Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by user (administrator) on USER-PC (06-04-2017 14:50:11)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1945000 2017-03-30] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-2884600819-2253721503-3205193815-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.0 serius.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89972C73-27A6-4EF9-BC26-D095BAD7368D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2884600819-2253721503-3205193815-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ae/?ocid=iehp
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-06] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-03-30] (Qihu 360 Software Co., Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-06] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\New folder\bin\ssv.dll [2017-03-06] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2017-03-30] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\New folder\bin\jp2ssv.dll [2017-03-06] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\igm3omc3.default [2017-04-06]
FF Extension: (GPU Process on Windows (Beta 53)) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\igm3omc3.default\Extensions\gpu-process-beta53@experiments.mozilla.org.xpi [2017-04-04]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-06] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-06] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> D:\New folder\bin\dtplugin\npDeployJava1.dll [2017-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> D:\New folder\bin\plugin2\npjp2.dll [2017-03-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2017-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2017-03-06] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-04-06]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-06]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-06]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-06]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [928168 2017-03-30] (QIHU 360 SOFTWARE CO. LIMITED)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
S2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2017-03-06] (RealNetworks, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe [440832 2016-12-07] (Wondershare) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2017-03-30] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-03-30] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-03-30] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-03-30] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2017-03-30] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2017-03-30] (360.cn)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-14] (Advanced Micro Devices, Inc.)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2017-03-30] (360.cn)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-05] (Intel Corporation)
S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-06] (Malwarebytes)
R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2017-04-06] (secr9tos) [File not signed]
S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-06 14:50 - 2017-04-06 14:50 - 00010928 _____ C:\Users\user\Downloads\FRST.txt
2017-04-06 14:49 - 2017-04-06 14:50 - 00000000 ____D C:\FRST
2017-04-06 14:49 - 2017-04-06 14:49 - 02424832 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2017-04-06 14:46 - 2017-04-06 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\ZHP
2017-04-06 14:46 - 2017-04-06 14:47 - 00000000 ____D C:\Users\user\AppData\Local\ZHP
2017-04-06 14:46 - 2017-04-06 14:46 - 02716160 _____ C:\Users\user\Downloads\ZHPDiag3.exe
2017-04-06 14:46 - 2017-04-06 14:46 - 00000781 _____ C:\Users\user\Desktop\ZHPDiag.lnk
2017-04-06 02:31 - 2017-04-06 14:44 - 00170670 _____ C:\Windows\ntbtlog.txt
2017-04-06 01:34 - 2017-04-06 01:34 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 01:34 - 2017-04-06 01:34 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-06 01:33 - 2017-04-06 01:34 - 01129376 _____ (Google Inc.) C:\Users\user\Downloads\ChromeSetup.exe
2017-04-06 01:01 - 2017-04-06 01:01 - 00014075 _____ C:\Users\user\Downloads\officescan-xp-en.exe
2017-04-06 00:51 - 2017-04-06 00:51 - 00417168 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-05 02:44 - 2017-04-05 02:44 - 00049152 _____ C:\Users\user\Documents\cc_20170405_024312.reg
2017-04-05 02:32 - 2017-04-05 02:32 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-04-05 02:32 - 2017-04-05 02:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-05 02:32 - 2017-04-05 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-05 02:32 - 2017-04-05 02:32 - 00000000 ____D C:\Program Files\CCleaner
2017-04-05 02:03 - 2017-04-05 02:03 - 00109656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 01:59 - 2017-04-05 01:59 - 00000000 __SHD C:\$360Section
2017-04-05 01:57 - 2017-04-05 01:59 - 00000000 ____D C:\ProgramData\360Quarant
2017-04-05 01:56 - 2017-04-05 01:56 - 00000000 ____D C:\Windows\Tasks\360Disabled
2017-04-05 01:55 - 2017-04-05 01:55 - 00000000 ____D C:\Users\user\AppData\Roaming\360TotalSecurity
2017-04-05 01:55 - 2017-03-30 12:02 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2017-04-05 01:54 - 2017-04-06 02:22 - 00000000 ____D C:\Users\user\AppData\LocalLow\360WD
2017-04-05 01:54 - 2017-04-05 01:56 - 00000000 ____D C:\ProgramData\360safe
2017-04-05 01:54 - 2017-04-05 01:55 - 00000000 ____D C:\ProgramData\360TotalSecurity
2017-04-05 01:54 - 2017-04-05 01:54 - 00000000 _RSHD C:\360SANDBOX
2017-04-05 01:48 - 2017-04-05 01:56 - 00000000 ____D C:\Users\user\AppData\Roaming\360safe
2017-04-05 01:48 - 2017-04-05 01:48 - 00001153 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2017-04-05 01:48 - 2017-04-05 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-04-05 01:48 - 2017-04-05 01:48 - 00000000 ____D C:\Program Files (x86)\360
2017-04-05 01:48 - 2017-03-30 12:02 - 00391392 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2017-04-05 01:48 - 2017-03-30 12:02 - 00330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2017-04-05 01:48 - 2017-03-30 12:02 - 00188864 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2017-04-05 01:48 - 2017-03-30 12:02 - 00151784 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2017-04-05 01:48 - 2017-03-30 12:02 - 00086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2017-04-05 01:48 - 2017-03-30 12:02 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2017-04-05 01:47 - 2017-04-05 01:47 - 51200944 _____ C:\Users\user\Downloads\360TS_Setup.exe
2017-04-05 01:47 - 2017-04-05 01:47 - 01477032 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\user\Downloads\360TS_Setup_Mini.exe
2017-04-05 01:46 - 2017-04-05 01:47 - 09274608 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup528.exe
2017-04-05 01:45 - 2017-04-05 01:45 - 00000000 ____D C:\Users\user\Downloads\backups
2017-04-05 01:42 - 2017-04-05 01:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe
2017-04-05 01:27 - 2017-04-05 01:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-04-05 01:24 - 2017-04-06 02:05 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-05 01:24 - 2017-04-05 02:17 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-05 01:24 - 2017-04-05 02:17 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-05 01:24 - 2017-04-05 01:24 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-05 01:24 - 2017-04-05 01:24 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-05 01:24 - 2017-04-05 01:24 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-05 01:24 - 2017-04-05 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-05 01:24 - 2017-04-05 01:24 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-05 01:24 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-05 01:23 - 2017-04-05 01:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-05 01:23 - 2017-04-05 01:23 - 00000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2017-04-05 01:18 - 2017-04-05 01:18 - 59814126 _____ C:\Users\user\Downloads\Malwarebytes.Premium.v3.0.6.1469.zip
2017-04-05 01:16 - 2017-04-05 01:22 - 179133191 _____ C:\Users\user\Downloads\kis17.0.0.611aen_ar_11402 by TAWAB.rar
2017-04-04 16:01 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\Liveme55957
2017-04-04 16:01 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\b1803
2017-04-04 16:01 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\b1802
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\Yn56400
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0391
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\Morena
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\LiveMe58280
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\LiveMe42463
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\LiveMe23195
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\b1801
2017-04-04 15:54 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0392
2017-04-04 15:53 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0395
2017-04-04 15:53 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0381
2017-04-04 15:53 - 2017-04-04 15:53 - 00000000 ____D C:\Users\user\Downloads\9VBjQkWEfso
2017-04-04 00:11 - 2017-04-04 00:11 - 00000000 ____D C:\ProgramData\GridinSoft
2017-04-04 00:09 - 2017-04-04 16:11 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2017-03-27 01:55 - 2017-03-27 01:55 - 00000000 ____D C:\Users\user\Downloads\برامج
2017-03-24 15:13 - 2017-04-04 17:16 - 00000000 ____D C:\Users\user\AppData\Local\JDownloader v2.0
2017-03-24 15:11 - 2017-03-24 15:11 - 00248946 _____ C:\Users\user\Desktop\Install JDownloader.rar
2017-03-20 01:35 - 2017-03-20 01:35 - 00001987 _____ C:\Users\user\Desktop\Skype Launcher.lnk
2017-03-20 00:38 - 2017-04-05 01:56 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-20 00:38 - 2017-03-20 00:38 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-20 00:38 - 2017-03-20 00:38 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2017-03-20 00:37 - 2017-04-06 01:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-20 00:37 - 2017-03-20 00:38 - 00000000 ___HD C:\Windows\AxInstSV
2017-03-17 19:32 - 2017-04-06 14:44 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-03-16 01:16 - 2017-04-03 02:52 - 00000687 _____ C:\Users\user\Desktop\New Text Document.txt
2017-03-10 18:01 - 2017-03-24 17:27 - 00004536 _____ C:\Users\user\AppData\Roaming\CamStudio.cfg
2017-03-10 18:01 - 2017-03-24 17:27 - 00000408 _____ C:\Users\user\AppData\Roaming\CamShapes.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 00000408 _____ C:\Users\user\AppData\Roaming\CamLayout.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 00000102 _____ C:\Users\user\AppData\Roaming\Camdata.ini
2017-03-10 17:59 - 2017-03-24 17:15 - 00000000 ____D C:\Users\user\Documents\My CamStudio Temp Files
2017-03-10 17:59 - 2017-03-24 17:04 - 00000096 _____ C:\Users\user\AppData\Roaming\version2.xml
2017-03-10 17:59 - 2017-03-24 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2017-03-10 17:59 - 2017-03-10 17:59 - 00000867 _____ C:\Users\user\Desktop\CamStudio.lnk
2017-03-10 17:59 - 2017-03-10 17:59 - 00000000 ____D C:\Users\user\Documents\My CamStudio Videos
2017-03-10 17:59 - 2017-03-10 17:59 - 00000000 ____D C:\Program Files\CamStudio 2.7
2017-03-10 17:58 - 2017-03-10 17:58 - 00000000 ____D C:\ProgramData\McAfee
2017-03-10 17:58 - 2017-03-10 17:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-10 16:53 - 2017-03-10 16:56 - 85509194 _____ C:\Users\user\Desktop\Magicuneraser.rar
2017-03-10 04:13 - 2017-03-10 04:13 - 00000000 ____D C:\Users\user\Desktop\Recovery _ Patched by a7mdrat
2017-03-10 04:04 - 2017-03-10 04:04 - 00000000 ____D C:\Users\user\licman
2017-03-10 04:04 - 2017-03-10 04:04 - 00000000 ____D C:\Users\user\frc64
2017-03-10 03:43 - 2017-04-04 17:28 - 00000000 ____D C:\Program Files\A-FF Find and Mount
2017-03-10 03:38 - 2017-03-10 03:38 - 00000000 ____D C:\Program Files\EaseUS
2017-03-10 01:50 - 2017-03-10 01:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-03-10 01:43 - 2017-03-10 01:43 - 00000000 ____D C:\Users\user\Desktop\Wondershare Dr.Fone for Android 6.1.1.35
2017-03-10 01:43 - 2017-03-10 01:43 - 00000000 ____D C:\ProgramData\wsr
2017-03-10 01:41 - 2017-03-10 01:42 - 00000000 ____D C:\Users\user\.android
2017-03-10 01:41 - 2017-03-10 01:41 - 00000000 ____D C:\Users\user\AppData\Roaming\HMYGSetting
2017-03-10 01:29 - 2017-04-04 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-03-10 01:29 - 2017-03-10 01:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Wondershare
2017-03-10 01:29 - 2016-09-27 16:28 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2017-03-10 01:28 - 2017-03-10 01:47 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-03-10 01:28 - 2017-03-10 01:29 - 00000000 ____D C:\ProgramData\Wondershare
2017-03-10 00:58 - 2017-03-10 00:58 - 00000000 ____D C:\ProgramData\TEMP
2017-03-09 01:33 - 2017-03-09 01:33 - 00000000 ____D C:\Users\Public\Desktop\Other Stuff
2017-03-09 01:33 - 2017-03-09 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Launcher
2017-03-09 01:33 - 2017-03-09 01:33 - 00000000 ____D C:\Program Files (x86)\SkypeLauncher
2017-03-09 00:46 - 2017-03-09 00:46 - 00000000 ____D C:\Windows\pss
2017-03-08 00:50 - 2017-03-08 00:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-08 00:50 - 2017-03-08 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-08 00:49 - 2015-07-18 17:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-06 14:43 - 2017-03-06 22:47 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys
2017-04-06 02:57 - 2017-03-06 13:56 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-04-06 02:57 - 2017-03-06 13:54 - 00000000 ____D C:\Users\user\AppData\Roaming\MPC-HC
2017-04-06 02:19 - 2009-07-14 08:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-06 02:19 - 2009-07-14 08:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-06 02:17 - 2009-07-14 09:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-06 02:17 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\inf
2017-04-06 02:14 - 2017-03-06 11:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2017-04-06 02:11 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 02:10 - 2017-03-06 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-06 01:34 - 2017-03-06 11:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-06 00:56 - 2017-03-06 11:09 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F395EA64-AB3E-436F-B1AB-08FF63F1F222}
2017-04-05 02:38 - 2017-03-06 22:47 - 00000000 ____D C:\Windows\Panther
2017-04-05 02:00 - 2009-07-14 09:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-04-05 01:59 - 2017-03-06 11:14 - 00003422 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2017-04-05 01:59 - 2017-03-06 11:14 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2884600819-2253721503-3205193815-1000
2017-04-05 01:59 - 2017-03-06 11:14 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2884600819-2253721503-3205193815-1000
2017-04-04 17:50 - 2017-03-06 11:58 - 00001945 _____ C:\Windows\epplauncher.mif
2017-04-04 16:11 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\registration
2017-03-30 23:08 - 2010-11-21 07:27 - 00513192 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-30 02:20 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-24 18:26 - 2017-03-06 15:01 - 00000000 ____D C:\Users\user\Desktop\cccc
2017-03-17 17:23 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\rescache
2017-03-16 01:04 - 2017-03-06 11:16 - 00000000 ____D C:\ProgramData\Skype
2017-03-10 17:59 - 2009-07-14 07:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-03-10 01:43 - 2017-03-06 10:55 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2017-03-08 00:59 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-08 00:50 - 2017-03-06 11:16 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-08 00:48 - 2017-03-06 11:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-08 00:46 - 2017-03-06 14:27 - 00000000 ____D C:\Program Files (x86)\Java
==================== Files in the root of some directories =======
2017-03-10 18:01 - 2017-03-24 17:27 - 0000102 _____ () C:\Users\user\AppData\Roaming\Camdata.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamLayout.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamShapes.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 0004536 _____ () C:\Users\user\AppData\Roaming\CamStudio.cfg
2017-03-10 17:59 - 2017-03-24 17:04 - 0000096 _____ () C:\Users\user\AppData\Roaming\version2.xml
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION
LastRegBack: 2017-04-04 16:43
==================== End of FRST.txt ============================
Ran by user (administrator) on USER-PC (06-04-2017 14:50:11)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1945000 2017-03-30] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-2884600819-2253721503-3205193815-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.0 serius.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89972C73-27A6-4EF9-BC26-D095BAD7368D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2884600819-2253721503-3205193815-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ae/?ocid=iehp
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-06] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-03-30] (Qihu 360 Software Co., Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-06] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\New folder\bin\ssv.dll [2017-03-06] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2017-03-30] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\New folder\bin\jp2ssv.dll [2017-03-06] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\igm3omc3.default [2017-04-06]
FF Extension: (GPU Process on Windows (Beta 53)) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\igm3omc3.default\Extensions\gpu-process-beta53@experiments.mozilla.org.xpi [2017-04-04]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-06] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-06] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> D:\New folder\bin\dtplugin\npDeployJava1.dll [2017-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> D:\New folder\bin\plugin2\npjp2.dll [2017-03-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2017-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2017-03-06] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-04-06]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-06]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-06]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-06]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [928168 2017-03-30] (QIHU 360 SOFTWARE CO. LIMITED)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
S2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2017-03-06] (RealNetworks, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe [440832 2016-12-07] (Wondershare) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2017-03-30] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-03-30] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-03-30] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-03-30] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2017-03-30] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2017-03-30] (360.cn)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-14] (Advanced Micro Devices, Inc.)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2017-03-30] (360.cn)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-05] (Intel Corporation)
S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-06] (Malwarebytes)
R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2017-04-06] (secr9tos) [File not signed]
S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-06 14:50 - 2017-04-06 14:50 - 00010928 _____ C:\Users\user\Downloads\FRST.txt
2017-04-06 14:49 - 2017-04-06 14:50 - 00000000 ____D C:\FRST
2017-04-06 14:49 - 2017-04-06 14:49 - 02424832 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2017-04-06 14:46 - 2017-04-06 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\ZHP
2017-04-06 14:46 - 2017-04-06 14:47 - 00000000 ____D C:\Users\user\AppData\Local\ZHP
2017-04-06 14:46 - 2017-04-06 14:46 - 02716160 _____ C:\Users\user\Downloads\ZHPDiag3.exe
2017-04-06 14:46 - 2017-04-06 14:46 - 00000781 _____ C:\Users\user\Desktop\ZHPDiag.lnk
2017-04-06 02:31 - 2017-04-06 14:44 - 00170670 _____ C:\Windows\ntbtlog.txt
2017-04-06 01:34 - 2017-04-06 01:34 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 01:34 - 2017-04-06 01:34 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-06 01:33 - 2017-04-06 01:34 - 01129376 _____ (Google Inc.) C:\Users\user\Downloads\ChromeSetup.exe
2017-04-06 01:01 - 2017-04-06 01:01 - 00014075 _____ C:\Users\user\Downloads\officescan-xp-en.exe
2017-04-06 00:51 - 2017-04-06 00:51 - 00417168 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-05 02:44 - 2017-04-05 02:44 - 00049152 _____ C:\Users\user\Documents\cc_20170405_024312.reg
2017-04-05 02:32 - 2017-04-05 02:32 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-04-05 02:32 - 2017-04-05 02:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-05 02:32 - 2017-04-05 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-05 02:32 - 2017-04-05 02:32 - 00000000 ____D C:\Program Files\CCleaner
2017-04-05 02:03 - 2017-04-05 02:03 - 00109656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 01:59 - 2017-04-05 01:59 - 00000000 __SHD C:\$360Section
2017-04-05 01:57 - 2017-04-05 01:59 - 00000000 ____D C:\ProgramData\360Quarant
2017-04-05 01:56 - 2017-04-05 01:56 - 00000000 ____D C:\Windows\Tasks\360Disabled
2017-04-05 01:55 - 2017-04-05 01:55 - 00000000 ____D C:\Users\user\AppData\Roaming\360TotalSecurity
2017-04-05 01:55 - 2017-03-30 12:02 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2017-04-05 01:54 - 2017-04-06 02:22 - 00000000 ____D C:\Users\user\AppData\LocalLow\360WD
2017-04-05 01:54 - 2017-04-05 01:56 - 00000000 ____D C:\ProgramData\360safe
2017-04-05 01:54 - 2017-04-05 01:55 - 00000000 ____D C:\ProgramData\360TotalSecurity
2017-04-05 01:54 - 2017-04-05 01:54 - 00000000 _RSHD C:\360SANDBOX
2017-04-05 01:48 - 2017-04-05 01:56 - 00000000 ____D C:\Users\user\AppData\Roaming\360safe
2017-04-05 01:48 - 2017-04-05 01:48 - 00001153 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2017-04-05 01:48 - 2017-04-05 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-04-05 01:48 - 2017-04-05 01:48 - 00000000 ____D C:\Program Files (x86)\360
2017-04-05 01:48 - 2017-03-30 12:02 - 00391392 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2017-04-05 01:48 - 2017-03-30 12:02 - 00330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2017-04-05 01:48 - 2017-03-30 12:02 - 00188864 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2017-04-05 01:48 - 2017-03-30 12:02 - 00151784 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2017-04-05 01:48 - 2017-03-30 12:02 - 00086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2017-04-05 01:48 - 2017-03-30 12:02 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2017-04-05 01:47 - 2017-04-05 01:47 - 51200944 _____ C:\Users\user\Downloads\360TS_Setup.exe
2017-04-05 01:47 - 2017-04-05 01:47 - 01477032 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\user\Downloads\360TS_Setup_Mini.exe
2017-04-05 01:46 - 2017-04-05 01:47 - 09274608 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup528.exe
2017-04-05 01:45 - 2017-04-05 01:45 - 00000000 ____D C:\Users\user\Downloads\backups
2017-04-05 01:42 - 2017-04-05 01:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe
2017-04-05 01:27 - 2017-04-05 01:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-04-05 01:24 - 2017-04-06 02:05 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-05 01:24 - 2017-04-05 02:17 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-05 01:24 - 2017-04-05 02:17 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-05 01:24 - 2017-04-05 01:24 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-05 01:24 - 2017-04-05 01:24 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-05 01:24 - 2017-04-05 01:24 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-05 01:24 - 2017-04-05 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-05 01:24 - 2017-04-05 01:24 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-05 01:24 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-05 01:23 - 2017-04-05 01:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-05 01:23 - 2017-04-05 01:23 - 00000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2017-04-05 01:18 - 2017-04-05 01:18 - 59814126 _____ C:\Users\user\Downloads\Malwarebytes.Premium.v3.0.6.1469.zip
2017-04-05 01:16 - 2017-04-05 01:22 - 179133191 _____ C:\Users\user\Downloads\kis17.0.0.611aen_ar_11402 by TAWAB.rar
2017-04-04 16:01 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\Liveme55957
2017-04-04 16:01 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\b1803
2017-04-04 16:01 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\b1802
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\Yn56400
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0391
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\Morena
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\LiveMe58280
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\LiveMe42463
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\LiveMe23195
2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\b1801
2017-04-04 15:54 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0392
2017-04-04 15:53 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0395
2017-04-04 15:53 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0381
2017-04-04 15:53 - 2017-04-04 15:53 - 00000000 ____D C:\Users\user\Downloads\9VBjQkWEfso
2017-04-04 00:11 - 2017-04-04 00:11 - 00000000 ____D C:\ProgramData\GridinSoft
2017-04-04 00:09 - 2017-04-04 16:11 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2017-03-27 01:55 - 2017-03-27 01:55 - 00000000 ____D C:\Users\user\Downloads\برامج
2017-03-24 15:13 - 2017-04-04 17:16 - 00000000 ____D C:\Users\user\AppData\Local\JDownloader v2.0
2017-03-24 15:11 - 2017-03-24 15:11 - 00248946 _____ C:\Users\user\Desktop\Install JDownloader.rar
2017-03-20 01:35 - 2017-03-20 01:35 - 00001987 _____ C:\Users\user\Desktop\Skype Launcher.lnk
2017-03-20 00:38 - 2017-04-05 01:56 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-20 00:38 - 2017-03-20 00:38 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-20 00:38 - 2017-03-20 00:38 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2017-03-20 00:37 - 2017-04-06 01:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-20 00:37 - 2017-03-20 00:38 - 00000000 ___HD C:\Windows\AxInstSV
2017-03-17 19:32 - 2017-04-06 14:44 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-03-16 01:16 - 2017-04-03 02:52 - 00000687 _____ C:\Users\user\Desktop\New Text Document.txt
2017-03-10 18:01 - 2017-03-24 17:27 - 00004536 _____ C:\Users\user\AppData\Roaming\CamStudio.cfg
2017-03-10 18:01 - 2017-03-24 17:27 - 00000408 _____ C:\Users\user\AppData\Roaming\CamShapes.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 00000408 _____ C:\Users\user\AppData\Roaming\CamLayout.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 00000102 _____ C:\Users\user\AppData\Roaming\Camdata.ini
2017-03-10 17:59 - 2017-03-24 17:15 - 00000000 ____D C:\Users\user\Documents\My CamStudio Temp Files
2017-03-10 17:59 - 2017-03-24 17:04 - 00000096 _____ C:\Users\user\AppData\Roaming\version2.xml
2017-03-10 17:59 - 2017-03-24 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2017-03-10 17:59 - 2017-03-10 17:59 - 00000867 _____ C:\Users\user\Desktop\CamStudio.lnk
2017-03-10 17:59 - 2017-03-10 17:59 - 00000000 ____D C:\Users\user\Documents\My CamStudio Videos
2017-03-10 17:59 - 2017-03-10 17:59 - 00000000 ____D C:\Program Files\CamStudio 2.7
2017-03-10 17:58 - 2017-03-10 17:58 - 00000000 ____D C:\ProgramData\McAfee
2017-03-10 17:58 - 2017-03-10 17:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-10 16:53 - 2017-03-10 16:56 - 85509194 _____ C:\Users\user\Desktop\Magicuneraser.rar
2017-03-10 04:13 - 2017-03-10 04:13 - 00000000 ____D C:\Users\user\Desktop\Recovery _ Patched by a7mdrat
2017-03-10 04:04 - 2017-03-10 04:04 - 00000000 ____D C:\Users\user\licman
2017-03-10 04:04 - 2017-03-10 04:04 - 00000000 ____D C:\Users\user\frc64
2017-03-10 03:43 - 2017-04-04 17:28 - 00000000 ____D C:\Program Files\A-FF Find and Mount
2017-03-10 03:38 - 2017-03-10 03:38 - 00000000 ____D C:\Program Files\EaseUS
2017-03-10 01:50 - 2017-03-10 01:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-03-10 01:43 - 2017-03-10 01:43 - 00000000 ____D C:\Users\user\Desktop\Wondershare Dr.Fone for Android 6.1.1.35
2017-03-10 01:43 - 2017-03-10 01:43 - 00000000 ____D C:\ProgramData\wsr
2017-03-10 01:41 - 2017-03-10 01:42 - 00000000 ____D C:\Users\user\.android
2017-03-10 01:41 - 2017-03-10 01:41 - 00000000 ____D C:\Users\user\AppData\Roaming\HMYGSetting
2017-03-10 01:29 - 2017-04-04 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-03-10 01:29 - 2017-03-10 01:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Wondershare
2017-03-10 01:29 - 2016-09-27 16:28 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2017-03-10 01:28 - 2017-03-10 01:47 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-03-10 01:28 - 2017-03-10 01:29 - 00000000 ____D C:\ProgramData\Wondershare
2017-03-10 00:58 - 2017-03-10 00:58 - 00000000 ____D C:\ProgramData\TEMP
2017-03-09 01:33 - 2017-03-09 01:33 - 00000000 ____D C:\Users\Public\Desktop\Other Stuff
2017-03-09 01:33 - 2017-03-09 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Launcher
2017-03-09 01:33 - 2017-03-09 01:33 - 00000000 ____D C:\Program Files (x86)\SkypeLauncher
2017-03-09 00:46 - 2017-03-09 00:46 - 00000000 ____D C:\Windows\pss
2017-03-08 00:50 - 2017-03-08 00:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-08 00:50 - 2017-03-08 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-08 00:49 - 2015-07-18 17:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-06 14:43 - 2017-03-06 22:47 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys
2017-04-06 02:57 - 2017-03-06 13:56 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-04-06 02:57 - 2017-03-06 13:54 - 00000000 ____D C:\Users\user\AppData\Roaming\MPC-HC
2017-04-06 02:19 - 2009-07-14 08:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-06 02:19 - 2009-07-14 08:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-06 02:17 - 2009-07-14 09:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-06 02:17 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\inf
2017-04-06 02:14 - 2017-03-06 11:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2017-04-06 02:11 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 02:10 - 2017-03-06 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-06 01:34 - 2017-03-06 11:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-06 00:56 - 2017-03-06 11:09 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F395EA64-AB3E-436F-B1AB-08FF63F1F222}
2017-04-05 02:38 - 2017-03-06 22:47 - 00000000 ____D C:\Windows\Panther
2017-04-05 02:00 - 2009-07-14 09:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-04-05 01:59 - 2017-03-06 11:14 - 00003422 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2017-04-05 01:59 - 2017-03-06 11:14 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2884600819-2253721503-3205193815-1000
2017-04-05 01:59 - 2017-03-06 11:14 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2884600819-2253721503-3205193815-1000
2017-04-04 17:50 - 2017-03-06 11:58 - 00001945 _____ C:\Windows\epplauncher.mif
2017-04-04 16:11 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\registration
2017-03-30 23:08 - 2010-11-21 07:27 - 00513192 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-30 02:20 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-24 18:26 - 2017-03-06 15:01 - 00000000 ____D C:\Users\user\Desktop\cccc
2017-03-17 17:23 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\rescache
2017-03-16 01:04 - 2017-03-06 11:16 - 00000000 ____D C:\ProgramData\Skype
2017-03-10 17:59 - 2009-07-14 07:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-03-10 01:43 - 2017-03-06 10:55 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2017-03-08 00:59 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-08 00:50 - 2017-03-06 11:16 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-08 00:48 - 2017-03-06 11:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-08 00:46 - 2017-03-06 14:27 - 00000000 ____D C:\Program Files (x86)\Java
==================== Files in the root of some directories =======
2017-03-10 18:01 - 2017-03-24 17:27 - 0000102 _____ () C:\Users\user\AppData\Roaming\Camdata.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamLayout.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamShapes.ini
2017-03-10 18:01 - 2017-03-24 17:27 - 0004536 _____ () C:\Users\user\AppData\Roaming\CamStudio.cfg
2017-03-10 17:59 - 2017-03-24 17:04 - 0000096 _____ () C:\Users\user\AppData\Roaming\version2.xml
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION
LastRegBack: 2017-04-04 16:43
==================== End of FRST.txt ============================