Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Ran by user (administrator) on USER-PC (06-04-2017 14:50:11) Running from C:\Users\user\Downloads Loaded Profiles: user (Available Profiles: user) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1945000 2017-03-30] (QIHU 360 SOFTWARE CO. LIMITED) HKU\S-1-5-21-2884600819-2253721503-3205193815-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.0 serius.mwbsys.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{89972C73-27A6-4EF9-BC26-D095BAD7368D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2884600819-2253721503-3205193815-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ae/?ocid=iehp BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-06] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-03-30] (Qihu 360 Software Co., Ltd.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-06] (Oracle Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\New folder\bin\ssv.dll [2017-03-06] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2017-03-30] (Qihu 360 Software Co., Ltd.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\New folder\bin\jp2ssv.dll [2017-03-06] (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\igm3omc3.default [2017-04-06] FF Extension: (GPU Process on Windows (Beta 53)) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\igm3omc3.default\Extensions\gpu-process-beta53@experiments.mozilla.org.xpi [2017-04-04] FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-06] [not signed] FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-06] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-06] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> D:\New folder\bin\dtplugin\npDeployJava1.dll [2017-03-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> D:\New folder\bin\plugin2\npjp2.dll [2017-03-06] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2017-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2017-03-06] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-04-06] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-06] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-06] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-06] CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-15] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-06] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [928168 2017-03-30] (QIHU 360 SOFTWARE CO. LIMITED) S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] () S2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2017-03-06] (RealNetworks, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe [440832 2016-12-07] (Wondershare) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2017-03-30] (360.cn) S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-03-30] (360.cn) S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-03-30] (360.cn) S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-03-30] (360.cn) S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2017-03-30] (360.cn) S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2017-03-30] (360.cn) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-14] (Advanced Micro Devices, Inc.) S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2017-03-30] (360.cn) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-05] (Intel Corporation) S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-06] (Malwarebytes) R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2017-04-06] (secr9tos) [File not signed] S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain) S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain) S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain) S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-06 14:50 - 2017-04-06 14:50 - 00010928 _____ C:\Users\user\Downloads\FRST.txt 2017-04-06 14:49 - 2017-04-06 14:50 - 00000000 ____D C:\FRST 2017-04-06 14:49 - 2017-04-06 14:49 - 02424832 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2017-04-06 14:46 - 2017-04-06 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\ZHP 2017-04-06 14:46 - 2017-04-06 14:47 - 00000000 ____D C:\Users\user\AppData\Local\ZHP 2017-04-06 14:46 - 2017-04-06 14:46 - 02716160 _____ C:\Users\user\Downloads\ZHPDiag3.exe 2017-04-06 14:46 - 2017-04-06 14:46 - 00000781 _____ C:\Users\user\Desktop\ZHPDiag.lnk 2017-04-06 02:31 - 2017-04-06 14:44 - 00170670 _____ C:\Windows\ntbtlog.txt 2017-04-06 01:34 - 2017-04-06 01:34 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-06 01:34 - 2017-04-06 01:34 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-04-06 01:33 - 2017-04-06 01:34 - 01129376 _____ (Google Inc.) C:\Users\user\Downloads\ChromeSetup.exe 2017-04-06 01:01 - 2017-04-06 01:01 - 00014075 _____ C:\Users\user\Downloads\officescan-xp-en.exe 2017-04-06 00:51 - 2017-04-06 00:51 - 00417168 _____ C:\Windows\system32\FNTCACHE.DAT 2017-04-05 02:44 - 2017-04-05 02:44 - 00049152 _____ C:\Users\user\Documents\cc_20170405_024312.reg 2017-04-05 02:32 - 2017-04-05 02:32 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-04-05 02:32 - 2017-04-05 02:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-04-05 02:32 - 2017-04-05 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-04-05 02:32 - 2017-04-05 02:32 - 00000000 ____D C:\Program Files\CCleaner 2017-04-05 02:03 - 2017-04-05 02:03 - 00109656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2017-04-05 01:59 - 2017-04-05 01:59 - 00000000 __SHD C:\$360Section 2017-04-05 01:57 - 2017-04-05 01:59 - 00000000 ____D C:\ProgramData\360Quarant 2017-04-05 01:56 - 2017-04-05 01:56 - 00000000 ____D C:\Windows\Tasks\360Disabled 2017-04-05 01:55 - 2017-04-05 01:55 - 00000000 ____D C:\Users\user\AppData\Roaming\360TotalSecurity 2017-04-05 01:55 - 2017-03-30 12:02 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys 2017-04-05 01:54 - 2017-04-06 02:22 - 00000000 ____D C:\Users\user\AppData\LocalLow\360WD 2017-04-05 01:54 - 2017-04-05 01:56 - 00000000 ____D C:\ProgramData\360safe 2017-04-05 01:54 - 2017-04-05 01:55 - 00000000 ____D C:\ProgramData\360TotalSecurity 2017-04-05 01:54 - 2017-04-05 01:54 - 00000000 _RSHD C:\360SANDBOX 2017-04-05 01:48 - 2017-04-05 01:56 - 00000000 ____D C:\Users\user\AppData\Roaming\360safe 2017-04-05 01:48 - 2017-04-05 01:48 - 00001153 _____ C:\Users\Public\Desktop\360 Total Security.lnk 2017-04-05 01:48 - 2017-04-05 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2017-04-05 01:48 - 2017-04-05 01:48 - 00000000 ____D C:\Program Files (x86)\360 2017-04-05 01:48 - 2017-03-30 12:02 - 00391392 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys 2017-04-05 01:48 - 2017-03-30 12:02 - 00330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys 2017-04-05 01:48 - 2017-03-30 12:02 - 00188864 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS 2017-04-05 01:48 - 2017-03-30 12:02 - 00151784 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys 2017-04-05 01:48 - 2017-03-30 12:02 - 00086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys 2017-04-05 01:48 - 2017-03-30 12:02 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys 2017-04-05 01:47 - 2017-04-05 01:47 - 51200944 _____ C:\Users\user\Downloads\360TS_Setup.exe 2017-04-05 01:47 - 2017-04-05 01:47 - 01477032 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\user\Downloads\360TS_Setup_Mini.exe 2017-04-05 01:46 - 2017-04-05 01:47 - 09274608 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup528.exe 2017-04-05 01:45 - 2017-04-05 01:45 - 00000000 ____D C:\Users\user\Downloads\backups 2017-04-05 01:42 - 2017-04-05 01:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe 2017-04-05 01:27 - 2017-04-05 01:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-04-05 01:24 - 2017-04-06 02:05 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-04-05 01:24 - 2017-04-05 02:17 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-04-05 01:24 - 2017-04-05 02:17 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-04-05 01:24 - 2017-04-05 01:24 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-04-05 01:24 - 2017-04-05 01:24 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-04-05 01:24 - 2017-04-05 01:24 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-04-05 01:24 - 2017-04-05 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-04-05 01:24 - 2017-04-05 01:24 - 00000000 ____D C:\Program Files\Malwarebytes 2017-04-05 01:24 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-04-05 01:23 - 2017-04-05 01:24 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-04-05 01:23 - 2017-04-05 01:23 - 00000000 ____D C:\Windows\system32\Drivers\etc\BACKUP 2017-04-05 01:18 - 2017-04-05 01:18 - 59814126 _____ C:\Users\user\Downloads\Malwarebytes.Premium.v3.0.6.1469.zip 2017-04-05 01:16 - 2017-04-05 01:22 - 179133191 _____ C:\Users\user\Downloads\kis17.0.0.611aen_ar_11402 by TAWAB.rar 2017-04-04 16:01 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\Liveme55957 2017-04-04 16:01 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\b1803 2017-04-04 16:01 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\b1802 2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\Yn56400 2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0391 2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\Morena 2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\LiveMe58280 2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\LiveMe42463 2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\LiveMe23195 2017-04-04 16:00 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\b1801 2017-04-04 15:54 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0392 2017-04-04 15:53 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0395 2017-04-04 15:53 - 2017-04-04 16:49 - 00000000 ____D C:\Users\user\Downloads\mrvine cams-selfies0381 2017-04-04 15:53 - 2017-04-04 15:53 - 00000000 ____D C:\Users\user\Downloads\9VBjQkWEfso 2017-04-04 00:11 - 2017-04-04 00:11 - 00000000 ____D C:\ProgramData\GridinSoft 2017-04-04 00:09 - 2017-04-04 16:11 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer 2017-03-27 01:55 - 2017-03-27 01:55 - 00000000 ____D C:\Users\user\Downloads\برامج 2017-03-24 15:13 - 2017-04-04 17:16 - 00000000 ____D C:\Users\user\AppData\Local\JDownloader v2.0 2017-03-24 15:11 - 2017-03-24 15:11 - 00248946 _____ C:\Users\user\Desktop\Install JDownloader.rar 2017-03-20 01:35 - 2017-03-20 01:35 - 00001987 _____ C:\Users\user\Desktop\Skype Launcher.lnk 2017-03-20 00:38 - 2017-04-05 01:56 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-03-20 00:38 - 2017-03-20 00:38 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-03-20 00:38 - 2017-03-20 00:38 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia 2017-03-20 00:38 - 2017-03-20 00:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe 2017-03-20 00:37 - 2017-04-06 01:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-03-20 00:37 - 2017-03-20 00:38 - 00000000 ___HD C:\Windows\AxInstSV 2017-03-17 19:32 - 2017-04-06 14:44 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla 2017-03-16 01:16 - 2017-04-03 02:52 - 00000687 _____ C:\Users\user\Desktop\New Text Document.txt 2017-03-10 18:01 - 2017-03-24 17:27 - 00004536 _____ C:\Users\user\AppData\Roaming\CamStudio.cfg 2017-03-10 18:01 - 2017-03-24 17:27 - 00000408 _____ C:\Users\user\AppData\Roaming\CamShapes.ini 2017-03-10 18:01 - 2017-03-24 17:27 - 00000408 _____ C:\Users\user\AppData\Roaming\CamLayout.ini 2017-03-10 18:01 - 2017-03-24 17:27 - 00000102 _____ C:\Users\user\AppData\Roaming\Camdata.ini 2017-03-10 17:59 - 2017-03-24 17:15 - 00000000 ____D C:\Users\user\Documents\My CamStudio Temp Files 2017-03-10 17:59 - 2017-03-24 17:04 - 00000096 _____ C:\Users\user\AppData\Roaming\version2.xml 2017-03-10 17:59 - 2017-03-24 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 2017-03-10 17:59 - 2017-03-10 17:59 - 00000867 _____ C:\Users\user\Desktop\CamStudio.lnk 2017-03-10 17:59 - 2017-03-10 17:59 - 00000000 ____D C:\Users\user\Documents\My CamStudio Videos 2017-03-10 17:59 - 2017-03-10 17:59 - 00000000 ____D C:\Program Files\CamStudio 2.7 2017-03-10 17:58 - 2017-03-10 17:58 - 00000000 ____D C:\ProgramData\McAfee 2017-03-10 17:58 - 2017-03-10 17:58 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-03-10 16:53 - 2017-03-10 16:56 - 85509194 _____ C:\Users\user\Desktop\Magicuneraser.rar 2017-03-10 04:13 - 2017-03-10 04:13 - 00000000 ____D C:\Users\user\Desktop\Recovery _ Patched by a7mdrat 2017-03-10 04:04 - 2017-03-10 04:04 - 00000000 ____D C:\Users\user\licman 2017-03-10 04:04 - 2017-03-10 04:04 - 00000000 ____D C:\Users\user\frc64 2017-03-10 03:43 - 2017-04-04 17:28 - 00000000 ____D C:\Program Files\A-FF Find and Mount 2017-03-10 03:38 - 2017-03-10 03:38 - 00000000 ____D C:\Program Files\EaseUS 2017-03-10 01:50 - 2017-03-10 01:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2017-03-10 01:43 - 2017-03-10 01:43 - 00000000 ____D C:\Users\user\Desktop\Wondershare Dr.Fone for Android 6.1.1.35 2017-03-10 01:43 - 2017-03-10 01:43 - 00000000 ____D C:\ProgramData\wsr 2017-03-10 01:41 - 2017-03-10 01:42 - 00000000 ____D C:\Users\user\.android 2017-03-10 01:41 - 2017-03-10 01:41 - 00000000 ____D C:\Users\user\AppData\Roaming\HMYGSetting 2017-03-10 01:29 - 2017-04-04 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2017-03-10 01:29 - 2017-03-10 01:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Wondershare 2017-03-10 01:29 - 2016-09-27 16:28 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config 2017-03-10 01:28 - 2017-03-10 01:47 - 00000000 ____D C:\Program Files (x86)\Wondershare 2017-03-10 01:28 - 2017-03-10 01:29 - 00000000 ____D C:\ProgramData\Wondershare 2017-03-10 00:58 - 2017-03-10 00:58 - 00000000 ____D C:\ProgramData\TEMP 2017-03-09 01:33 - 2017-03-09 01:33 - 00000000 ____D C:\Users\Public\Desktop\Other Stuff 2017-03-09 01:33 - 2017-03-09 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Launcher 2017-03-09 01:33 - 2017-03-09 01:33 - 00000000 ____D C:\Program Files (x86)\SkypeLauncher 2017-03-09 00:46 - 2017-03-09 00:46 - 00000000 ____D C:\Windows\pss 2017-03-08 00:50 - 2017-03-08 00:50 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-03-08 00:50 - 2017-03-08 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-08 00:49 - 2015-07-18 17:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-03-08 00:49 - 2015-07-18 17:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-06 14:43 - 2017-03-06 22:47 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys 2017-04-06 02:57 - 2017-03-06 13:56 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc 2017-04-06 02:57 - 2017-03-06 13:54 - 00000000 ____D C:\Users\user\AppData\Roaming\MPC-HC 2017-04-06 02:19 - 2009-07-14 08:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-04-06 02:19 - 2009-07-14 08:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-04-06 02:17 - 2009-07-14 09:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-06 02:17 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\inf 2017-04-06 02:14 - 2017-03-06 11:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2017-04-06 02:11 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-04-06 02:10 - 2017-03-06 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-04-06 01:34 - 2017-03-06 11:57 - 00000000 ____D C:\Program Files (x86)\Google 2017-04-06 00:56 - 2017-03-06 11:09 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F395EA64-AB3E-436F-B1AB-08FF63F1F222} 2017-04-05 02:38 - 2017-03-06 22:47 - 00000000 ____D C:\Windows\Panther 2017-04-05 02:00 - 2009-07-14 09:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2017-04-05 01:59 - 2017-03-06 11:14 - 00003422 _____ C:\Windows\System32\Tasks\RealDownloader Update Check 2017-04-05 01:59 - 2017-03-06 11:14 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2884600819-2253721503-3205193815-1000 2017-04-05 01:59 - 2017-03-06 11:14 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2884600819-2253721503-3205193815-1000 2017-04-04 17:50 - 2017-03-06 11:58 - 00001945 _____ C:\Windows\epplauncher.mif 2017-04-04 16:11 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\registration 2017-03-30 23:08 - 2010-11-21 07:27 - 00513192 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2017-03-30 02:20 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\LiveKernelReports 2017-03-24 18:26 - 2017-03-06 15:01 - 00000000 ____D C:\Users\user\Desktop\cccc 2017-03-17 17:23 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\rescache 2017-03-16 01:04 - 2017-03-06 11:16 - 00000000 ____D C:\ProgramData\Skype 2017-03-10 17:59 - 2009-07-14 07:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-03-10 01:43 - 2017-03-06 10:55 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore 2017-03-08 00:59 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\system32\NDF 2017-03-08 00:50 - 2017-03-06 11:16 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk 2017-03-08 00:48 - 2017-03-06 11:14 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-08 00:46 - 2017-03-06 14:27 - 00000000 ____D C:\Program Files (x86)\Java ==================== Files in the root of some directories ======= 2017-03-10 18:01 - 2017-03-24 17:27 - 0000102 _____ () C:\Users\user\AppData\Roaming\Camdata.ini 2017-03-10 18:01 - 2017-03-24 17:27 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamLayout.ini 2017-03-10 18:01 - 2017-03-24 17:27 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamShapes.ini 2017-03-10 18:01 - 2017-03-24 17:27 - 0004536 _____ () C:\Users\user\AppData\Roaming\CamStudio.cfg 2017-03-10 17:59 - 2017-03-24 17:04 - 0000096 _____ () C:\Users\user\AppData\Roaming\version2.xml ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION LastRegBack: 2017-04-04 16:43 ==================== End of FRST.txt ============================