C:\Users\User\Desktop\Fire TV Or Android Box Which Should You Buy [HD, 1280x720].mp4 2017-10-17 09:49 - 2017-10-17 09:49 - 000025540 _____ C:\Users\User\Downloads\Hardcore.Henry.2015.BDRip.x264-DRONES English.zip 2017-10-17 09:46 - 2017-10-17 09:46 - 000025206 _____ C:\Users\User\Downloads\hardcorehenry2015720pblurayx264-ytsag-english-91303.zip 2017-10-17 07:00 - 2017-10-17 07:00 - 000065543 _____ C:\Users\User\Downloads\armageddon-1998-1080p-bluray-x264-belex-dual-audio-legenda-english-90758.zip 2017-10-16 07:41 - 2017-10-16 07:41 - 000038945 _____ C:\Users\User\Downloads\Sub-eng-Armageddon-1998-cd-1.zip 2017-10-16 07:32 - 2017-10-16 07:32 - 000069175 _____ C:\Users\User\Downloads\armageddon_HI_english-300627.zip 2017-10-16 07:29 - 2017-10-16 07:29 - 000063447 _____ C:\Users\User\Downloads\armageddon_english-244200.zip 2017-10-16 01:17 - 2017-10-16 01:17 - 000000000 ____D C:\Users\User\Downloads\StellarDesktopWin64-v3.0 2017-10-16 01:14 - 2017-10-16 01:17 - 061309258 _____ C:\Users\User\Downloads\StellarDesktopWin64-v3.0.zip 2017-10-16 00:55 - 2017-10-19 20:28 - 000003756 _____ C:\Windows\System32\Tasks\AutoKMS 2017-10-13 11:08 - 2017-10-13 11:08 - 000046045 _____ C:\Users\User\Downloads\kingsman-the-secret-service-english-yify-48131.zip 2017-10-13 11:08 - 2017-10-13 11:08 - 000000000 ____D C:\Users\User\Downloads\kingsman-the-secret-service-english-yify-48131 2017-10-13 05:07 - 2017-10-13 05:09 - 063679616 _____ (Lisk Foundation) C:\Users\User\Downloads\lisk-nano-win-1.1.0.exe 2017-10-11 16:30 - 2017-10-11 16:30 - 002690342 _____ C:\Users\User\Downloads\1b7d6b_a9eab92530a94bc0a09020a2cacbf266.pdf 2017-10-11 11:44 - 2017-10-11 11:44 - 000000000 ____D C:\Program Files (x86)\NordVPN 2017-10-11 11:38 - 2017-10-11 11:38 - 023649896 _____ (NordVPN) C:\Users\User\Downloads\NordVPNSetup(1).exe 2017-10-08 18:31 - 2017-10-12 05:05 - 000252232 _____ C:\Windows\System32\Drivers\mbamswissarmy.sys 2017-10-08 13:19 - 2017-10-08 13:19 - 000018052 _____ C:\Users\User\Downloads\War.For.The.Planet.Of.The.Apes.2017.720p.HDRip.KORSUB English.zip 2017-10-08 13:18 - 2017-10-08 13:18 - 000018079 _____ C:\Users\User\Downloads\war-for-the-planet-of-the-apes-2017-english-1164878.zip 2017-10-07 09:06 - 2017-10-11 16:35 - 000000000 ____D C:\Users\User\Desktop\summer 2017-10-06 08:00 - 2017-10-13 08:43 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software 2017-10-06 08:00 - 2017-10-06 08:43 - 000000000 ____D C:\Users\User\AppData\Roaming\NCH Software 2017-10-06 08:00 - 2017-10-06 08:43 - 000000000 ____D C:\ProgramData\NCH Software 2017-10-06 08:00 - 2017-10-06 08:43 - 000000000 ____D C:\Program Files (x86)\NCH Software 2017-10-06 08:00 - 2017-10-06 08:00 - 000727784 _____ (NCH Software) C:\Users\User\Downloads\rpsetup.exe 2017-10-06 08:00 - 2017-10-06 08:00 - 000000000 ____D C:\Users\User\AppData\Roaming\Recordpad 2017-10-01 10:03 - 2017-10-01 10:03 - 000014453 _____ C:\Users\User\Downloads\148043160.pdf 2017-09-30 07:38 - 2017-09-30 07:38 - 000034676 _____ C:\Users\User\Downloads\The.Finest.Hours.2016.720p.WEB-DL.H264.AC3-EVO English.zip 2017-09-29 22:25 - 2017-09-29 22:26 - 002690342 _____ C:\Users\User\Downloads\20839366-0-Gx-White-paper-Prese(1).pdf 2017-09-29 00:16 - 2017-10-19 22:17 - 000000000 ____D C:\Users\User\AppData\Roaming\Telegram Desktop 2017-09-29 00:05 - 2017-09-29 00:15 - 021059112 _____ (Telegram Messenger LLP ) C:\Users\User\Downloads\tsetup.1.1.23.exe 2017-09-28 23:34 - 2017-10-19 05:14 - 000000000 ____D C:\Users\User\Desktop\Budak Crypto 2017-09-27 23:40 - 2017-09-28 01:59 - 799855387 _____ C:\Users\User\Downloads\herbal talk 2.mp4 2017-09-27 09:28 - 2017-09-27 09:28 - 000000000 ____D C:\Users\User\Downloads\body-of-lies-english-yify-4095 2017-09-27 09:27 - 2017-09-27 09:27 - 000046109 _____ C:\Users\User\Downloads\body-of-lies-english-yify-4095.zip 2017-09-27 08:26 - 2017-09-27 08:26 - 000009835 _____ C:\Users\User\Desktop\expensees.xlsx 2017-09-27 04:40 - 2017-09-27 04:40 - 000000000 ____D C:\TinyTake by MangoApps 2017-09-27 01:59 - 2017-10-19 20:27 - 000003574 _____ C:\Windows\System32\Tasks\TinyTakeUpgrade 2017-09-27 01:59 - 2017-10-19 00:49 - 000000000 ____D C:\Users\User\AppData\Roaming\TinyTake by MangoApps 2017-09-27 01:59 - 2017-09-27 04:40 - 000000000 ____D C:\TinyTake 2017-09-27 01:59 - 2017-09-27 01:59 - 000000000 ____D C:\Users\User\AppData\Roaming\MangoApps 2017-09-27 01:59 - 2017-09-27 01:59 - 000000000 ____D C:\Users\User\AppData\Local\MangoApps 2017-09-27 01:41 - 2017-09-27 01:41 - 000000000 ____D C:\Users\User\Downloads\TinyTakeSetup_v_4_0_1 2017-09-25 10:17 - 2017-09-25 10:18 - 011939118 _____ C:\Users\User\Downloads\EverGreenCoin-Qt-win-v1.6.0.1(1).zip 2017-09-24 09:25 - 2017-09-24 09:25 - 000023549 _____ C:\Users\User\Downloads\Max Steel 2016 HDRip XViD AC3-EVO-ETRG English.zip 2017-09-24 09:23 - 2017-09-24 09:23 - 000019839 _____ C:\Users\User\Downloads\Max Steel English English.zip 2017-09-24 09:18 - 2017-09-24 09:18 - 000029428 _____ C:\Users\User\Downloads\maxsteel2016bdripx264-geckos-ytsag-english-102027.zip 2017-09-24 07:17 - 2017-09-24 07:17 - 000031268 _____ C:\Users\User\Downloads\the-5th-wave-2016-1080p-bluray-h264-aac-rarbg-english-83251.zip 2017-09-23 22:18 - 2017-09-24 05:22 - 023483095 _____ C:\Users\User\Downloads\TinyTakeSetup_v_4_0_1.zip 2017-09-23 05:54 - 2017-09-23 05:55 - 003369076 _____ (ZeallSoft, Inc. ) C:\Users\User\Downloads\ssrsetup.exe 2017-09-23 05:42 - 2017-09-23 05:42 - 000010947 _____ C:\Users\User\Documents\EMAILING LIST.xlsx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-20 19:15 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf 2017-10-20 02:01 - 2017-07-18 16:16 - 000000000 ____D C:\Users\User\AppData\Roaming\Azureus 2017-10-20 02:00 - 2017-07-18 16:16 - 000000000 ____D C:\Users\User\Documents\Vuze Downloads 2017-10-20 01:51 - 2016-11-23 10:35 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2017-10-20 01:39 - 2016-08-08 09:39 - 000000270 _____ C:\Windows\Tasks\{3096FACD-256A-CA71-BDEA-5D1DDD3B0310}.job 2017-10-20 00:51 - 2016-01-26 23:00 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-10-19 22:32 - 2009-07-13 20:45 - 000025120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-19 22:32 - 2009-07-13 20:45 - 000025120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:43 - 2017-07-23 02:34 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-10-19 20:27 - 2017-05-21 07:25 - 000000000 ____D C:\Program Files\SoftEther VPN Client 2017-10-19 20:26 - 2016-01-26 21:37 - 000073232 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2017-10-19 20:26 - 2016-01-22 10:01 - 000000000 ____D C:\ProgramData\NVIDIA 2017-10-19 20:26 - 2016-01-22 09:54 - 000017920 _____ C:\Windows\System32\rpcnetp.exe 2017-10-19 20:26 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-19 09:35 - 2016-03-08 10:20 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics 2017-10-19 05:11 - 2016-01-26 21:48 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc 2017-10-19 04:13 - 2016-01-27 22:22 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2017-10-19 01:22 - 2016-03-13 04:53 - 000000000 ____D C:\Users\User\AppData\Roaming\Xilisoft 2017-10-19 01:21 - 2016-03-13 04:46 - 000000000 ____D C:\ProgramData\Xilisoft 2017-10-19 01:21 - 2016-03-13 04:46 - 000000000 ____D C:\Program Files (x86)\Xilisoft 2017-10-19 00:47 - 2017-08-08 04:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-19 00:47 - 2016-01-26 21:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-19 00:47 - 2016-01-22 09:54 - 000017920 _____ C:\Windows\SysWOW64\rpcnetp.exe 2017-10-18 23:34 - 2017-05-05 05:34 - 000000000 ____D C:\Users\User\AppData\Roaming\Electrum 2017-10-18 06:13 - 2016-01-26 21:22 - 000000000 ___RD C:\Users\User\Desktop\Short Cuts 2017-10-17 08:50 - 2016-08-08 11:33 - 000004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-10-17 08:50 - 2016-03-28 18:32 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-17 08:50 - 2016-01-26 21:47 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-17 08:50 - 2016-01-26 21:47 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-17 08:50 - 2016-01-26 21:47 - 000000000 ____D C:\Windows\System32\Macromed 2017-10-17 08:50 - 2016-01-22 10:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-17 07:06 - 2017-01-29 10:30 - 000000000 ____D C:\Users\User\AppData\Roaming\Kodi 2017-10-17 07:05 - 2016-05-02 13:30 - 000000000 ____D C:\KMPlayer 2017-10-16 00:53 - 2016-08-08 09:38 - 000000258 __RSH C:\ProgramData\ntuser.pol 2017-10-15 05:35 - 2017-07-23 02:27 - 001038552 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys 2017-10-15 05:35 - 2017-07-23 02:27 - 000195288 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys 2017-10-15 05:34 - 2017-04-27 23:04 - 000348376 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klhk.sys 2017-10-13 05:10 - 2017-09-05 01:29 - 000000000 ____D C:\Users\User\AppData\Roaming\lisk-nano 2017-10-13 00:59 - 2017-09-02 03:48 - 000000000 ____D C:\Users\User\AppData\Roaming\EverGreenCoin 2017-10-12 18:29 - 2017-09-16 22:14 - 000000000 ____D C:\Users\User\Desktop\Nak Print !!! 2017-10-12 05:09 - 2017-09-02 03:48 - 000000000 ____D C:\ProgramData\boost_interprocess 2017-10-12 04:59 - 2016-11-22 09:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-10-11 15:19 - 2016-08-09 10:40 - 000000000 ____D C:\Users\User\Downloads\Compressed 2017-10-11 12:15 - 2017-08-13 03:18 - 000001754 _____ C:\Users\User\Desktop\Next Picks.txt 2017-10-11 12:15 - 2016-01-26 21:52 - 000000000 ___RD C:\Users\User\Google Drive 2017-10-11 11:45 - 2017-07-28 20:06 - 000000000 ____D C:\Users\User\AppData\Roaming\NordVPN 2017-10-08 18:31 - 2017-09-19 08:13 - 000077440 _____ C:\Windows\System32\Drivers\mbae64.sys 2017-10-08 13:26 - 2016-01-22 09:54 - 000017920 _____ C:\Windows\SysWOW64\rpcnetp.dll 2017-10-05 17:24 - 2017-06-18 22:17 - 000000000 ____D C:\Users\User\Desktop\Refference Crypto 2017-10-01 10:15 - 2016-05-02 01:18 - 000000000 ____D C:\Users\User\Desktop\mashad pino tomato sauce 2017-09-28 06:04 - 2016-03-06 22:39 - 000000000 ____D C:\Program Files (x86)\iMobie 2017-09-27 01:58 - 2016-03-17 18:59 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-23 08:04 - 2016-12-10 05:48 - 000000000 ____D C:\Users\User\AppData\Roaming\PhotoScape 2017-09-23 07:07 - 2016-12-10 05:49 - 000039936 ____H C:\Users\User\Desktop\photothumb.db Files to move or delete: ==================== C:\Windows\Tasks\{3096FACD-256A-CA71-BDEA-5D1DDD3B0310}.job Some files in TEMP: ==================== 2017-09-22 19:46 - 2017-10-20 02:01 - 000035680 _____ () C:\Users\User\AppData\Local\Temp\i4jdel0.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2016-06-15 10:42] - [2016-04-08 21:53] - 003231232 _____ (Microsoft Corporation) 9DA3B83F80E205B6C601EEE1312FD0A0 C:\Windows\SysWOW64\explorer.exe [2016-06-15 10:42] - [2016-04-08 21:44] - 002973184 _____ (Microsoft Corporation) 3DA48EA028AD771C5B71727F0C3984E9 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2017-10-06 10:18 Restore point date: 2017-10-11 11:44 Restore point date: 2017-10-19 00:39 Restore point date: 2017-10-20 18:46 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8173.86 MB Available physical RAM: 7358.12 MB Total Virtual: 8172.06 MB Available Virtual: 7380.48 MB ==================== Drives ================================ Drive c: (S3A4489D001) (Fixed) (Total:450.9 GB) (Free:112.16 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from drive)] Drive g: (IRM_CCSA_X64FRE_EN-US_DV5) (Removable) (Total:14.91 GB) (Free:14.82 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6B6F87B3) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.4 GB) - (Type=17) ======================================================== Disk: 2 (Size: 14.9 GB) (Disk ID: 0D19A8F0) Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS) LastRegBack: 2017-10-19 09:28 ==================== End of FRST.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.