Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Malware Removal Assistance Needed
Message
<blockquote data-quote="Micheal salami" data-source="post: 647271" data-attributes="member: 63820"><p>[code]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017</p><p>Ran by Thollu (administrator) on DESKTOP-HV4MIBU (29-06-2017 22:11:41)</p><p>Running from C:\Users\Thollu\Downloads</p><p>Loaded Profiles: Thollu (Available Profiles: Thollu)</p><p>Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: IE)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]</p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>() C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe</p><p>(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe</p><p>(Tanuki Software, Ltd.) C:\ManageEngine\PMP\bin\wrapper.exe</p><p>(Oracle Corporation) C:\ManageEngine\PMP\jre\bin\java.exe</p><p>(Microsoft Corporation) C:\Windows\System32\cmd.exe</p><p>(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe</p><p>(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe</p><p>(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe</p><p>(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe</p><p>(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe</p><p>(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe</p><p>(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe</p><p>(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe</p><p>(tuxler.com) C:\Program Files (x86)\Tuxler Proxy\TuxlerProxy.exe</p><p>(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe</p><p>(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe</p><p>() C:\ManageEngine\PMP\PMP.exe</p><p>() C:\Program Files (x86)\Tuxler Proxy\privoxy\privoxy.exe</p><p>(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p></p><p>==================== Registry (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.)</p><p>HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)</p><p>HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe</p><p>HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [Tuxler] => C:\Program Files (x86)\Tuxler Proxy\TuxlerProxy.exe [2093056 2017-04-11] (tuxler.com)</p><p>HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe [97976 2017-05-21] (Tencent)</p><p>HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe</p><p>HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [NSYBCV4OS03F6KS] => C:\Program Files\70M1O7OBD9\KPTGW7UCC.exe [1040384 2017-06-29] (1BZQ)</p><p>HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [wenc0pexoba] => C:\Users\Thollu\AppData\Roaming\pjassdfnj0p\izpqsndqqpl.exe [8192 2017-06-29] ()</p><p>Startup: C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMP Service Manager.lnk [2017-06-12]</p><p>ShortcutTarget: PMP Service Manager.lnk -> C:\ManageEngine\PMP\PMP.exe ()</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyEnable: [S-1-5-21-694308185-4116531498-1042364220-1001] => Proxy is enabled.</p><p>ProxyServer: [S-1-5-21-694308185-4116531498-1042364220-1001] => http=127.0.0.1:54321;https=127.0.0.1:54321;socks=127.0.0.1:12345</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.43.1</p><p>Tcpip\..\Interfaces\{384595c0-cf1d-48ca-b657-fe423262bd73}: [DhcpNameServer] 192.168.43.1</p><p>ManualProxies: 1http=127.0.0.1:54321;https=127.0.0.1:54321;socks=127.0.0.1:12345</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = hxxp://go.microsoft.com/fwlink/?linkid=42826</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = hxxp://go.microsoft.com/fwlink/?linkid=42826</p><p></p><p>FireFox:</p><p>========</p><p>FF DefaultProfile: bb82mb5q.default</p><p>FF ProfilePath: C:\Users\Thollu\AppData\Roaming\Mozilla\Firefox\Profiles\bb82mb5q.default [2017-06-29]</p><p>FF NetworkProxy: Mozilla\Firefox\Profiles\bb82mb5q.default -> socks", "209.122.193.17"</p><p>FF NetworkProxy: Mozilla\Firefox\Profiles\bb82mb5q.default -> socks_port", 14203</p><p>FF NetworkProxy: Mozilla\Firefox\Profiles\bb82mb5q.default -> type", 0</p><p>FF Extension: (Fast search) - C:\Users\Thollu\AppData\Roaming\Mozilla\Firefox\Profiles\bb82mb5q.default\Extensions\amcontextmenu@loucypher [2017-06-29]</p><p>FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2017-05-21] (Tencent)</p><p>FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2017-05-21] (Tencent)</p><p>FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)</p><p></p><p>Chrome:</p><p>=======</p><p>CHR Profile: C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default [2017-06-29]</p><p>CHR Extension: (Google Docs) - C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-02]</p><p>CHR Extension: (Chrome Web Store Payments) - C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-02]</p><p>CHR Extension: (Chrome Media Router) - C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-06]</p><p></p><p>==================== Services (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)</p><p>R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)</p><p>S2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1045736 2016-07-20] (Broadcom Corporation)</p><p>S2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [42216 2016-07-20] (Broadcom Corporation)</p><p>R2 PMP; C:\ManageEngine\PMP\bin\wrapper.exe [636184 2017-06-02] (Tanuki Software, Ltd.)</p><p>S2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (IDT, Inc.)</p><p>R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [257760 2016-07-20] ()</p><p>R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)</p><p>R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)</p><p>S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]</p><p></p><p>===================== Drivers (Whitelisted) ======================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 blackberryncm; C:\WINDOWS\System32\drivers\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)</p><p>R1 MpKsl53a34beb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{30148130-E750-454E-9832-734D78EF9E59}\MpKsl53a34beb.sys [44928 2017-06-29] (Microsoft Corporation)</p><p>R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)</p><p>S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)</p><p>R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)</p><p>S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)</p><p>R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-06-29 22:11 - 2017-06-29 22:12 - 00010180 _____ C:\Users\Thollu\Downloads\FRST.txt</p><p>2017-06-29 22:11 - 2017-06-29 22:11 - 00000000 ____D C:\FRST</p><p>2017-06-29 22:10 - 2017-06-29 22:10 - 02440704 _____ (Farbar) C:\Users\Thollu\Downloads\FRST64.exe</p><p>2017-06-29 16:07 - 2017-06-29 21:15 - 00000000 ____D C:\ProgramData\Avg</p><p>2017-06-29 16:07 - 2017-06-29 21:14 - 00000000 ____D C:\Users\Thollu\AppData\Local\AvgSetupLog</p><p>2017-06-29 16:07 - 2017-06-29 16:07 - 00000000 ____D C:\Users\Thollu\AppData\Local\Avg</p><p>2017-06-29 16:06 - 2017-06-29 16:07 - 03449448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Thollu\Downloads\Antivirus_Free_1856.exe</p><p>2017-06-29 10:44 - 2017-06-29 10:44 - 00000004 _____ C:\ProgramData\_lg.3sap</p><p>2017-06-29 10:40 - 2017-06-29 10:40 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\pjassdfnj0p</p><p>2017-06-29 10:39 - 2017-06-29 10:40 - 00000000 ____D C:\Program Files\70M1O7OBD9</p><p>2017-06-29 10:37 - 2017-06-29 10:43 - 00004318 _____ C:\ProgramData\_lg.1sap</p><p>2017-06-29 10:37 - 2017-06-29 10:43 - 00000128 _____ C:\ProgramData\_lg.2sap</p><p>2017-06-25 21:53 - 2017-06-25 21:59 - 00000000 ____D C:\Users\Thollu\Desktop\New folder (2)</p><p>2017-06-25 21:51 - 2017-06-25 21:52 - 00000000 ____D C:\Users\Thollu\Desktop\New folder</p><p>2017-06-23 06:37 - 2017-06-23 06:41 - 00000000 ____D C:\Users\Thollu\Desktop\site pics</p><p>2017-06-23 06:31 - 2017-06-23 06:34 - 136668472 _____ (Apple Inc.) C:\Users\Thollu\Downloads\iCloudSetup.exe</p><p>2017-06-12 14:23 - 2017-06-29 20:07 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7CC7FA45-8F64-47D3-846F-6DCCA7346F25}</p><p>2017-06-12 14:22 - 2017-06-12 14:22 - 00000000 ____D C:\ProgramData\Oracle</p><p>2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information</p><p>2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine Password Manager Pro</p><p>2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine Password Manager Pro</p><p>2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\ManageEngine</p><p>2017-06-12 13:57 - 2017-06-12 14:14 - 156035160 _____ (ZOHO Corp.) C:\Users\Thollu\Downloads\ManageEngine_PMP_64bit.exe</p><p>2017-06-10 02:27 - 2017-06-29 10:50 - 00000000 ___HD C:\Users\Thollu\Desktop\pic</p><p>2017-06-10 00:43 - 2017-06-10 00:43 - 00000654 _____ C:\Users\Public\Desktop\UDC Output Files.lnk</p><p>2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ___RD C:\Users\Thollu\Documents\UDC Output Files</p><p>2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\UDC Profiles</p><p>2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Document Converter</p><p>2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ____D C:\Program Files (x86)\Universal Document Converter</p><p>2017-06-10 00:43 - 2016-11-05 13:58 - 00042456 _____ (fCoder Group, Inc.) C:\WINDOWS\system32\udcpm.dll</p><p>2017-06-10 00:43 - 2015-02-04 19:00 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll</p><p>2017-06-10 00:42 - 2017-06-10 00:43 - 24290480 _____ (fCoder SIA ) C:\Users\Thollu\Downloads\udc.exe</p><p>2017-06-10 00:27 - 2017-06-10 00:27 - 01130328 _____ (Google Inc.) C:\Users\Thollu\Downloads\ChromeSetup(1).exe</p><p>2017-06-10 00:14 - 2017-06-10 00:14 - 00064078 _____ C:\Users\Thollu\Downloads\p1.html</p><p>2017-06-09 23:28 - 2017-06-09 23:28 - 01316354 _____ C:\Users\Thollu\Downloads\jv020ssw.zip</p><p>2017-06-08 04:54 - 2017-06-08 04:54 - 00000000 ____D C:\Users\Thollu\Downloads\KPortScan 3.0</p><p>2017-06-08 04:45 - 2017-06-08 11:35 - 05124905 _____ C:\Users\Thollu\Downloads\KPortScan 3.0.zip</p><p>2017-06-08 04:14 - 2017-06-08 04:14 - 00000000 ____D C:\Users\Thollu\Downloads\DUBrute.2.2 with private user and pass list</p><p>2017-06-08 03:58 - 2017-06-08 03:58 - 00002532 _____ C:\Users\Thollu\Downloads\new1.txt</p><p>2017-06-08 02:17 - 2017-06-12 14:56 - 00000000 ____D C:\Users\Thollu\.zenmap</p><p>2017-06-08 02:17 - 2017-06-08 03:33 - 00001032 _____ C:\Users\Thollu\Desktop\Nmap - Zenmap GUI.lnk</p><p>2017-06-08 02:17 - 2017-06-08 02:17 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap</p><p>2017-06-08 02:15 - 2017-06-08 02:15 - 00000000 ____D C:\Users\Thollu\Downloads\Dubrute + VNC + Nmap ( pass = loveyou )</p><p>2017-06-08 02:13 - 2017-06-08 02:14 - 24475972 _____ C:\Users\Thollu\Downloads\Dubrute + VNC + Nmap ( pass = loveyou ).rar</p><p>2017-06-08 00:54 - 2017-06-08 00:54 - 00000000 _____ C:\Users\Thollu\Downloads\vnc1.txt</p><p>2017-06-08 00:44 - 2017-06-08 00:44 - 00000000 ____D C:\Program Files\WinPcap</p><p>2017-06-08 00:42 - 2017-06-08 02:17 - 00000000 ____D C:\Program Files (x86)\Nmap</p><p>2017-06-08 00:15 - 2017-06-13 21:18 - 00002240 ____H C:\Users\Thollu\Documents\Default.rdp</p><p>2017-06-07 21:37 - 2017-06-07 22:02 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Apple Computer</p><p>2017-06-07 21:37 - 2017-06-07 21:37 - 00000000 ____D C:\Users\Thollu\AppData\Local\Apple Computer</p><p>2017-06-07 21:36 - 2017-06-07 21:36 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk</p><p>2017-06-07 21:36 - 2017-06-07 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>2017-06-07 21:33 - 2017-06-07 21:36 - 00000000 ____D C:\Program Files\iTunes</p><p>2017-06-07 21:33 - 2017-06-07 21:33 - 00000000 ____D C:\ProgramData\Apple Computer</p><p>2017-06-07 21:33 - 2017-06-07 21:33 - 00000000 ____D C:\Program Files\iPod</p><p>2017-06-07 21:30 - 2017-06-07 21:30 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk</p><p>2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple</p><p>2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Users\Thollu\AppData\Local\Apple</p><p>2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files\Bonjour</p><p>2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files (x86)\Bonjour</p><p>2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update</p><p>2017-06-07 21:29 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files\Common Files\Apple</p><p>2017-06-07 21:28 - 2017-06-07 21:30 - 00000000 ____D C:\ProgramData\Apple</p><p>2017-06-07 20:59 - 2017-06-07 21:25 - 259195720 _____ (Apple Inc.) C:\Users\Thollu\Downloads\iTunes64Setup.exe</p><p>2017-06-07 00:12 - 2017-06-07 00:38 - 229151198 _____ C:\Users\Thollu\Downloads\Journey-to-the-West_-The-Demons-Strike-Back--2017----HDRip----mycoolmoviez.net.mp4</p><p>2017-06-05 02:28 - 2017-06-05 02:43 - 188165558 _____ C:\Users\Thollu\Downloads\Drone--2017----HDRip----mycoolmoviez.net.mp4</p><p>2017-06-02 20:48 - 2017-06-02 20:49 - 00003129 _____ C:\Users\Thollu\Downloads\Quickteller -GoTV</p><p>2017-06-01 20:05 - 2017-06-13 19:19 - 00000000 ____D C:\Program Files (x86)\BlueStacks</p><p>2017-06-01 20:05 - 2017-06-08 01:13 - 00000000 ____D C:\ProgramData\BlueStacks</p><p>2017-06-01 19:18 - 2017-06-01 20:05 - 339047640 _____ (BlueStack Systems Inc.) C:\Users\Thollu\Downloads\BlueStacks2_native.exe</p><p>2017-05-30 18:18 - 2017-06-03 09:20 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task</p><p>2017-05-30 18:18 - 2017-05-30 18:18 - 00000000 ____D C:\Users\Thollu\AppData\LocalLow\Adobe</p><p>2017-05-30 18:18 - 2017-05-30 18:18 - 00000000 ____D C:\Users\Thollu\AppData\Local\CEF</p><p>2017-05-30 18:17 - 2017-05-30 18:20 - 00000000 ____D C:\ProgramData\Adobe</p><p>2017-05-30 18:17 - 2017-05-30 18:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk</p><p>2017-05-30 18:17 - 2017-05-30 18:17 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk</p><p>2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Program Files (x86)\Adobe</p><p>2017-05-30 18:14 - 2017-05-30 18:14 - 00000000 ____D C:\Users\Public\Thunder Network</p><p>2017-05-30 18:14 - 2017-05-30 18:14 - 00000000 ____D C:\ProgramData\Thunder Network</p><p>2017-05-30 17:46 - 2017-06-13 19:19 - 00000000 ____D C:\Program Files\TrueKey</p><p>2017-05-30 17:41 - 2017-05-30 18:18 - 00000000 ____D C:\Users\Thollu\AppData\Local\Adobe</p><p>2017-05-30 17:32 - 2017-05-30 17:33 - 01677255 _____ C:\Users\Thollu\Downloads\CE_TUMAsia_UndergraduateProgrammes_AY1416.pdf</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-06-29 15:53 - 2017-04-03 04:50 - 00000000 ____D C:\WINDOWS\AppReadiness</p><p>2017-06-29 15:37 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Thollu\AppData\LocalLow\Mozilla</p><p>2017-06-29 15:36 - 2017-05-21 23:22 - 00000000 ____D C:\Users\Thollu\Documents\Tencent Files</p><p>2017-06-29 12:28 - 2017-04-03 04:50 - 00000000 ___HD C:\Program Files\WindowsApps</p><p>2017-06-29 10:41 - 2017-04-03 05:18 - 00000000 ____D C:\Users\Thollu</p><p>2017-06-29 10:41 - 2017-04-03 05:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2017-06-29 10:41 - 2017-04-03 05:07 - 00009900 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt</p><p>2017-06-29 10:41 - 2017-04-03 04:39 - 00524288 ___SH C:\WINDOWS\system32\config\BBI</p><p>2017-06-29 10:33 - 2017-04-02 10:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</p><p>2017-06-29 10:33 - 2017-04-02 10:53 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2017-06-28 09:13 - 2017-05-27 18:53 - 00001023 _____ C:\Users\Thollu\Desktop\VirtualDJ 8.lnk</p><p>2017-06-27 23:37 - 2017-04-02 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2017-06-27 23:37 - 2017-04-02 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2017-06-25 22:57 - 2017-05-27 18:53 - 00000000 ____D C:\Users\Thollu\Documents\VirtualDJ</p><p>2017-06-24 23:22 - 2017-04-03 04:49 - 00000000 ____D C:\WINDOWS\INF</p><p>2017-06-23 06:43 - 2017-04-03 05:22 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2017-06-22 22:09 - 2017-04-03 04:43 - 00000000 ____D C:\WINDOWS\CbsTemp</p><p>2017-06-22 16:13 - 2017-04-02 01:14 - 00000000 ____D C:\WINDOWS\system32\MRT</p><p>2017-06-22 16:11 - 2017-04-02 01:14 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2017-06-20 17:47 - 2017-04-24 01:25 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2</p><p>2017-06-20 17:47 - 2017-04-03 05:21 - 00002366 _____ C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk</p><p>2017-06-20 17:47 - 2017-04-03 05:21 - 00000000 ___RD C:\Users\Thollu\OneDrive</p><p>2017-06-14 22:48 - 2017-04-03 04:50 - 00000000 ____D C:\WINDOWS\system32\NDF</p><p>2017-06-12 14:50 - 2017-04-03 07:46 - 00000000 ____D C:\Users\Thollu\.android</p><p>2017-06-08 01:12 - 2017-04-03 04:50 - 00000000 __RHD C:\Users\Public\Libraries</p><p>2017-06-08 01:10 - 2017-05-19 08:27 - 00000000 ____D C:\Users\Thollu\AppData\Local\Bluestacks</p><p>2017-06-06 21:30 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\vlc</p><p>2017-06-04 21:14 - 2017-05-27 18:53 - 00000000 ____D C:\Program Files (x86)\VirtualDJ</p><p>2017-06-03 04:07 - 2017-04-03 04:52 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2017-06-03 04:07 - 2017-04-03 04:52 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2017-06-01 20:10 - 2017-04-03 07:42 - 00000000 ____D C:\ProgramData\BlueStacksSetup</p><p>2017-05-31 09:03 - 2017-04-03 04:57 - 00000000 ___DC C:\WINDOWS\Panther</p><p>2017-05-30 21:45 - 2017-04-02 01:18 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe</p><p>2017-05-30 18:18 - 2017-04-03 05:18 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Adobe</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2017-06-29 10:37 - 2017-06-29 10:43 - 0004318 _____ () C:\ProgramData\_lg.1sap</p><p>2017-06-29 10:37 - 2017-06-29 10:43 - 0000128 _____ () C:\ProgramData\_lg.2sap</p><p>2017-06-29 10:44 - 2017-06-29 10:44 - 0000004 _____ () C:\ProgramData\_lg.3sap</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>2017-06-08 01:10 - 2017-05-24 07:56 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\HD-Common.dll</p><p>2017-06-08 01:10 - 2017-05-24 07:57 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\HD-InstallerUtils.dll</p><p>2017-06-08 01:10 - 2017-05-24 07:54 - 0187416 _____ (BlueStack Systems) C:\Users\Thollu\AppData\Local\Temp\HD-LibraryHandler.dll</p><p>2017-05-19 08:27 - 2017-05-24 07:53 - 0246808 _____ (BlueStack Systems) C:\Users\Thollu\AppData\Local\Temp\HD-Logger-Native.dll</p><p>2017-05-19 08:27 - 2016-01-07 08:52 - 0128536 _____ (BlueStack Systems) C:\Users\Thollu\AppData\Local\Temp\HD-ShortcutHandler.dll</p><p>2017-06-08 01:10 - 2017-05-24 07:56 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\HD-Uninstaller.exe</p><p>2017-04-02 11:35 - 2017-04-02 11:35 - 0469256 _____ (Microsoft Corporation) C:\Users\Thollu\AppData\Local\Temp\InstallManager_GEN_GEN.exe</p><p>2017-06-29 10:36 - 2017-06-29 10:36 - 0382144 _____ () C:\Users\Thollu\AppData\Local\Temp\msclean.exe</p><p>2017-05-24 02:42 - 2017-05-24 02:42 - 0031096 _____ (Tencent) C:\Users\Thollu\AppData\Local\Temp\qqsafeud.exe</p><p>2017-05-19 08:27 - 2016-01-07 04:26 - 0495128 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\uninstall.exe</p><p>2017-06-04 21:13 - 2017-06-04 21:13 - 0084216 _____ () C:\Users\Thollu\AppData\Local\Temp\VirtualDJ New Version.exe</p><p></p><p>==================== Bamital & volsnap ======================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2017-06-24 18:43</p><p></p><p>==================== End of FRST.txt ============================[/code]</p></blockquote><p></p>
[QUOTE="Micheal salami, post: 647271, member: 63820"] [code]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017 Ran by Thollu (administrator) on DESKTOP-HV4MIBU (29-06-2017 22:11:41) Running from C:\Users\Thollu\Downloads Loaded Profiles: Thollu (Available Profiles: Thollu) Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Tanuki Software, Ltd.) C:\ManageEngine\PMP\bin\wrapper.exe (Oracle Corporation) C:\ManageEngine\PMP\jre\bin\java.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (PostgreSQL Global Development Group) C:\ManageEngine\PMP\pgsql\bin\postgres.exe (tuxler.com) C:\Program Files (x86)\Tuxler Proxy\TuxlerProxy.exe (Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe (Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe () C:\ManageEngine\PMP\PMP.exe () C:\Program Files (x86)\Tuxler Proxy\privoxy\privoxy.exe (Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [Tuxler] => C:\Program Files (x86)\Tuxler Proxy\TuxlerProxy.exe [2093056 2017-04-11] (tuxler.com) HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe [97976 2017-05-21] (Tencent) HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [NSYBCV4OS03F6KS] => C:\Program Files\70M1O7OBD9\KPTGW7UCC.exe [1040384 2017-06-29] (1BZQ) HKU\S-1-5-21-694308185-4116531498-1042364220-1001\...\Run: [wenc0pexoba] => C:\Users\Thollu\AppData\Roaming\pjassdfnj0p\izpqsndqqpl.exe [8192 2017-06-29] () Startup: C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMP Service Manager.lnk [2017-06-12] ShortcutTarget: PMP Service Manager.lnk -> C:\ManageEngine\PMP\PMP.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-694308185-4116531498-1042364220-1001] => Proxy is enabled. ProxyServer: [S-1-5-21-694308185-4116531498-1042364220-1001] => http=127.0.0.1:54321;https=127.0.0.1:54321;socks=127.0.0.1:12345 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{384595c0-cf1d-48ca-b657-fe423262bd73}: [DhcpNameServer] 192.168.43.1 ManualProxies: 1http=127.0.0.1:54321;https=127.0.0.1:54321;socks=127.0.0.1:12345 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = hxxp://go.microsoft.com/fwlink/?linkid=42826 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = hxxp://go.microsoft.com/fwlink/?linkid=42826 FireFox: ======== FF DefaultProfile: bb82mb5q.default FF ProfilePath: C:\Users\Thollu\AppData\Roaming\Mozilla\Firefox\Profiles\bb82mb5q.default [2017-06-29] FF NetworkProxy: Mozilla\Firefox\Profiles\bb82mb5q.default -> socks", "209.122.193.17" FF NetworkProxy: Mozilla\Firefox\Profiles\bb82mb5q.default -> socks_port", 14203 FF NetworkProxy: Mozilla\Firefox\Profiles\bb82mb5q.default -> type", 0 FF Extension: (Fast search) - C:\Users\Thollu\AppData\Roaming\Mozilla\Firefox\Profiles\bb82mb5q.default\Extensions\amcontextmenu@loucypher [2017-06-29] FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2017-05-21] (Tencent) FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2017-05-21] (Tencent) FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default [2017-06-29] CHR Extension: (Google Docs) - C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-02] CHR Extension: (Chrome Media Router) - C:\Users\Thollu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-06] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) S2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1045736 2016-07-20] (Broadcom Corporation) S2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [42216 2016-07-20] (Broadcom Corporation) R2 PMP; C:\ManageEngine\PMP\bin\wrapper.exe [636184 2017-06-02] (Tanuki Software, Ltd.) S2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (IDT, Inc.) R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [257760 2016-07-20] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation) S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 blackberryncm; C:\WINDOWS\System32\drivers\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry) R1 MpKsl53a34beb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{30148130-E750-454E-9832-734D78EF9E59}\MpKsl53a34beb.sys [44928 2017-06-29] (Microsoft Corporation) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-29 22:11 - 2017-06-29 22:12 - 00010180 _____ C:\Users\Thollu\Downloads\FRST.txt 2017-06-29 22:11 - 2017-06-29 22:11 - 00000000 ____D C:\FRST 2017-06-29 22:10 - 2017-06-29 22:10 - 02440704 _____ (Farbar) C:\Users\Thollu\Downloads\FRST64.exe 2017-06-29 16:07 - 2017-06-29 21:15 - 00000000 ____D C:\ProgramData\Avg 2017-06-29 16:07 - 2017-06-29 21:14 - 00000000 ____D C:\Users\Thollu\AppData\Local\AvgSetupLog 2017-06-29 16:07 - 2017-06-29 16:07 - 00000000 ____D C:\Users\Thollu\AppData\Local\Avg 2017-06-29 16:06 - 2017-06-29 16:07 - 03449448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Thollu\Downloads\Antivirus_Free_1856.exe 2017-06-29 10:44 - 2017-06-29 10:44 - 00000004 _____ C:\ProgramData\_lg.3sap 2017-06-29 10:40 - 2017-06-29 10:40 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\pjassdfnj0p 2017-06-29 10:39 - 2017-06-29 10:40 - 00000000 ____D C:\Program Files\70M1O7OBD9 2017-06-29 10:37 - 2017-06-29 10:43 - 00004318 _____ C:\ProgramData\_lg.1sap 2017-06-29 10:37 - 2017-06-29 10:43 - 00000128 _____ C:\ProgramData\_lg.2sap 2017-06-25 21:53 - 2017-06-25 21:59 - 00000000 ____D C:\Users\Thollu\Desktop\New folder (2) 2017-06-25 21:51 - 2017-06-25 21:52 - 00000000 ____D C:\Users\Thollu\Desktop\New folder 2017-06-23 06:37 - 2017-06-23 06:41 - 00000000 ____D C:\Users\Thollu\Desktop\site pics 2017-06-23 06:31 - 2017-06-23 06:34 - 136668472 _____ (Apple Inc.) C:\Users\Thollu\Downloads\iCloudSetup.exe 2017-06-12 14:23 - 2017-06-29 20:07 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7CC7FA45-8F64-47D3-846F-6DCCA7346F25} 2017-06-12 14:22 - 2017-06-12 14:22 - 00000000 ____D C:\ProgramData\Oracle 2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine Password Manager Pro 2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine Password Manager Pro 2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\ManageEngine 2017-06-12 13:57 - 2017-06-12 14:14 - 156035160 _____ (ZOHO Corp.) C:\Users\Thollu\Downloads\ManageEngine_PMP_64bit.exe 2017-06-10 02:27 - 2017-06-29 10:50 - 00000000 ___HD C:\Users\Thollu\Desktop\pic 2017-06-10 00:43 - 2017-06-10 00:43 - 00000654 _____ C:\Users\Public\Desktop\UDC Output Files.lnk 2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ___RD C:\Users\Thollu\Documents\UDC Output Files 2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\UDC Profiles 2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Document Converter 2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 ____D C:\Program Files (x86)\Universal Document Converter 2017-06-10 00:43 - 2016-11-05 13:58 - 00042456 _____ (fCoder Group, Inc.) C:\WINDOWS\system32\udcpm.dll 2017-06-10 00:43 - 2015-02-04 19:00 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll 2017-06-10 00:42 - 2017-06-10 00:43 - 24290480 _____ (fCoder SIA ) C:\Users\Thollu\Downloads\udc.exe 2017-06-10 00:27 - 2017-06-10 00:27 - 01130328 _____ (Google Inc.) C:\Users\Thollu\Downloads\ChromeSetup(1).exe 2017-06-10 00:14 - 2017-06-10 00:14 - 00064078 _____ C:\Users\Thollu\Downloads\p1.html 2017-06-09 23:28 - 2017-06-09 23:28 - 01316354 _____ C:\Users\Thollu\Downloads\jv020ssw.zip 2017-06-08 04:54 - 2017-06-08 04:54 - 00000000 ____D C:\Users\Thollu\Downloads\KPortScan 3.0 2017-06-08 04:45 - 2017-06-08 11:35 - 05124905 _____ C:\Users\Thollu\Downloads\KPortScan 3.0.zip 2017-06-08 04:14 - 2017-06-08 04:14 - 00000000 ____D C:\Users\Thollu\Downloads\DUBrute.2.2 with private user and pass list 2017-06-08 03:58 - 2017-06-08 03:58 - 00002532 _____ C:\Users\Thollu\Downloads\new1.txt 2017-06-08 02:17 - 2017-06-12 14:56 - 00000000 ____D C:\Users\Thollu\.zenmap 2017-06-08 02:17 - 2017-06-08 03:33 - 00001032 _____ C:\Users\Thollu\Desktop\Nmap - Zenmap GUI.lnk 2017-06-08 02:17 - 2017-06-08 02:17 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap 2017-06-08 02:15 - 2017-06-08 02:15 - 00000000 ____D C:\Users\Thollu\Downloads\Dubrute + VNC + Nmap ( pass = loveyou ) 2017-06-08 02:13 - 2017-06-08 02:14 - 24475972 _____ C:\Users\Thollu\Downloads\Dubrute + VNC + Nmap ( pass = loveyou ).rar 2017-06-08 00:54 - 2017-06-08 00:54 - 00000000 _____ C:\Users\Thollu\Downloads\vnc1.txt 2017-06-08 00:44 - 2017-06-08 00:44 - 00000000 ____D C:\Program Files\WinPcap 2017-06-08 00:42 - 2017-06-08 02:17 - 00000000 ____D C:\Program Files (x86)\Nmap 2017-06-08 00:15 - 2017-06-13 21:18 - 00002240 ____H C:\Users\Thollu\Documents\Default.rdp 2017-06-07 21:37 - 2017-06-07 22:02 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Apple Computer 2017-06-07 21:37 - 2017-06-07 21:37 - 00000000 ____D C:\Users\Thollu\AppData\Local\Apple Computer 2017-06-07 21:36 - 2017-06-07 21:36 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-06-07 21:36 - 2017-06-07 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-06-07 21:33 - 2017-06-07 21:36 - 00000000 ____D C:\Program Files\iTunes 2017-06-07 21:33 - 2017-06-07 21:33 - 00000000 ____D C:\ProgramData\Apple Computer 2017-06-07 21:33 - 2017-06-07 21:33 - 00000000 ____D C:\Program Files\iPod 2017-06-07 21:30 - 2017-06-07 21:30 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Users\Thollu\AppData\Local\Apple 2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files\Bonjour 2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files (x86)\Bonjour 2017-06-07 21:30 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2017-06-07 21:29 - 2017-06-07 21:30 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-06-07 21:28 - 2017-06-07 21:30 - 00000000 ____D C:\ProgramData\Apple 2017-06-07 20:59 - 2017-06-07 21:25 - 259195720 _____ (Apple Inc.) C:\Users\Thollu\Downloads\iTunes64Setup.exe 2017-06-07 00:12 - 2017-06-07 00:38 - 229151198 _____ C:\Users\Thollu\Downloads\Journey-to-the-West_-The-Demons-Strike-Back--2017----HDRip----mycoolmoviez.net.mp4 2017-06-05 02:28 - 2017-06-05 02:43 - 188165558 _____ C:\Users\Thollu\Downloads\Drone--2017----HDRip----mycoolmoviez.net.mp4 2017-06-02 20:48 - 2017-06-02 20:49 - 00003129 _____ C:\Users\Thollu\Downloads\Quickteller -GoTV 2017-06-01 20:05 - 2017-06-13 19:19 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2017-06-01 20:05 - 2017-06-08 01:13 - 00000000 ____D C:\ProgramData\BlueStacks 2017-06-01 19:18 - 2017-06-01 20:05 - 339047640 _____ (BlueStack Systems Inc.) C:\Users\Thollu\Downloads\BlueStacks2_native.exe 2017-05-30 18:18 - 2017-06-03 09:20 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-05-30 18:18 - 2017-05-30 18:18 - 00000000 ____D C:\Users\Thollu\AppData\LocalLow\Adobe 2017-05-30 18:18 - 2017-05-30 18:18 - 00000000 ____D C:\Users\Thollu\AppData\Local\CEF 2017-05-30 18:17 - 2017-05-30 18:20 - 00000000 ____D C:\ProgramData\Adobe 2017-05-30 18:17 - 2017-05-30 18:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-05-30 18:17 - 2017-05-30 18:17 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-05-30 18:14 - 2017-05-30 18:14 - 00000000 ____D C:\Users\Public\Thunder Network 2017-05-30 18:14 - 2017-05-30 18:14 - 00000000 ____D C:\ProgramData\Thunder Network 2017-05-30 17:46 - 2017-06-13 19:19 - 00000000 ____D C:\Program Files\TrueKey 2017-05-30 17:41 - 2017-05-30 18:18 - 00000000 ____D C:\Users\Thollu\AppData\Local\Adobe 2017-05-30 17:32 - 2017-05-30 17:33 - 01677255 _____ C:\Users\Thollu\Downloads\CE_TUMAsia_UndergraduateProgrammes_AY1416.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-29 15:53 - 2017-04-03 04:50 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-29 15:37 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Thollu\AppData\LocalLow\Mozilla 2017-06-29 15:36 - 2017-05-21 23:22 - 00000000 ____D C:\Users\Thollu\Documents\Tencent Files 2017-06-29 12:28 - 2017-04-03 04:50 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-29 10:41 - 2017-04-03 05:18 - 00000000 ____D C:\Users\Thollu 2017-06-29 10:41 - 2017-04-03 05:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-29 10:41 - 2017-04-03 05:07 - 00009900 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt 2017-06-29 10:41 - 2017-04-03 04:39 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2017-06-29 10:33 - 2017-04-02 10:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-06-29 10:33 - 2017-04-02 10:53 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-06-28 09:13 - 2017-05-27 18:53 - 00001023 _____ C:\Users\Thollu\Desktop\VirtualDJ 8.lnk 2017-06-27 23:37 - 2017-04-02 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-06-27 23:37 - 2017-04-02 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-06-25 22:57 - 2017-05-27 18:53 - 00000000 ____D C:\Users\Thollu\Documents\VirtualDJ 2017-06-24 23:22 - 2017-04-03 04:49 - 00000000 ____D C:\WINDOWS\INF 2017-06-23 06:43 - 2017-04-03 05:22 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-06-22 22:09 - 2017-04-03 04:43 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-22 16:13 - 2017-04-02 01:14 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-06-22 16:11 - 2017-04-02 01:14 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-06-20 17:47 - 2017-04-24 01:25 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-06-20 17:47 - 2017-04-03 05:21 - 00002366 _____ C:\Users\Thollu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-06-20 17:47 - 2017-04-03 05:21 - 00000000 ___RD C:\Users\Thollu\OneDrive 2017-06-14 22:48 - 2017-04-03 04:50 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-06-12 14:50 - 2017-04-03 07:46 - 00000000 ____D C:\Users\Thollu\.android 2017-06-08 01:12 - 2017-04-03 04:50 - 00000000 __RHD C:\Users\Public\Libraries 2017-06-08 01:10 - 2017-05-19 08:27 - 00000000 ____D C:\Users\Thollu\AppData\Local\Bluestacks 2017-06-06 21:30 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\vlc 2017-06-04 21:14 - 2017-05-27 18:53 - 00000000 ____D C:\Program Files (x86)\VirtualDJ 2017-06-03 04:07 - 2017-04-03 04:52 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-06-03 04:07 - 2017-04-03 04:52 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-06-01 20:10 - 2017-04-03 07:42 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2017-05-31 09:03 - 2017-04-03 04:57 - 00000000 ___DC C:\WINDOWS\Panther 2017-05-30 21:45 - 2017-04-02 01:18 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-05-30 18:18 - 2017-04-03 05:18 - 00000000 ____D C:\Users\Thollu\AppData\Roaming\Adobe ==================== Files in the root of some directories ======= 2017-06-29 10:37 - 2017-06-29 10:43 - 0004318 _____ () C:\ProgramData\_lg.1sap 2017-06-29 10:37 - 2017-06-29 10:43 - 0000128 _____ () C:\ProgramData\_lg.2sap 2017-06-29 10:44 - 2017-06-29 10:44 - 0000004 _____ () C:\ProgramData\_lg.3sap Some files in TEMP: ==================== 2017-06-08 01:10 - 2017-05-24 07:56 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\HD-Common.dll 2017-06-08 01:10 - 2017-05-24 07:57 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\HD-InstallerUtils.dll 2017-06-08 01:10 - 2017-05-24 07:54 - 0187416 _____ (BlueStack Systems) C:\Users\Thollu\AppData\Local\Temp\HD-LibraryHandler.dll 2017-05-19 08:27 - 2017-05-24 07:53 - 0246808 _____ (BlueStack Systems) C:\Users\Thollu\AppData\Local\Temp\HD-Logger-Native.dll 2017-05-19 08:27 - 2016-01-07 08:52 - 0128536 _____ (BlueStack Systems) C:\Users\Thollu\AppData\Local\Temp\HD-ShortcutHandler.dll 2017-06-08 01:10 - 2017-05-24 07:56 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\HD-Uninstaller.exe 2017-04-02 11:35 - 2017-04-02 11:35 - 0469256 _____ (Microsoft Corporation) C:\Users\Thollu\AppData\Local\Temp\InstallManager_GEN_GEN.exe 2017-06-29 10:36 - 2017-06-29 10:36 - 0382144 _____ () C:\Users\Thollu\AppData\Local\Temp\msclean.exe 2017-05-24 02:42 - 2017-05-24 02:42 - 0031096 _____ (Tencent) C:\Users\Thollu\AppData\Local\Temp\qqsafeud.exe 2017-05-19 08:27 - 2016-01-07 04:26 - 0495128 _____ (BlueStack Systems, Inc.) C:\Users\Thollu\AppData\Local\Temp\uninstall.exe 2017-06-04 21:13 - 2017-06-04 21:13 - 0084216 _____ () C:\Users\Thollu\AppData\Local\Temp\VirtualDJ New Version.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-24 18:43 ==================== End of FRST.txt ============================[/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top