Jump to content

shahidul_brur

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. shahidul_brur
    HP pavilion g4
  2. shahidul_brur
    Modem brand is huwawei. model: E1550. It is produced for grameenphone (grameenphone.com). I tried by reinstalling. But it is same.
  3. shahidul_brur
    Thank you so much for your kind help. Take my heartiest respect and gratitude. Another issue: After the PC being infected by malwares I couldn't connect my modem. When I clicked on the "Connect" button on the modem driver software, it said, "Sorry you modem is already in use or not properly configured". But alternatively I was able to use internet by that modem through cellular network(clicking on the network icon then clicking on the connection name and setting an apn. But now I am able to connect my modem clicking on that connect button on the driver. But though the modem is being connected I can't access internet, i.e. there is no speed and page is not being loaded. But still I can use internet through cellular network. How can I fix it ? [Everything was okay before malware infection. That's why I think it is caused by malware infection.]
  4. shahidul_brur
    Till now it doesn't happen.
  5. shahidul_brur
    Here it is: Fixlog.txt
  6. shahidul_brur
    Here is new Addition.txt file: Addition.txt
  7. shahidul_brur
    Content of FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018 Ran by shahidul (administrator) on DESKTOP-U3IN4FT (24-01-2018 00:16:00) Running from C:\Users\shahidul\Desktop Loaded Profiles: shahidul (Available Profiles: shahidul) Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe () C:\Program Files\Everything\Everything.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe () C:\ProgramData\DatacardService\DCService.exe () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe () C:\Windows\KMS-R@1n.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeterSvc.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeter.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe () C:\Program Files\Everything\Everything.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (OmicronLab) C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe (TypingMaster Inc) C:\Program Files (x86)\TypingMaster\KBoost.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Telegram Messenger LLP) C:\Users\shahidul\AppData\Roaming\Telegram Desktop\Telegram.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Code::Blocks Team) C:\Program Files (x86)\CodeBlocks\codeblocks.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] () HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-02] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2018-01-09] (Dropbox, Inc.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-09-18] (Intel) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems Inc.) HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [2931744 2010-08-23] (Hagel Technologies Ltd.) HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\Run: [Google Update] => C:\Users\shahidul\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-16] (Google Inc.) HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\Run: [Avro Keyboard] => C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe [4703600 2014-02-22] (OmicronLab) HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\Run: [TypingSatellite] => C:\Program Files (x86)\TypingMaster\KBOOST.EXE [1247736 2010-09-24] (TypingMaster Inc) HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3919928 2016-02-11] (Tonec Inc.) HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446856 2018-01-09] (Skype Technologies S.A.) HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\Run: [DigitalSearch] => C:\Users\shahidul\AppData\Local\GenericTools\DigitalSearch.exe HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {285322c4-cb9b-11e7-95d0-28924a40d487} - "J:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {37538ad7-b484-11e7-95c7-28924a40d487} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {5449841c-caf9-11e7-95cf-28924a40d487} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {5d1b60c7-c9c2-11e7-95cf-28924a40d487} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {67b7b96d-c444-11e7-95cf-28924a40d487} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {67b7ba28-c444-11e7-95cf-28924a40d487} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {7be26265-0063-11e8-95d9-28924a40d487} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {8984f271-9790-11e7-95bc-001e101f29a8} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {a83dc37f-972e-11e7-95bc-28924a40d487} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {a83dc410-972e-11e7-95bc-28924a40d487} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {a83dca5b-972e-11e7-95bc-001e101f29a8} - "D:\AutoRun.exe" HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\MountPoints2: {a83dd109-972e-11e7-95bc-001e101f29a8} - "D:\AutoRun.exe" IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe Startup: C:\Users\shahidul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2017-09-23] ShortcutTarget: Telegram.lnk -> C:\Users\shahidul\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{16d4e90f-24df-4bdb-a84d-c74b3aefe339}: [DhcpNameServer] 192.168.61.62 58.97.254.25 Tcpip\..\Interfaces\{d8aca6fc-4b87-433e-bd61-5c7c41067349}: [DhcpNameServer] 192.168.0.3 0.0.0.0 Tcpip\..\Interfaces\{ff426101-158e-4968-9ccf-359c4eae6381}: [NameServer] 123.108.240.171 123.108.240.188 Internet Explorer: ================== HKU\S-1-5-21-664432768-3743993494-4198841483-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-664432768-3743993494-4198841483-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-664432768-3743993494-4198841483-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) FireFox: ======== FF DefaultProfile: jiugv6t0.default-1516117104588 FF ProfilePath: C:\Users\shahidul\AppData\Roaming\Mozilla\Firefox\Profiles\jiugv6t0.default-1516117104588 [2018-01-24] FF Homepage: Mozilla\Firefox\Profiles\jiugv6t0.default-1516117104588 -> about:home FF Extension: (Firefox Multi-Account Containers) - C:\Users\shahidul\AppData\Roaming\Mozilla\Firefox\Profiles\jiugv6t0.default-1516117104588\Extensions\@testpilot-containers.xpi [2018-01-16] FF Extension: (Notifier for Gmail™) - C:\Users\shahidul\AppData\Roaming\Mozilla\Firefox\Profiles\jiugv6t0.default-1516117104588\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2018-01-16] FF Extension: (Google Translator for Firefox) - C:\Users\shahidul\AppData\Roaming\Mozilla\Firefox\Profiles\jiugv6t0.default-1516117104588\Extensions\translator@zoli.bod.xpi [2018-01-16] FF Extension: (uBlock Origin) - C:\Users\shahidul\AppData\Roaming\Mozilla\Firefox\Profiles\jiugv6t0.default-1516117104588\Extensions\uBlock0@raymondhill.net.xpi [2018-01-16] FF Extension: (CF-Predictor) - C:\Users\shahidul\AppData\Roaming\Mozilla\Firefox\Profiles\jiugv6t0.default-1516117104588\Extensions\{709c6d79-20b9-430d-a8e9-f12583ac3b17}.xpi [2018-01-16] FF Extension: (CodeForces Input Copier) - C:\Users\shahidul\AppData\Roaming\Mozilla\Firefox\Profiles\jiugv6t0.default-1516117104588\Extensions\{cbe5a97a-4ab3-40ee-a263-e2c642f903e1}.xpi [2018-01-23] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-11-07] [Legacy] FF HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-03-10] [Legacy] FF HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-664432768-3743993494-4198841483-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\shahidul\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\shahidul\AppData\Roaming\IDM\idmmzcc5 [2018-01-23] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-29] () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2017-09-28] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-29] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File] FF Plugin HKU\S-1-5-21-664432768-3743993494-4198841483-1001: @tools.google.com/Google Update;version=3 -> C:\Users\shahidul\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) FF Plugin HKU\S-1-5-21-664432768-3743993494-4198841483-1001: @tools.google.com/Google Update;version=9 -> C:\Users\shahidul\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) Chrome: ======= CHR HomePage: Default -> inline.go.mail.ru CHR StartupUrls: Default -> "hxxps://algo.codemarshal.org/contests/nhspc2015rangpur-s","","hxxp://mail.ru/cnt/10445?gp=811141" CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BF469962E-A08A-4777-9412-4446E60B3D1A%7D&gp=811142 CHR DefaultSearchKeyword: Default -> go.mail.ru CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms} CHR Profile: C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default [2018-01-21] CHR Extension: (Google Drive) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-12] CHR Extension: (Coder's Calendar) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bageaffklfkikjigoclfgengklfnidll [2017-09-12] CHR Extension: (YouTube) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-12] CHR Extension: (uBlock Origin) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-01-16] CHR Extension: (Notifier for Gmail™) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2017-12-30] CHR Extension: (Tampermonkey) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-10-12] CHR Extension: (Adobe Acrobat) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-07] CHR Extension: (Poppit!) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-09-12] CHR Extension: (IDM Integration Module) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-01-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-12] CHR Extension: (PrintWhatYouLike) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgfabafajliaooeicdoahbpoajfmbbe [2017-11-28] CHR Extension: (CF-Predictor) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocfloejijfhhkkdmheodbaanephbnfhn [2017-09-12] CHR Extension: (Gmail) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-12] CHR Extension: (Chrome Media Router) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-09] CHR Extension: (MetaProducts Offline Explorer integration) - C:\Users\shahidul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk [2017-11-08] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-03-11] CHR HKU\S-1-5-21-664432768-3743993494-4198841483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28] CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer Enterprise\mpoe.crx [2017-06-15] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-13] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-13] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2018-01-09] (Dropbox, Inc.) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed] R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel) R2 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [1411616 2010-08-20] (Hagel Technologies Ltd.) R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () R2 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] () R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2017-05-18] (Intel Corporation) R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-11-18] () [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] () S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-12] (SHAREit Technologies Co.Ltd) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcm; C:\Windows\System32\drivers\drxvi314_64.sys [382464 2011-03-12] (Beceem communications pvt ltd.) [File not signed] R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation) S3 bcmbusctr; C:\Windows\System32\drivers\BcmBusCtr_64.sys [60416 2011-03-12] (Beceem communications pvt ltd.) [File not signed] R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20904 2010-08-20] (Hagel Technologies Ltd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] () R3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-20] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-01-23] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-01-23] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-23] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-01-23] (Malwarebytes) R1 MpKsl1d8855fa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6DF8BE2-B98B-443B-80D0-03F722CBBC6E}\MpKsl1d8855fa.sys [58120 2018-01-22] (Microsoft Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] () S3 SqnModeSwitch; C:\Windows\System32\Drivers\SqnModeSwitch.sys [22800 2011-06-24] (Windows (R) Win 7 DDK provider) S3 SqnUsbV; C:\Windows\system32\DRIVERS\SqnUsbV.sys [78672 2011-06-24] (Sequans Communication) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 WacHidRouterPro; \SystemRoot\System32\drivers\wachidrouter.sys [X] S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-24 00:16 - 2018-01-24 00:16 - 000025917 _____ C:\Users\shahidul\Desktop\FRST.txt 2018-01-24 00:15 - 2018-01-21 20:42 - 002393088 _____ (Farbar) C:\Users\shahidul\Desktop\FRST64.exe 2018-01-23 23:33 - 2018-01-23 23:33 - 000002426 _____ C:\Windows\system32\default_error_stack-000021-000000.txt 2018-01-23 23:30 - 2018-01-23 23:30 - 000001192 _____ C:\Users\Public\Desktop\Grameenphone Internet.lnk 2018-01-23 23:30 - 2018-01-23 23:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grameenphone Internet 2018-01-23 23:30 - 2010-04-09 15:24 - 000079360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys 2018-01-23 23:30 - 2010-04-09 15:24 - 000049664 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys 2018-01-23 23:30 - 2010-04-09 15:24 - 000027136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys 2018-01-23 23:30 - 2010-01-18 18:48 - 000032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2018-01-23 23:29 - 2010-04-07 17:05 - 000250368 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2018-01-23 23:29 - 2010-03-20 11:56 - 000114560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2018-01-23 10:07 - 2018-01-23 10:07 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\57248520.sys 2018-01-23 09:22 - 2018-01-23 23:44 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-01-23 01:44 - 2018-01-23 01:44 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\77352708.sys 2018-01-23 01:43 - 2018-01-23 10:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2018-01-21 20:53 - 2018-01-21 20:53 - 000002426 _____ C:\Windows\system32\default_error_stack-000020-000000.txt 2018-01-20 14:31 - 2018-01-20 14:31 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dictionary 2018-01-20 14:25 - 2018-01-20 14:32 - 000000000 ____D C:\Program Files (x86)\B_dictionary 2018-01-20 13:42 - 2018-01-24 00:16 - 000000000 ____D C:\FRST 2018-01-20 12:54 - 2018-01-23 23:34 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-01-20 12:54 - 2018-01-23 23:34 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-01-20 12:54 - 2018-01-20 12:54 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-01-20 12:53 - 2018-01-23 23:34 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-01-20 12:53 - 2018-01-23 01:44 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-01-20 12:53 - 2018-01-20 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-01-20 12:53 - 2018-01-20 12:53 - 000000000 ____D C:\Program Files\Malwarebytes 2018-01-20 12:53 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-01-20 09:37 - 2018-01-20 09:37 - 000002426 _____ C:\Windows\system32\default_error_stack-000019-000000.txt 2018-01-20 09:36 - 2018-01-20 09:37 - 000184004 _____ C:\Windows\Minidump\012018-21125-01.dmp 2018-01-19 23:41 - 2018-01-19 23:41 - 000080901 _____ C:\Users\shahidul\Desktop\Contest on KMP + Z Algo - Virtual Judge.htm 2018-01-19 23:41 - 2018-01-19 23:41 - 000000000 ____D C:\Users\shahidul\Desktop\Contest on KMP + Z Algo - Virtual Judge_files 2018-01-19 22:02 - 2018-01-22 22:34 - 000025600 ___SH C:\Users\shahidul\Desktop\Thumbs.db 2018-01-17 16:45 - 2018-01-17 16:45 - 000002426 _____ C:\Windows\system32\default_error_stack-000018-000000.txt 2018-01-16 21:25 - 2018-01-20 09:36 - 485268255 _____ C:\Windows\MEMORY.DMP 2018-01-16 21:25 - 2018-01-20 09:36 - 000000000 ____D C:\Windows\Minidump 2018-01-16 21:25 - 2018-01-16 21:26 - 000172076 _____ C:\Windows\Minidump\011618-21859-01.dmp 2018-01-16 21:25 - 2018-01-16 21:25 - 000002426 _____ C:\Windows\system32\default_error_stack-000017-000000.txt 2018-01-15 14:56 - 2018-01-23 17:03 - 000003360 _____ C:\Windows\System32\Tasks\oekIEyoeoFI 2018-01-15 14:56 - 2018-01-23 14:03 - 000003578 _____ C:\Windows\System32\Tasks\eeWCvzEyiU 2018-01-15 14:56 - 2018-01-15 14:56 - 000003730 _____ C:\Windows\System32\Tasks\UOUOaxVFs 2018-01-15 14:56 - 2015-10-30 13:18 - 000181248 _____ (Microsoft Corporation) C:\Users\shahidul\AppData\Local\QnwiIXB.exe 2018-01-15 14:56 - 2015-10-30 13:18 - 000058368 _____ (Microsoft Corporation) C:\Program Files (x86)\DWXUldEnAI.exe 2018-01-15 14:56 - 2015-10-30 13:18 - 000001100 _____ C:\Users\shahidul\OsCuDdUIN 2018-01-15 14:56 - 2015-10-30 13:18 - 000001082 _____ C:\Users\shahidul\AppData\Local\EZoIZoEEffDd 2018-01-15 14:56 - 2015-10-30 13:18 - 000000074 _____ C:\Program Files (x86)\EYIIIZya 2018-01-15 14:56 - 2015-10-30 13:18 - 000000057 _____ C:\Windows\qyWNbXFtIYM 2018-01-13 13:14 - 2018-01-13 13:14 - 000000000 ____D C:\Users\shahidul\Desktop1-1 2018-01-13 13:12 - 2018-01-13 13:12 - 000000000 ____D C:\Users\shahidul\Desktop100-200 2018-01-12 13:59 - 2018-01-23 23:50 - 000000000 ____D C:\Users\shahidul\AppData\Local\CrashDumps 2018-01-12 13:03 - 2018-01-12 13:03 - 000000000 ____D C:\Users\shahidul\AppData\Local\BANANA 2018-01-12 13:02 - 2018-01-12 13:02 - 000001095 _____ C:\Users\shahidul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmoothDraw 4.lnk 2018-01-12 13:02 - 2018-01-12 13:02 - 000000000 ____D C:\Program Files (x86)\SmoothDraw 2018-01-12 12:55 - 2018-01-12 13:48 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\SmartDraw 2018-01-12 12:55 - 2018-01-12 12:55 - 000000000 ____D C:\Users\shahidul\AppData\System 2018-01-12 12:55 - 2018-01-12 12:55 - 000000000 ____D C:\Users\shahidul\AppData\Local\SmartDraw 2018-01-12 12:52 - 2018-01-12 15:38 - 000000000 ____D C:\SmartDraw 2017 2018-01-12 12:32 - 2018-01-12 12:35 - 000000000 ____D C:\Users\shahidul\Documents\ardesia 2018-01-12 11:29 - 2018-01-12 12:22 - 000004608 _____ C:\Users\shahidul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-01-12 11:10 - 2018-01-12 11:10 - 000000000 ____D C:\Users\shahidul\Documents\Camtasia Studio 2018-01-12 11:10 - 2018-01-12 11:10 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\TechSmith 2018-01-12 11:10 - 2018-01-12 11:10 - 000000000 ____D C:\Users\shahidul\AppData\Local\TechSmith 2018-01-12 11:08 - 2018-01-12 11:08 - 000000000 ____D C:\ProgramData\TechSmith 2018-01-12 11:08 - 2018-01-12 11:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2018-01-12 11:08 - 2018-01-12 11:08 - 000000000 ____D C:\Program Files (x86)\TechSmith 2018-01-12 11:08 - 2018-01-12 11:08 - 000000000 ____D C:\Program Files (x86)\QuickTime 2018-01-12 08:56 - 2018-01-12 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-01-11 23:03 - 2018-01-11 23:03 - 000109311 _____ C:\Users\shahidul\Desktop\theme-8217083288017088966.xml 2018-01-10 11:14 - 2018-01-10 11:16 - 000000000 ____D C:\Program Files (x86)\Presentation Assistant 2018-01-10 11:14 - 2018-01-10 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presentation Assistant 2018-01-10 11:00 - 2018-01-12 15:38 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\Presentation Assistant 2018-01-10 11:00 - 2018-01-12 13:57 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\Presentation Marker 2018-01-10 10:59 - 2018-01-12 13:55 - 000000000 ____D C:\Program Files (x86)\Presentation Marker Pro 2018-01-09 03:15 - 2018-01-09 03:15 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2018-01-09 03:15 - 2018-01-09 03:15 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2018-01-09 03:15 - 2018-01-09 03:15 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2018-01-09 03:15 - 2018-01-09 03:15 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2018-01-06 20:42 - 2018-01-06 20:42 - 000203159 _____ C:\Users\shahidul\Downloads\M_S7UCDEUD.pdf 2017-12-27 15:05 - 2017-12-27 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sequans Communications 2017-12-27 15:05 - 2017-12-27 15:05 - 000000000 ____D C:\Program Files\Sequans Communications 2017-12-25 09:43 - 2017-12-25 21:22 - 000000000 ____D C:\Users\shahidul\AppData\Local\GenericTools 2017-12-25 09:37 - 2017-12-25 09:37 - 000000000 ____D C:\Program Files (x86)\CompanySetup 2017-12-25 09:37 - 2017-12-25 09:37 - 000000000 ____D C:\Program Files (x86)\CompanyProjectZzAl 2017-12-25 09:24 - 2017-12-25 09:24 - 000002426 _____ C:\Windows\system32\default_error_stack-000016-000000.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-23 23:56 - 2017-09-12 02:55 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\CodeBlocks 2018-01-23 23:36 - 2017-09-13 22:31 - 000000944 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2018-01-23 23:35 - 2017-12-12 00:25 - 000000000 ____D C:\Users\shahidul\AppData\LocalLow\Mozilla 2018-01-23 23:35 - 2017-09-12 04:13 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\Telegram Desktop 2018-01-23 23:34 - 2017-09-26 09:41 - 000000000 __SHD C:\Users\shahidul\IntelGraphicsProfiles 2018-01-23 23:33 - 2017-09-13 22:31 - 000000940 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2018-01-23 23:33 - 2017-09-12 01:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-23 23:32 - 2017-11-27 16:25 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\DMCache 2018-01-23 23:32 - 2017-09-14 00:53 - 000000000 ____D C:\Users\shahidul\AppData\Local\Everything 2018-01-23 23:32 - 2017-09-13 11:16 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\Everything 2018-01-23 23:32 - 2015-10-30 12:28 - 000786432 ___SH C:\Windows\system32\config\BBI 2018-01-23 23:30 - 2017-11-18 14:40 - 000000000 ____D C:\Users\shahidul\Documents\Outlook Files 2018-01-23 23:30 - 2017-09-12 02:43 - 000000000 ____D C:\Program Files (x86)\Grameenphone Internet 2018-01-23 23:30 - 2017-09-12 02:42 - 000000000 ____D C:\ProgramData\DatacardService 2018-01-23 23:30 - 2015-10-30 13:21 - 000000000 ____D C:\Windows\INF 2018-01-23 09:45 - 2017-10-12 15:47 - 000000507 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2018-01-23 09:07 - 2017-09-12 02:14 - 000004172 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{272AA94D-C94D-4983-9444-7A59D2FFE5C6} 2018-01-23 00:27 - 2017-09-28 17:24 - 000000000 ____D C:\KMPlayer 2018-01-22 21:49 - 2017-09-13 22:53 - 000000000 ___RD C:\Users\shahidul\Dropbox 2018-01-22 19:38 - 2017-09-12 02:05 - 000879220 _____ C:\Windows\system32\PerfStringBackup.INI 2018-01-21 20:53 - 2017-10-30 11:38 - 000000008 __RSH C:\ProgramData\ntuser.pol 2018-01-21 20:46 - 2015-10-30 13:24 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-01-21 20:46 - 2015-10-30 13:24 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2018-01-21 01:30 - 2017-09-12 02:02 - 000000000 ____D C:\Users\shahidul 2018-01-21 01:09 - 2017-09-18 20:53 - 000000000 ____D C:\Users\shahidul\Downloads\Telegram Desktop 2018-01-19 13:10 - 2015-10-30 13:24 - 000000000 ____D C:\Windows\LiveKernelReports 2018-01-17 12:35 - 2015-10-30 13:24 - 000000000 ____D C:\Windows\system32\NDF 2018-01-16 21:25 - 2017-12-12 00:25 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-01-16 21:25 - 2017-12-12 00:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-01-15 10:38 - 2017-12-13 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-01-12 08:57 - 2017-09-13 22:31 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-01-05 20:16 - 2017-12-12 00:25 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2018-01-05 10:43 - 2017-09-12 05:09 - 000002484 _____ C:\Users\shahidul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-12-29 23:42 - 2015-10-30 13:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-12-29 23:42 - 2015-10-30 13:24 - 000000000 ____D C:\Windows\system32\Macromed 2017-12-29 23:35 - 2017-09-12 02:23 - 000000000 ____D C:\Users\shahidul\AppData\Local\Adobe 2017-12-27 15:53 - 2017-12-10 21:14 - 000000000 ____D C:\Users\shahidul\AppData\Roaming\IDM 2017-12-26 18:22 - 2017-09-12 02:13 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies 2017-12-25 09:45 - 2017-09-12 04:26 - 000000000 ____D C:\Users\shahidul\Downloads\Compressed ==================== Files in the root of some directories ======= 2015-10-30 13:18 - 2015-10-30 13:18 - 000001100 _____ () C:\Users\shahidul\OsCuDdUIN.bat 2018-01-15 14:56 - 2015-10-30 13:18 - 000058368 _____ (Microsoft Corporation) C:\Program Files (x86)\DWXUldEnAI.exe 2018-01-15 14:56 - 2015-10-30 13:18 - 000000074 _____ () C:\Program Files (x86)\EYIIIZya 2015-10-30 13:18 - 2015-10-30 13:18 - 000000074 _____ () C:\Program Files (x86)\EYIIIZya.bat 2018-01-12 11:29 - 2018-01-12 12:22 - 000004608 _____ () C:\Users\shahidul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-01-15 14:56 - 2015-10-30 13:18 - 000001082 _____ () C:\Users\shahidul\AppData\Local\EZoIZoEEffDd 2015-10-30 13:18 - 2015-10-30 13:18 - 000001082 _____ () C:\Users\shahidul\AppData\Local\EZoIZoEEffDd.bat 2018-01-15 14:56 - 2015-10-30 13:18 - 000181248 _____ (Microsoft Corporation) C:\Users\shahidul\AppData\Local\QnwiIXB.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-01-14 20:07 ==================== End of FRST.txt ============================ Content of Addition.txt: ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 58% Total physical RAM: 3998.35 MB Available physical RAM: 1668.57 MB Total Virtual: 4702.35 MB Available Virtual: 1923.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:75 GB) (Free:41.32 GB) NTFS Drive d: (grameenphone) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS Drive e: (Multimedia) (Fixed) (Total:155.87 GB) (Free:17.91 GB) NTFS Drive f: (My World) (Fixed) (Total:155.87 GB) (Free:17.65 GB) NTFS Drive g: (Study) (Fixed) (Total:155.87 GB) (Free:16.28 GB) NTFS Drive h: (Software) (Fixed) (Total:116.39 GB) (Free:52.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 2317545C) Partition 1: (Active) - (Size=150 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=116.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=507.1 GB) - (Type=05) ==================== End of Addition.txt ============================ And here I also added a screenshot of the pop up CMD window. Addition.txt FRST.txt
  8. shahidul_brur
    Thank you sir for your reply. I had run a scan using mbar. It says that "No malware found. No clean up required". Here is the log file: mbar-log-2018-01-23 (01-44-58).txt mbar-log-2018-01-23 (10-07-53).txt
  9. shahidul_brur
    I accedentally downloaded some malware. From then some addons were installed on browser. So I removed the addons manually. But the CMD is popping automatically and trying to download something. I scan my PC using malwarebytes 3. It detected some malwares and quarantined them. But the CMD is still popping and trying to download something. How to solve the problem? Please help me. Thanks in advance. Here is the log file of scan: log.txt logLatest.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.