mashad Posted October 21, 2017 ID:1174693 Share Posted October 21, 2017 hye guys , firstly can i know why this happen ? was it a virus or trojan or something ? i read some already some other pages and have run frst64. here is my log, should i continue to click fix ? Please help Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2017 Ran by SYSTEM on MININT-9BIPCN6 (21-10-2017 12:56:09) Running from g:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM-x32\...\Run: [ITSecMng] => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START HKLM-x32\...\Run: [TSleepSrv] => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe BootExecute: autocheck autochk /p \??\C:autocheck autochk * GroupPolicy: Restriction <==== ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-02] (Apple Inc.) S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-27] (AO Kaspersky Lab) S2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-08-16] (Ellora Assets Corp.) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-27] (AO Kaspersky Lab) S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-27] (AO Kaspersky Lab) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-20] (Malwarebytes) S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [417456 2017-08-22] () S2 SaferVPN.Service; C:\Program Files (x86)\SaferVPN\SaferVPN.Service.exe [2233704 2017-08-24] () S2 SageUBSBackupService; C:\Program Files (x86)\Common Files\Sage Software\BackupService\UBS.UBSService.exe [9216 2011-08-22] () S2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-05-21] (SoftEther VPN Project at University of Tsukuba, Japan.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [34416 2016-03-23] (AnvSoft Inc.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare) S0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-09] (AO Kaspersky Lab) S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-09] () S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd) S3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd) S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-01] (AO Kaspersky Lab) S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab) S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195288 2017-10-15] (AO Kaspersky Lab) S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [348376 2017-10-15] (AO Kaspersky Lab) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1038552 2017-10-15] (AO Kaspersky Lab) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2017-04-27] (AO Kaspersky Lab) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-18] (AO Kaspersky Lab) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-06] (Kaspersky Lab ZAO) S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) S3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-06] (The OpenVPN Project) S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab) S1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-04-27] (AO Kaspersky Lab) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199640 2017-07-25] (AO Kaspersky Lab) S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-12] () S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0050.sys [38432 2017-05-22] (SoftEther Corporation) S2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) S1 SaferVPNNetfilter2; C:\Windows\System32\drivers\SaferVPNNetfilter2.sys [79536 2017-08-01] (Windows (R) Win 7 DDK provider) S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2016-09-13] (The OpenVPN Project) S3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-21 12:31 - 2017-10-21 12:56 - 000000000 ____D C:\FRST 2017-10-20 18:44 - 2017-10-20 18:44 - 000000000 __SHD C:\found.000 2017-10-19 11:53 - 2017-10-19 11:53 - 000000723 _____ C:\Users\User\Desktop\New Text Document.txt 2017-10-19 04:03 - 2017-10-19 04:03 - 000000000 ____D C:\Users\User\AppData\Local\Meltytech 2017-10-19 02:05 - 2017-10-19 02:06 - 000000000 ____D C:\Program Files\Shotcut 2017-10-19 01:42 - 2017-10-19 01:47 - 193067608 _____ C:\Users\User\Downloads\shotcut-win64-171002(1).exe 2017-10-19 01:41 - 2017-10-19 01:41 - 000000367 _____ C:\Users\User\Downloads\shotcut-win64-171002.exe 2017-10-19 01:33 - 2017-10-19 01:33 - 010416099 _____ C:\Users\User\Desktop\Mashad Pino on Instagram “Mashmakanchat 0206 Its easy and tasty well almost nak tau cara ⬇️⬇️⬇️⬇️⬇️⬇️⬇️ Items 1Red onion sliced 2Big chili and chili padi…” • Instagram.mp4 2017-10-19 01:31 - 2017-10-19 01:31 - 008800447 _____ C:\Users\User\Desktop\Mashad Pino on Instagram “Mashmakanchat 0106 All Cameron Highlands produce well almost nak tau cara ⬇️⬇️⬇️⬇️⬇️⬇️⬇️ Items 1Organic baby carrots 2Spinach…” • Instagram.mp4 2017-10-19 01:26 - 2017-10-19 01:27 - 012899391 _____ C:\Users\User\Desktop\Mashad Pino on Instagram “Mashmakanchat 0306 NASI TOMATO ?Its easy and tasty well almost nak tau cara ⬇️⬇️⬇️⬇️⬇️⬇️⬇️ Items 1Red onion chip 2Garlic chop…” • Instagram.mp4 2017-10-19 01:21 - 2017-10-19 01:21 - 000002099 _____ C:\Users\Public\Desktop\Xilisoft HD Video Converter.lnk 2017-10-19 01:19 - 2017-10-19 01:19 - 008960493 _____ C:\Users\User\Desktop\Princess keys.mp4 2017-10-19 01:16 - 2017-10-19 01:16 - 003290324 _____ C:\Users\User\Desktop\Mashad Pino (@mashadpino) • Instagram photos and videos.mp4 2017-10-19 00:43 - 2017-10-19 00:43 - 000000548 _____ C:\Users\User\wallet 2017-10-19 00:40 - 2017-10-19 00:46 - 000000000 ____D C:\Users\User\AppData\Local\RippleAdminConsole 2017-10-19 00:39 - 2017-10-19 00:39 - 000000000 ____D C:\Program Files\Ripple Desktop Wallet 2017-10-19 00:24 - 2017-10-19 00:38 - 050948969 _____ (Rippex) C:\Users\User\Downloads\ripple-wallet-win64-1.4.1(1).exe 2017-10-19 00:19 - 2017-10-19 00:21 - 050948969 _____ (Rippex) C:\Users\User\Downloads\ripple-wallet-win64-1.4.1.exe 2017-10-18 09:56 - 2017-10-19 09:09 - 000002154 _____ C:\Users\User\Desktop\Bit degree BOUNTY.txt 2017-10-18 05:47 - 2017-10-18 05:48 - 052078337 _____ C:\Users\User\Desktop\Fire TV Or Android Box Which Should You Buy [HD, 1280x720].mp4 2017-10-17 09:49 - 2017-10-17 09:49 - 000025540 _____ C:\Users\User\Downloads\Hardcore.Henry.2015.BDRip.x264-DRONES English.zip 2017-10-17 09:46 - 2017-10-17 09:46 - 000025206 _____ C:\Users\User\Downloads\hardcorehenry2015720pblurayx264-ytsag-english-91303.zip 2017-10-17 07:00 - 2017-10-17 07:00 - 000065543 _____ C:\Users\User\Downloads\armageddon-1998-1080p-bluray-x264-belex-dual-audio-legenda-english-90758.zip 2017-10-16 07:41 - 2017-10-16 07:41 - 000038945 _____ C:\Users\User\Downloads\Sub-eng-Armageddon-1998-cd-1.zip 2017-10-16 07:32 - 2017-10-16 07:32 - 000069175 _____ C:\Users\User\Downloads\armageddon_HI_english-300627.zip 2017-10-16 07:29 - 2017-10-16 07:29 - 000063447 _____ C:\Users\User\Downloads\armageddon_english-244200.zip 2017-10-16 01:17 - 2017-10-16 01:17 - 000000000 ____D C:\Users\User\Downloads\StellarDesktopWin64-v3.0 2017-10-16 01:14 - 2017-10-16 01:17 - 061309258 _____ C:\Users\User\Downloads\StellarDesktopWin64-v3.0.zip 2017-10-16 00:55 - 2017-10-19 20:28 - 000003756 _____ C:\Windows\System32\Tasks\AutoKMS 2017-10-13 11:08 - 2017-10-13 11:08 - 000046045 _____ C:\Users\User\Downloads\kingsman-the-secret-service-english-yify-48131.zip 2017-10-13 11:08 - 2017-10-13 11:08 - 000000000 ____D C:\Users\User\Downloads\kingsman-the-secret-service-english-yify-48131 2017-10-13 05:07 - 2017-10-13 05:09 - 063679616 _____ (Lisk Foundation) C:\Users\User\Downloads\lisk-nano-win-1.1.0.exe 2017-10-11 16:30 - 2017-10-11 16:30 - 002690342 _____ C:\Users\User\Downloads\1b7d6b_a9eab92530a94bc0a09020a2cacbf266.pdf 2017-10-11 11:44 - 2017-10-11 11:44 - 000000000 ____D C:\Program Files (x86)\NordVPN 2017-10-11 11:38 - 2017-10-11 11:38 - 023649896 _____ (NordVPN) C:\Users\User\Downloads\NordVPNSetup(1).exe 2017-10-08 18:31 - 2017-10-12 05:05 - 000252232 _____ C:\Windows\System32\Drivers\mbamswissarmy.sys 2017-10-08 13:19 - 2017-10-08 13:19 - 000018052 _____ C:\Users\User\Downloads\War.For.The.Planet.Of.The.Apes.2017.720p.HDRip.KORSUB English.zip 2017-10-08 13:18 - 2017-10-08 13:18 - 000018079 _____ C:\Users\User\Downloads\war-for-the-planet-of-the-apes-2017-english-1164878.zip 2017-10-07 09:06 - 2017-10-11 16:35 - 000000000 ____D C:\Users\User\Desktop\summer 2017-10-06 08:00 - 2017-10-13 08:43 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software 2017-10-06 08:00 - 2017-10-06 08:43 - 000000000 ____D C:\Users\User\AppData\Roaming\NCH Software 2017-10-06 08:00 - 2017-10-06 08:43 - 000000000 ____D C:\ProgramData\NCH Software 2017-10-06 08:00 - 2017-10-06 08:43 - 000000000 ____D C:\Program Files (x86)\NCH Software 2017-10-06 08:00 - 2017-10-06 08:00 - 000727784 _____ (NCH Software) C:\Users\User\Downloads\rpsetup.exe 2017-10-06 08:00 - 2017-10-06 08:00 - 000000000 ____D C:\Users\User\AppData\Roaming\Recordpad 2017-10-01 10:03 - 2017-10-01 10:03 - 000014453 _____ C:\Users\User\Downloads\148043160.pdf 2017-09-30 07:38 - 2017-09-30 07:38 - 000034676 _____ C:\Users\User\Downloads\The.Finest.Hours.2016.720p.WEB-DL.H264.AC3-EVO English.zip 2017-09-29 22:25 - 2017-09-29 22:26 - 002690342 _____ C:\Users\User\Downloads\20839366-0-Gx-White-paper-Prese(1).pdf 2017-09-29 00:16 - 2017-10-19 22:17 - 000000000 ____D C:\Users\User\AppData\Roaming\Telegram Desktop 2017-09-29 00:05 - 2017-09-29 00:15 - 021059112 _____ (Telegram Messenger LLP ) C:\Users\User\Downloads\tsetup.1.1.23.exe 2017-09-28 23:34 - 2017-10-19 05:14 - 000000000 ____D C:\Users\User\Desktop\Budak Crypto 2017-09-27 23:40 - 2017-09-28 01:59 - 799855387 _____ C:\Users\User\Downloads\herbal talk 2.mp4 2017-09-27 09:28 - 2017-09-27 09:28 - 000000000 ____D C:\Users\User\Downloads\body-of-lies-english-yify-4095 2017-09-27 09:27 - 2017-09-27 09:27 - 000046109 _____ C:\Users\User\Downloads\body-of-lies-english-yify-4095.zip 2017-09-27 08:26 - 2017-09-27 08:26 - 000009835 _____ C:\Users\User\Desktop\expensees.xlsx 2017-09-27 04:40 - 2017-09-27 04:40 - 000000000 ____D C:\TinyTake by MangoApps 2017-09-27 01:59 - 2017-10-19 20:27 - 000003574 _____ C:\Windows\System32\Tasks\TinyTakeUpgrade 2017-09-27 01:59 - 2017-10-19 00:49 - 000000000 ____D C:\Users\User\AppData\Roaming\TinyTake by MangoApps 2017-09-27 01:59 - 2017-09-27 04:40 - 000000000 ____D C:\TinyTake 2017-09-27 01:59 - 2017-09-27 01:59 - 000000000 ____D C:\Users\User\AppData\Roaming\MangoApps 2017-09-27 01:59 - 2017-09-27 01:59 - 000000000 ____D C:\Users\User\AppData\Local\MangoApps 2017-09-27 01:41 - 2017-09-27 01:41 - 000000000 ____D C:\Users\User\Downloads\TinyTakeSetup_v_4_0_1 2017-09-25 10:17 - 2017-09-25 10:18 - 011939118 _____ C:\Users\User\Downloads\EverGreenCoin-Qt-win-v1.6.0.1(1).zip 2017-09-24 09:25 - 2017-09-24 09:25 - 000023549 _____ C:\Users\User\Downloads\Max Steel 2016 HDRip XViD AC3-EVO-ETRG English.zip 2017-09-24 09:23 - 2017-09-24 09:23 - 000019839 _____ C:\Users\User\Downloads\Max Steel English English.zip 2017-09-24 09:18 - 2017-09-24 09:18 - 000029428 _____ C:\Users\User\Downloads\maxsteel2016bdripx264-geckos-ytsag-english-102027.zip 2017-09-24 07:17 - 2017-09-24 07:17 - 000031268 _____ C:\Users\User\Downloads\the-5th-wave-2016-1080p-bluray-h264-aac-rarbg-english-83251.zip 2017-09-23 22:18 - 2017-09-24 05:22 - 023483095 _____ C:\Users\User\Downloads\TinyTakeSetup_v_4_0_1.zip 2017-09-23 05:54 - 2017-09-23 05:55 - 003369076 _____ (ZeallSoft, Inc. ) C:\Users\User\Downloads\ssrsetup.exe 2017-09-23 05:42 - 2017-09-23 05:42 - 000010947 _____ C:\Users\User\Documents\EMAILING LIST.xlsx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-20 19:15 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf 2017-10-20 02:01 - 2017-07-18 16:16 - 000000000 ____D C:\Users\User\AppData\Roaming\Azureus 2017-10-20 02:00 - 2017-07-18 16:16 - 000000000 ____D C:\Users\User\Documents\Vuze Downloads 2017-10-20 01:51 - 2016-11-23 10:35 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2017-10-20 01:39 - 2016-08-08 09:39 - 000000270 _____ C:\Windows\Tasks\{3096FACD-256A-CA71-BDEA-5D1DDD3B0310}.job 2017-10-20 00:51 - 2016-01-26 23:00 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-10-19 22:32 - 2009-07-13 20:45 - 000025120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-19 22:32 - 2009-07-13 20:45 - 000025120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:43 - 2017-07-23 02:34 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-10-19 20:27 - 2017-05-21 07:25 - 000000000 ____D C:\Program Files\SoftEther VPN Client 2017-10-19 20:26 - 2016-01-26 21:37 - 000073232 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2017-10-19 20:26 - 2016-01-22 10:01 - 000000000 ____D C:\ProgramData\NVIDIA 2017-10-19 20:26 - 2016-01-22 09:54 - 000017920 _____ C:\Windows\System32\rpcnetp.exe 2017-10-19 20:26 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-19 09:35 - 2016-03-08 10:20 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics 2017-10-19 05:11 - 2016-01-26 21:48 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc 2017-10-19 04:13 - 2016-01-27 22:22 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2017-10-19 01:22 - 2016-03-13 04:53 - 000000000 ____D C:\Users\User\AppData\Roaming\Xilisoft 2017-10-19 01:21 - 2016-03-13 04:46 - 000000000 ____D C:\ProgramData\Xilisoft 2017-10-19 01:21 - 2016-03-13 04:46 - 000000000 ____D C:\Program Files (x86)\Xilisoft 2017-10-19 00:47 - 2017-08-08 04:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-19 00:47 - 2016-01-26 21:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-19 00:47 - 2016-01-22 09:54 - 000017920 _____ C:\Windows\SysWOW64\rpcnetp.exe 2017-10-18 23:34 - 2017-05-05 05:34 - 000000000 ____D C:\Users\User\AppData\Roaming\Electrum 2017-10-18 06:13 - 2016-01-26 21:22 - 000000000 ___RD C:\Users\User\Desktop\Short Cuts 2017-10-17 08:50 - 2016-08-08 11:33 - 000004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-10-17 08:50 - 2016-03-28 18:32 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-17 08:50 - 2016-01-26 21:47 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-17 08:50 - 2016-01-26 21:47 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-17 08:50 - 2016-01-26 21:47 - 000000000 ____D C:\Windows\System32\Macromed 2017-10-17 08:50 - 2016-01-22 10:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-17 07:06 - 2017-01-29 10:30 - 000000000 ____D C:\Users\User\AppData\Roaming\Kodi 2017-10-17 07:05 - 2016-05-02 13:30 - 000000000 ____D C:\KMPlayer 2017-10-16 00:53 - 2016-08-08 09:38 - 000000258 __RSH C:\ProgramData\ntuser.pol 2017-10-15 05:35 - 2017-07-23 02:27 - 001038552 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys 2017-10-15 05:35 - 2017-07-23 02:27 - 000195288 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys 2017-10-15 05:34 - 2017-04-27 23:04 - 000348376 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klhk.sys 2017-10-13 05:10 - 2017-09-05 01:29 - 000000000 ____D C:\Users\User\AppData\Roaming\lisk-nano 2017-10-13 00:59 - 2017-09-02 03:48 - 000000000 ____D C:\Users\User\AppData\Roaming\EverGreenCoin 2017-10-12 18:29 - 2017-09-16 22:14 - 000000000 ____D C:\Users\User\Desktop\Nak Print !!! 2017-10-12 05:09 - 2017-09-02 03:48 - 000000000 ____D C:\ProgramData\boost_interprocess 2017-10-12 04:59 - 2016-11-22 09:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-10-11 15:19 - 2016-08-09 10:40 - 000000000 ____D C:\Users\User\Downloads\Compressed 2017-10-11 12:15 - 2017-08-13 03:18 - 000001754 _____ C:\Users\User\Desktop\Next Picks.txt 2017-10-11 12:15 - 2016-01-26 21:52 - 000000000 ___RD C:\Users\User\Google Drive 2017-10-11 11:45 - 2017-07-28 20:06 - 000000000 ____D C:\Users\User\AppData\Roaming\NordVPN 2017-10-08 18:31 - 2017-09-19 08:13 - 000077440 _____ C:\Windows\System32\Drivers\mbae64.sys 2017-10-08 13:26 - 2016-01-22 09:54 - 000017920 _____ C:\Windows\SysWOW64\rpcnetp.dll 2017-10-05 17:24 - 2017-06-18 22:17 - 000000000 ____D C:\Users\User\Desktop\Refference Crypto 2017-10-01 10:15 - 2016-05-02 01:18 - 000000000 ____D C:\Users\User\Desktop\mashad pino tomato sauce 2017-09-28 06:04 - 2016-03-06 22:39 - 000000000 ____D C:\Program Files (x86)\iMobie 2017-09-27 01:58 - 2016-03-17 18:59 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-23 08:04 - 2016-12-10 05:48 - 000000000 ____D C:\Users\User\AppData\Roaming\PhotoScape 2017-09-23 07:07 - 2016-12-10 05:49 - 000039936 ____H C:\Users\User\Desktop\photothumb.db Files to move or delete: ==================== C:\Windows\Tasks\{3096FACD-256A-CA71-BDEA-5D1DDD3B0310}.job Some files in TEMP: ==================== 2017-09-22 19:46 - 2017-10-20 02:01 - 000035680 _____ () C:\Users\User\AppData\Local\Temp\i4jdel0.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2016-06-15 10:42] - [2016-04-08 21:53] - 003231232 _____ (Microsoft Corporation) 9DA3B83F80E205B6C601EEE1312FD0A0 C:\Windows\SysWOW64\explorer.exe [2016-06-15 10:42] - [2016-04-08 21:44] - 002973184 _____ (Microsoft Corporation) 3DA48EA028AD771C5B71727F0C3984E9 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2017-10-06 10:18 Restore point date: 2017-10-11 11:44 Restore point date: 2017-10-19 00:39 Restore point date: 2017-10-20 18:46 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8173.86 MB Available physical RAM: 7358.12 MB Total Virtual: 8172.06 MB Available Virtual: 7380.48 MB ==================== Drives ================================ Drive c: (S3A4489D001) (Fixed) (Total:450.9 GB) (Free:112.16 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from drive)] Drive g: (IRM_CCSA_X64FRE_EN-US_DV5) (Removable) (Total:14.91 GB) (Free:14.82 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6B6F87B3) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.4 GB) - (Type=17) ======================================================== Disk: 2 (Size: 14.9 GB) (Disk ID: 0D19A8F0) Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS) LastRegBack: 2017-10-19 09:28 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted October 21, 2017 ID:1174704 Share Posted October 21, 2017 Helo mashad and welcome to Malwarebytes, Save the attached file fixlist.txt to your flash drive, same place as FRST. Now please enter System Recovery Options as you did to get the log. Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Will windows now boot to Normal mode, if so run the following: Totally Remove Malwarebytes from your system: Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop.. If applicable, backup your Malwarebytes license key information and deactivate the product. Close all open applications and deactivate Malwarebytes <---- Very important, do not miss that step To deactivate Malwarebytes: Right click on tray icon, from the opened list select "Quit Malwarebytes" an UAC alert will open, select "Yes" to deactivate Malwarebytes... Double-click mb-clean.exe to run it A prompt to confirm the cleanup will appear, select Yes or No Yes - will proceed with the cleanup process <---- Select this option to start the tool No - will exit the utility The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes. Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot We recommend an immediate reboot <--- Do Not miss out this step Suppressing the reboot may result in an incomplete cleanup Upon reboot Malwarebytes will be totally removed from your system To re-install Malwarebytes: Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes and is updated do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Let me see the produced logs, also tell me if there are any remaining issues or concerns... Thank you, Kevin.... fixlist.txt Link to post Share on other sites More sharing options...
mashad Posted October 21, 2017 Author ID:1174775 Share Posted October 21, 2017 Hye Kevin , thanks ,everything is back to normal i suppose , i have attach the file from the scan . Can i know if this was a trojan/virus/malware ? Thanks, also any extra steps you think i should do , please suggest . malware.txt fixlist.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 21, 2017 ID:1174777 Share Posted October 21, 2017 Hello mashad, You have attached the scan log from FRST not the log from the fix... I do not believe the problem was down to Malware or Infection, one of Malwarebytes drivers was not passing signature checks so creates issue with the boot process. I`m not 100% sure but believe that driver problem was caused by a Windows update... Did you recently do any updates or did auto updates happen recently for windows.... Is your PC responding as expected, do you have any remaining issues or concerns.... If you want further help we can run FRST normal scan and check your system out, let me know what you want to do... Cheers, Kevin... Link to post Share on other sites More sharing options...
mashad Posted October 22, 2017 Author ID:1174869 Share Posted October 22, 2017 hye kevin , attach is a malware.txt file which was from the scan . I was not doing any windows update but was installing something from the internet. Anyways my laptop is running as per normal . malware.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 22, 2017 ID:1174900 Share Posted October 22, 2017 Hiya mashad, Thanks for the log and information update, if your system is behaving and responding as expected you should be good to go... Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted October 30, 2017 ID:1177271 Share Posted October 30, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts