Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hidden folders files with {username} in users


  • This topic is locked This topic is locked
2 replies to this topic

#1 gogi1000

gogi1000

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 21 May 2017 - 09:08 AM

my computer have strange behaviour. i cannot show hidden folder and files, like and system files. in c:\users every time when i open chrome or some program creating  {username} folder. also when i want changing some key in registry i cannot do it. i have permission and i'm owner. in chrome home page is changing, it shows me  splinter search and in extensions which i removed, it's shows me poisk ru mail ru.

my frst.txt is:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017

Ran by Administrator (administrator) on HOME-PC (21-05-2017 15:43:12)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: home & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Sysinternals - www.sysinternals.com) C:\Users\Administrator\Downloads\ProcessExplorer\procexp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-891269962-2659327078-604941568-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
ShellExecuteHooks: No Name - {F797446C-D3F2-11E6-AB72-64006A5CFC35} - C:\Users\home\AppData\Roaming\Terlcultclhach\Hejuck.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\pLBfEuNP.lnk [2015-12-27]
Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Twitch.lnk [2017-04-11]
ShortcutTarget: Twitch.lnk -> C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Twitch.exe (No File)
Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xBchppIcvKkI.lnk [2015-12-27]
BootExecute: autocheck autochk * Partizan
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{AB0801C9-0579-42DD-935D-4B2453D6B2CA}: [DhcpNameServer] 212.200.191.166 212.200.190.166
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-891269962-2659327078-604941568-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-891269962-2659327078-604941568-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-891269962-2659327078-604941568-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-17] (Google Inc.)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
StartMenuInternet: (HKLM) OPERASTABLE - Opera.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Auhardwaregl; C:\Windows\SysWow64\Auhardwaregl.dll [454440 2017-05-17] ()
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-13] ()
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-03-03] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-03-03] (BlueStack Systems, Inc.)
S4 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-03-03] (BlueStack Systems, Inc.)
S4 Disc Soft Lite Bus Service; E:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
S4 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-19] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [File not signed]
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3416584 2017-03-02] (LogMeIn Inc.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2017-02-27] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-03-21] (Sony)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S4 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [X]
S4 netsvc; C:\Program Files (x86)\UtilTool\Antivirus\netsvc.exe [X]
S4 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S4 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [X]
S4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-07] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-03-03] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-03-03] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-04-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-04-14] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-09] ()
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2017-04-16] (Sony Mobile Communications)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-05-19] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-18] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-21] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-21] (Malwarebytes)
R1 netboostmaster; C:\Windows\system32\drivers\netboostmaster.sys [2894184 2017-05-18] () [File not signed]
S3 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-07-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-04-14] (Duplex Secure Ltd.)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2016-11-10] (The OpenVPN Project)
R2 Uefochubsrv; C:\Windows\system32\drivers\Uefochubsrv.sys [196640 2017-05-17] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-05-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-21] (Zemana Ltd.)
U3 asqw883q; no ImagePath
S1 aqhiqflc; \??\C:\Windows\system32\drivers\aqhiqflc.sys [X]
U0 aswVmm; no ImagePath
S1 lnsubgoh; \??\C:\Windows\system32\drivers\lnsubgoh.sys [X]
S1 netcontroller; system32\drivers\netcontroller.sys [X]
S1 p1483530829am; \??\C:\Users\home\AppData\Local\Temp\bk3BC8.tmp\p1483530829am.sys [X] <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 qaqjosyy; \??\C:\Windows\system32\drivers\qaqjosyy.sys [X]
S3 TrojanKillerDriver; system32\DRIVERS\gtkdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VSPerfDrv100; \??\C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [X]
S1 whklgyqq; \??\C:\Windows\system32\drivers\whklgyqq.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-22 01:26 - 2017-05-22 01:26 - 00005292 _____ C:\Users\Administrator\Documents\swprv.reg
2017-05-21 15:43 - 2017-05-21 15:43 - 00018672 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-05-21 15:43 - 2017-05-21 15:43 - 00000000 ____D C:\FRST
2017-05-21 15:42 - 2017-05-21 15:42 - 02429952 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-05-21 15:31 - 2017-05-21 15:31 - 00000000 ____D C:\Users\{username}
2017-05-21 15:28 - 2017-05-21 15:43 - 00494578 _____ C:\Windows\ZAM.krnl.trace
2017-05-21 15:28 - 2017-05-21 15:43 - 00112193 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-21 13:14 - 2017-05-21 13:14 - 00000406 _____ C:\Users\Administrator\Desktop\zemana.txt
2017-05-21 12:25 - 2017-05-21 12:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-21 12:25 - 2017-05-21 12:25 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-05-21 12:25 - 2017-05-21 12:25 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-05-21 12:25 - 2017-05-21 12:25 - 00001104 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-05-21 12:25 - 2017-05-21 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-05-21 12:24 - 2017-05-21 12:24 - 05774688 _____ (Zemana Ltd. ) C:\Users\Administrator\Downloads\Zemana.AntiMalware.Setup.exe
2017-05-21 10:26 - 2017-05-21 15:31 - 00002211 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-05-21 10:14 - 2017-05-21 10:14 - 00000000 ____D C:\Users\Administrator\Desktop\osam_autorun_manager_5_0_portable
2017-05-21 10:10 - 2017-05-21 10:11 - 04272474 _____ C:\Users\Administrator\Desktop\osam_autorun_manager_5_0_portable.rar
2017-05-21 10:10 - 2017-05-21 10:10 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
2017-05-20 23:49 - 2017-05-21 00:00 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2017-05-20 23:49 - 2017-05-20 23:56 - 00000000 ____D C:\Users\Administrator\Documents\RegRun2
2017-05-20 23:49 - 2017-05-20 23:52 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-05-20 23:49 - 2017-05-20 23:49 - 00000963 _____ C:\Users\Administrator\Desktop\UnHackMe.lnk
2017-05-20 23:49 - 2017-05-20 23:49 - 00000418 _____ C:\Windows\Tasks\UnHackMe Task Scheduler.job
2017-05-20 23:49 - 2017-05-20 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-05-20 23:49 - 2017-04-14 12:48 - 00014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2017-05-20 23:45 - 2017-05-20 23:45 - 00000000 ____D C:\Users\Administrator\Downloads\unhackme
2017-05-20 23:44 - 2017-05-20 23:45 - 18656117 _____ C:\Users\Administrator\Downloads\unhackme.zip
2017-05-20 23:41 - 2017-05-20 23:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-05-20 23:24 - 2017-05-20 23:24 - 00000000 ____D C:\Users\Administrator\Downloads\ProcessExplorer
2017-05-20 23:18 - 2017-05-20 23:19 - 01931969 _____ C:\Users\Administrator\Downloads\ProcessExplorer.zip
2017-05-20 22:59 - 2017-05-20 22:59 - 11098008 _____ C:\Users\Administrator\Documents\1.reg
2017-05-20 22:58 - 2017-05-20 22:58 - 00000082 _____ C:\Users\Administrator\Documents\security.reg
2017-05-20 22:56 - 2017-05-20 22:56 - 03635734 _____ (Sergey Filippov ) C:\Users\Administrator\Downloads\RegistryFinderSetup2.19.exe
2017-05-20 22:56 - 2017-05-20 22:56 - 00000000 ____D C:\Registry Finder
2017-05-20 22:45 - 2017-05-20 22:47 - 00145568 _____ (Sysinternals) C:\Windows\PSEXESVC.exe
2017-05-20 22:43 - 2017-05-20 22:43 - 00000000 ____D C:\pstools
2017-05-20 22:42 - 2017-05-20 22:42 - 02823905 _____ C:\Users\Administrator\Downloads\PSTools.zip
2017-05-20 22:38 - 2017-05-20 22:38 - 02655480 _____ (Resplendence Software Projects Sp. ) C:\Users\Administrator\Downloads\RegistrarHomeV8.exe
2017-05-20 19:22 - 2017-05-20 19:22 - 00000000 ____D C:\Windows\system32\MpEngineStore
2017-05-19 22:45 - 2017-05-19 22:45 - 01048576 _____ C:\Users\Administrator\Downloads\msert.exe
2017-05-19 22:36 - 2017-05-19 22:36 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Administrator\Downloads\esetonlinescanner_enu.exe
2017-05-19 22:33 - 2017-05-19 22:34 - 15065792 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe
2017-05-19 22:07 - 2017-05-19 22:18 - 00000000 ____D C:\Program Files\Attribute Changer
2017-05-19 22:07 - 2017-05-19 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attribute Changer
2017-05-19 22:07 - 2017-05-19 22:07 - 05126250 _____ (Romain Petges ) C:\Users\Administrator\Downloads\ac-860.exe
2017-05-19 22:03 - 2017-05-19 22:03 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-05-19 21:50 - 2017-05-19 21:50 - 00001001 _____ C:\Users\Administrator\Desktop\Total Commander 64 bit.lnk
2017-05-19 21:50 - 2017-05-19 21:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-05-19 21:50 - 2017-05-19 21:50 - 00000000 ____D C:\Program Files\totalcmd
2017-05-19 21:49 - 2017-05-19 21:49 - 04987672 _____ (Ghisler Software GmbH) C:\Users\Administrator\Downloads\tcmd900ax64.exe
2017-05-19 21:31 - 2017-05-19 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-19 21:30 - 2017-05-19 21:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.3.1001.exe
2017-05-19 21:10 - 2017-05-19 21:18 - 00000000 ____D C:\AdwCleaner
2017-05-19 21:10 - 2017-05-19 21:10 - 04110280 _____ C:\Users\Administrator\Downloads\adwcleaner_6.047.exe
2017-05-19 20:19 - 2017-05-19 20:22 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-05-19 20:19 - 2017-05-19 20:22 - 00001889 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-05-19 20:19 - 2017-05-19 20:19 - 00000000 ____D C:\Program Files\HitmanPro
2017-05-19 20:17 - 2017-05-19 20:20 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-19 20:17 - 2017-05-19 20:18 - 11584088 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro_x64.exe
2017-05-19 20:16 - 2017-05-19 20:16 - 11023528 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro.exe
2017-05-19 20:10 - 2017-05-19 20:10 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide (1).exe
2017-05-19 19:32 - 2017-05-19 19:57 - 00000000 ____D C:\ComboFix
2017-05-19 19:30 - 2017-05-19 18:55 - 05659512 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2017-05-19 19:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-05-19 19:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-05-19 19:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-05-19 19:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-05-19 19:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-05-19 19:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-05-19 19:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-05-19 19:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-05-19 18:57 - 2017-05-19 21:21 - 00000000 ____D C:\Qoobox
2017-05-19 18:57 - 2017-05-19 19:54 - 00000000 ____D C:\Windows\erdnt
2017-05-19 18:55 - 2017-05-19 18:55 - 05659512 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2017-05-19 18:49 - 2017-05-19 18:49 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2017-05-19 18:33 - 2017-05-19 18:33 - 00000000 ____D C:\Users\Administrator\Downloads\backups
2017-05-19 18:31 - 2017-05-19 18:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe
2017-05-19 05:48 - 2017-05-19 05:48 - 00000000 ____D C:\found.000
2017-05-18 19:07 - 2017-05-18 19:07 - 00395171 _____ C:\Users\Administrator\Downloads\roex.zip
2017-05-18 19:07 - 2017-05-18 19:07 - 00000000 ____D C:\Users\Administrator\Downloads\roex
2017-05-18 18:55 - 2017-05-21 00:04 - 00521074 _____ C:\Windows\ntbtlog.txt
2017-05-18 18:47 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-05-18 18:47 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-05-18 18:40 - 2017-05-18 18:40 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide.exe
2017-05-18 18:29 - 2017-05-18 18:29 - 00001189 _____ C:\Users\Administrator\Documents\show.reg
2017-05-18 17:47 - 2017-05-18 17:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2017-05-18 17:43 - 2017-05-18 17:43 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-18 17:43 - 2017-05-18 17:43 - 00000295 _____ C:\Windows\wininit.ini
2017-05-18 17:43 - 2017-05-18 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-18 17:43 - 2017-05-18 17:43 - 00000000 ____D C:\Program Files\CCleaner
2017-05-18 05:20 - 2017-05-21 13:47 - 00000000 ____D C:\ProgramData\XLiPlatform
2017-05-18 05:18 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-05-18 05:18 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-05-18 05:18 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-05-18 05:18 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-05-18 05:18 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-05-18 05:17 - 2017-05-21 15:28 - 02785072 _____ C:\Windows\netboostmasterHelp.dll
2017-05-18 05:17 - 2017-05-18 05:17 - 02894184 _____ C:\Windows\system32\Drivers\netboostmaster.sys
2017-05-18 05:15 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-05-18 05:15 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-05-18 05:15 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-05-18 05:15 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-05-18 05:15 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-05-18 05:15 - 2015-12-08 21:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-05-18 05:15 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-05-18 05:15 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-05-18 05:09 - 2017-05-18 05:17 - 00000000 ____D C:\ProgramData\Cache
2017-05-17 18:38 - 2017-05-17 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2017-05-17 17:52 - 2017-05-21 15:29 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-17 17:52 - 2017-05-21 15:29 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-17 17:52 - 2017-05-21 15:29 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-17 17:52 - 2017-05-21 15:29 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-17 17:52 - 2017-05-18 19:12 - 00187320 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-17 17:52 - 2017-05-17 17:52 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-17 17:52 - 2017-05-17 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-17 17:51 - 2017-05-17 17:52 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-05-17 17:51 - 2017-05-17 17:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-17 17:51 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-17 17:50 - 2017-05-17 17:50 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-17 17:43 - 2017-05-17 17:43 - 00454440 _____ C:\Windows\SysWOW64\Auhardwaregl.dll
2017-05-17 17:43 - 2017-05-17 17:43 - 00196640 _____ C:\Windows\system32\Drivers\Uefochubsrv.sys
2017-05-17 17:43 - 2017-05-17 17:43 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-05-17 17:39 - 2017-05-17 17:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2017-05-17 17:37 - 2017-05-17 21:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2017-05-17 17:37 - 2017-05-17 17:37 - 00000000 ____D C:\Program Files\Common Files\JOS26Z5TB4
2017-05-17 17:29 - 2017-05-17 17:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2017-04-29 20:56 - 2017-04-29 20:56 - 00000000 ____D C:\Users\home\Documents\Flight Simulator X Files
2017-04-29 18:18 - 2017-05-01 11:12 - 00000000 ____D C:\Users\home\AppData\LocalLow\uTorrent
2017-04-29 11:26 - 2017-04-29 11:28 - 00000000 ____D C:\Users\home\Desktop\Drugi Svetski rat
2017-04-28 08:38 - 2017-04-28 08:38 - 00000000 ___SD C:\Windows\SysWOW64\{A24B87CE-67C9-49D1-B0A5-F06A1C73BC58}
2017-04-27 22:03 - 2017-04-27 22:03 - 00000222 _____ C:\Users\home\Desktop\Euro Truck Simulator 2.url
2017-04-27 21:04 - 2017-04-27 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-04-27 21:04 - 2017-04-27 21:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2017-04-27 20:58 - 2017-04-27 20:59 - 09777152 _____ C:\Users\home\Downloads\hamachi.msi
2017-04-27 19:15 - 2017-04-27 21:21 - 00000000 ___SD C:\Windows\SysWOW64\{D28A6CAB-8746-4CDE-9D38-C5395B6DEFCD}
2017-04-26 13:08 - 2017-04-26 13:08 - 00000000 ___SD C:\Windows\SysWOW64\{FA70E676-D02E-4F59-967B-2091A253A5FF}
2017-04-26 10:33 - 2017-04-26 10:34 - 00000000 ____D C:\Users\home\AppData\Roaming\discord
2017-04-26 10:33 - 2017-04-26 10:33 - 00002154 _____ C:\Users\home\Desktop\Discord.lnk
2017-04-26 10:33 - 2017-04-26 10:33 - 00000000 ____D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-04-26 10:31 - 2017-04-26 10:32 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\home\Downloads\DiscordSetup.exe
2017-04-26 09:08 - 2017-04-26 09:08 - 00120601 _____ C:\Users\home\Downloads\Outlast.2-CODEX.torrent
2017-04-23 18:32 - 2017-04-23 18:32 - 00019016 _____ C:\Users\home\Downloads\Die Hard with a Vengeance (1995) [720p] [YTS.AG] (1).torrent
2017-04-21 14:50 - 2017-04-21 14:50 - 00000000 ____D C:\Users\home\AppData\LocalLow\Bossa Studios
2017-04-21 14:36 - 2017-04-21 14:36 - 00000222 _____ C:\Users\home\Desktop\Surgeon Simulator.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-21 15:33 - 2016-10-26 10:20 - 00000000 ____D C:\Users\Administrator
2017-05-21 15:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-21 15:28 - 2009-07-14 06:45 - 00503136 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-21 14:18 - 2016-04-18 20:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-05-21 14:10 - 2016-01-16 23:49 - 00000000 ____D C:\Windows\system32\1033
2017-05-21 14:10 - 2016-01-16 23:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2017-05-21 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-05-21 14:05 - 2009-07-14 06:45 - 00047104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-21 14:05 - 2009-07-14 06:45 - 00047104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-21 14:02 - 2013-11-26 21:49 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-05-21 10:26 - 2015-11-03 22:56 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-21 00:23 - 2016-10-26 10:22 - 00001405 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-05-21 00:23 - 2016-10-26 10:22 - 00001399 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-20 23:49 - 2015-11-03 23:52 - 00000002 RSHOT C:\Windows\winstart.bat
2017-05-20 23:49 - 2015-11-03 23:52 - 00000002 __SOT C:\Windows\SysWOW64\CONFIG.NT
2017-05-20 23:49 - 2015-11-03 23:52 - 00000002 __SOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-05-20 23:12 - 2016-10-19 17:32 - 00001945 _____ C:\Windows\epplauncher.mif
2017-05-20 00:33 - 2016-03-17 23:33 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-05-19 21:32 - 2015-11-01 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-19 21:16 - 2017-04-17 11:08 - 00000000 ____D C:\Windows\Update
2017-05-19 19:53 - 2017-03-07 19:21 - 00000000 _____ C:\Windows\system.ini
2017-05-19 19:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-05-19 19:28 - 2009-07-14 04:34 - 37486592 _____ C:\Windows\system32\config\system.bak
2017-05-19 19:28 - 2009-07-14 04:34 - 143130624 _____ C:\Windows\system32\config\software.bak
2017-05-19 19:28 - 2009-07-14 04:34 - 04980736 _____ C:\Windows\system32\config\default.bak
2017-05-19 19:28 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2017-05-19 19:28 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2017-05-18 23:46 - 2013-11-26 21:02 - 00000000 ____D C:\Users\home
2017-05-18 22:24 - 2017-01-05 12:53 - 00001908 _____ C:\Windows\diagwrn.xml
2017-05-18 22:24 - 2017-01-05 12:53 - 00001908 _____ C:\Windows\diagerr.xml
2017-05-18 22:18 - 2016-01-17 17:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-18 22:00 - 2016-01-17 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-18 21:59 - 2016-01-17 17:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-05-18 21:57 - 2016-06-05 13:07 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-18 21:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-18 17:43 - 2016-05-12 21:15 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-05-18 17:43 - 2013-11-27 05:49 - 00000000 ____D C:\Windows\Panther
2017-05-18 17:28 - 2016-01-17 17:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-05-18 17:22 - 2016-04-30 18:22 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-05-18 17:07 - 2014-06-02 21:09 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-18 05:00 - 2016-12-27 20:43 - 00000000 ____D C:\Program Files (x86)\Courkaripack Center
2017-05-18 02:34 - 2015-11-01 19:16 - 00002328 _____ C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-18 02:27 - 2017-01-18 21:09 - 00001956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-18 02:27 - 2017-01-18 21:09 - 00001886 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-17 21:35 - 2017-01-22 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-05-17 21:35 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-17 21:34 - 2017-03-07 19:22 - 00000000 ____D C:\Program Files\Opera
2017-05-17 21:32 - 2017-04-19 20:51 - 00000000 ____D C:\Program Files\FACEIT Client
2017-05-17 21:27 - 2017-02-23 15:41 - 00000000 ____D C:\Program Files\City Car Driving
2017-05-17 17:56 - 2017-04-13 11:16 - 00000000 ____D C:\Users\home\AppData\Roaming\Ckozoghgrrucult
2017-05-17 17:51 - 2015-11-01 13:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-05-17 17:21 - 2015-11-03 22:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-17 17:21 - 2015-11-03 22:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-01 11:33 - 2015-09-20 13:12 - 00000000 ____D C:\Users\home\AppData\Roaming\uTorrent
2017-05-01 11:15 - 2016-07-11 11:57 - 00000000 ____D C:\Users\home\AppData\Roaming\Curse Client
2017-04-30 23:37 - 2017-01-18 21:09 - 00000000 ____D C:\Users\home\AppData\LocalLow\Mozilla
2017-04-30 22:26 - 2015-05-20 14:07 - 00000000 ____D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-28 22:51 - 2014-02-12 18:42 - 00000000 ____D C:\Users\home\AppData\Roaming\Skype
2017-04-28 21:31 - 2016-07-11 12:57 - 00000000 ____D C:\Users\home\AppData\Roaming\.minecraft
2017-04-28 21:04 - 2017-03-05 17:21 - 00000000 ____D C:\Users\home\Documents\Euro Truck Simulator 2
2017-04-27 08:59 - 2016-09-21 20:33 - 00000000 ____D C:\Users\home\Desktop\Cope
2017-04-25 20:19 - 2017-01-13 21:31 - 00000000 ____D C:\Users\home\AppData\Roaming\TS3Client
2017-04-25 19:06 - 2016-07-27 12:56 - 00000000 ____D C:\Users\home\Desktop\FPS
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2016-05-01 12:22
 
==================== End of FRST.txt ============================
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 23 May 2017 - 08:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellExecuteHooks: No Name - {F797446C-D3F2-11E6-AB72-64006A5CFC35} - C:\Users\home\AppData\Roaming\Terlcultclhach\Hejuck.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Twitch.lnk [2017-04-11]
ShortcutTarget: Twitch.lnk -> C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Twitch.exe (No File)
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-891269962-2659327078-604941568-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [No File]
R2 Auhardwaregl; C:\Windows\SysWow64\Auhardwaregl.dll [454440 2017-05-17] ()
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S4 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [X]
S4 netsvc; C:\Program Files (x86)\UtilTool\Antivirus\netsvc.exe [X]
S4 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S4 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [X]
S4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]
R1 netboostmaster; C:\Windows\system32\drivers\netboostmaster.sys [2894184 2017-05-18] () [File not signed]
R2 Uefochubsrv; C:\Windows\system32\drivers\Uefochubsrv.sys [196640 2017-05-17] ()
U3 asqw883q; no ImagePath
S1 aqhiqflc; \??\C:\Windows\system32\drivers\aqhiqflc.sys [X]
U0 aswVmm; no ImagePath
S1 lnsubgoh; \??\C:\Windows\system32\drivers\lnsubgoh.sys [X]
S1 netcontroller; system32\drivers\netcontroller.sys [X]
S1 p1483530829am; \??\C:\Users\home\AppData\Local\Temp\bk3BC8.tmp\p1483530829am.sys [X] <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 qaqjosyy; \??\C:\Windows\system32\drivers\qaqjosyy.sys [X]
S3 TrojanKillerDriver; system32\DRIVERS\gtkdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VSPerfDrv100; \??\C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [X]
S1 whklgyqq; \??\C:\Windows\system32\drivers\whklgyqq.sys [X]
Task: {021C4957-C686-453D-BD97-A66E26541E43} - \{F6CFA049-C08E-4CFC-86EE-63F98121EEA3} -> No File <==== ATTENTION
Task: {0268EC37-1431-45DD-9DC7-0C27735ADF90} - \{F7F89A4C-C82A-4438-8F50-CEC78FD18EB1} -> No File <==== ATTENTION
Task: {04A1325A-8D93-44CD-A2C9-818ED9A22B77} - \{24B6AC44-C107-451E-A4DA-078451DE4AF2} -> No File <==== ATTENTION
Task: {0787CB74-F597-45F5-BB22-F6CA555B81C6} - \{FCD313EF-D517-4934-BDE0-D7A85EFBBE7B} -> No File <==== ATTENTION
Task: {07DAED8E-402E-460F-AEDB-3BEFD367E3BF} - \{94356EF3-D734-405A-B4C9-559EDF7A9B18} -> No File <==== ATTENTION
Task: {0A83CAC4-1F2C-4D68-A343-7836CA1160B0} - \{427C1731-1D98-4DC9-9EB6-C5F90371C640} -> No File <==== ATTENTION
Task: {0B81A675-E446-4595-9850-29A67CDECA44} - \{73122A63-0E63-4FBF-8F9B-F627E8BCC1F3} -> No File <==== ATTENTION
Task: {0C221DD8-8C7E-46B9-808A-E8033662E30D} - \{F95A9FED-2A82-4DF1-AB64-E843D8AB82A0} -> No File <==== ATTENTION
Task: {1158C734-B394-4536-8EEC-4396E234F5EC} - \Update\Updater -> No File <==== ATTENTION
Task: {11A25F9B-07CA-45AA-9E25-3498E25CB468} - \{9C9BB2DD-9439-4FD0-84C9-C7C85FABEBA8} -> No File <==== ATTENTION
Task: {11B01798-6D7B-4F00-A7EF-CAB02AC18E1C} - \{03EB0363-EC0B-4B8C-A9D8-2025D5449D9C} -> No File <==== ATTENTION
Task: {11BC7A69-6E31-4880-AB9B-70A78C57831E} - \{389F22FB-3E7F-4D1E-8940-D501B77ABB3B} -> No File <==== ATTENTION
Task: {12E87865-0062-4784-ADCD-67CB2ECE08A8} - \{8C6D75DB-DAFF-4FAF-AB04-7D050C6E93FF} -> No File <==== ATTENTION
Task: {12EE9DA0-5A07-4EC8-873F-61234C24A311} - \{8F3326B4-DB70-424E-B545-0C9F3A36A2E8} -> No File <==== ATTENTION
Task: {15846F7D-0E03-4F29-9880-FE07DE53C503} - \{E3A79E4C-0BB0-4A1D-9CA9-B3109D5F88C4} -> No File <==== ATTENTION
Task: {1657006A-B482-4D29-B6E3-3C63A54D999A} - \{6D2E81D6-124E-486A-AA10-EB285E6BE5B4} -> No File <==== ATTENTION
Task: {19CCC563-61D9-4700-839A-363BAE7514B1} - \{78F2655C-F6EC-4FBB-95EE-4F0D87FDD5C0} -> No File <==== ATTENTION
Task: {1B58CE54-3F72-4500-9F46-AA2109B9969A} - \{DAAD09F3-D2C3-4AE6-A52D-8E5B76C29FCE} -> No File <==== ATTENTION
Task: {1C69C4BA-E0B2-4964-BA00-332F517CC7CE} - \{700CCB98-C22B-438A-86C8-90526553E5EE} -> No File <==== ATTENTION
Task: {1C8282BA-FC63-4B6F-A081-D1FABC0EF971} - \{7624EE48-5567-4747-903D-1850C68D71EA} -> No File <==== ATTENTION
Task: {1D317CFE-95FF-4C71-B570-22675D0A316E} - \{27E97674-BF6D-4907-9A21-73B7AEE9827C} -> No File <==== ATTENTION
Task: {213EEF9E-A9BF-45D4-94B5-7F0672D69B86} - \{23CE292F-0B03-4FE6-B281-B44E0AFAAB27} -> No File <==== ATTENTION
Task: {22AC9075-AA99-4A84-9C89-DEEB2AE47BD0} - \{2843C4F8-D8FD-4839-9AB4-D06BDCF52D19} -> No File <==== ATTENTION
Task: {2334D3C2-E9DD-4A32-986A-2F5A07B6EC66} - \{C48651E0-16C3-417D-B75D-D59BAEBD69E5} -> No File <==== ATTENTION
Task: {25D942F3-AB4A-4FA2-8DD3-0BAEAB0F5413} - \{E4BB30FD-3ADF-4D4C-A39E-E6ADBD588A94} -> No File <==== ATTENTION
Task: {28DD2185-73A6-49E1-9984-CC53976E14FE} - \{3D0F34FC-0E1F-4E31-ADC8-6E4C9BFD9398} -> No File <==== ATTENTION
Task: {299510A9-5B1D-40C5-AA39-91C26EEDB337} - \{5ABCC03E-72A9-40E9-B774-7860FB1FD3EB} -> No File <==== ATTENTION
Task: {2AE1E351-E9AB-4D9B-99E6-6734EFCB31B7} - \{DB2C459F-9B23-4422-9303-C3F115D827AC} -> No File <==== ATTENTION
Task: {2B120F5C-E9E5-4443-BAEA-F0C0A036987C} - \{86FA567A-92BE-45C5-B323-E899F5653BDA} -> No File <==== ATTENTION
Task: {2D097F08-6CA1-46E1-B35B-CA9C35934F18} - \{FEF9877C-F04D-4344-AC63-F36378F2B5E7} -> No File <==== ATTENTION
Task: {2DDC946B-D8EA-4387-BB01-55A21327F547} - \{43815921-8980-4422-B0D0-173D4829BD06} -> No File <==== ATTENTION
Task: {310AC1CB-BAA5-4A1B-90E0-D6FD3C1DFF6F} - \{3D08D6E2-80BB-4EA2-9F8A-6420F50ECF63} -> No File <==== ATTENTION
Task: {315DCF8D-1499-4E38-B473-0A0CC63682DB} - \{AD59F8AE-7E07-460E-9109-BB6F389F30F0} -> No File <==== ATTENTION
Task: {35321151-885E-4B54-A10F-6189D18BBEB2} - \{01262B77-5FB6-495B-97EE-27F154522AA3} -> No File <==== ATTENTION
Task: {369275DE-1BE3-4FB7-8710-DF9C8596B15F} - \Logic Bassbackpot -> No File <==== ATTENTION
Task: {37BE735E-15CF-4F3D-AAA4-00D25222C7BD} - \{38369675-750A-47A9-AFD2-30D2EA3C24E4} -> No File <==== ATTENTION
Task: {38EC7978-69FC-4F5B-B1E2-DB744E48A808} - \{009B5D71-9547-4842-BB2E-8A90542BA57B} -> No File <==== ATTENTION
Task: {395E7783-6E5A-4F5A-BA52-7CE727A631C8} - \{FFDA3A34-4FD6-4C2F-9CAB-11BB0296A920} -> No File <==== ATTENTION
Task: {399D3726-3517-404F-ADAB-F0AE68DACFC9} - \{95234E6B-6841-4EC0-A456-1C02AED6390C} -> No File <==== ATTENTION
Task: {3A87B0B1-70FF-4F1F-B32B-2ABC7E5FA1CE} - \{F2E92004-2383-42B4-B368-7A4663C906B6} -> No File <==== ATTENTION
Task: {3EBADDC8-0469-45DF-AFD2-F334E8BA4FF3} - \{47BC10E1-4D5C-4F2B-A447-4949BA6127CE} -> No File <==== ATTENTION
Task: {40152C18-E02E-45DE-B504-5FBC80D85D42} - \{6CC11460-A0B7-41FC-9647-D6E59AEEBA01} -> No File <==== ATTENTION
Task: {41040F92-74BA-4FF6-BE21-19564F0D5684} - \{35B19280-BF9E-4E04-94FD-CB5B7D6F58D8} -> No File <==== ATTENTION
Task: {42DDDD9C-E08F-432C-B9E7-4CA1F23C42F1} - \{D0821C58-F7C7-408E-9353-541B863B6645} -> No File <==== ATTENTION
Task: {43289BAB-AC88-4A93-8321-03D67B0DA86A} - \{36FCD34C-F42D-4663-B876-0A1569BBB5B9} -> No File <==== ATTENTION
Task: {438FAFA7-208F-45E0-AE26-EA7EB50BA204} - \{4BDFC975-6AE8-4FE0-AC32-5805339193C1} -> No File <==== ATTENTION
Task: {44E80608-507D-4CE6-876A-574D66CCD5C1} - \{BCEF3977-414A-4383-B832-A44771CE7A1E} -> No File <==== ATTENTION
Task: {44F60783-C46E-41C1-9C50-F01CDDB874DF} - \{F66304BD-6A26-41BA-9D14-75368E4E9BDF} -> No File <==== ATTENTION
Task: {452E5E3A-3C66-4C85-BCE6-7C675B42756D} - \{1F49CB54-F98A-42BD-87D4-D6A0DB593277} -> No File <==== ATTENTION
Task: {466B2988-F55B-4049-91A6-60C3267D9391} - \{9FE45E16-78A7-4FDE-817A-381A8E5AABD8} -> No File <==== ATTENTION
Task: {471FBD3A-CF24-4698-A51C-62276F5C5D28} - no filepath
Task: {4B7A75D7-F386-45FD-8E30-1F598CAE07C4} - \{6C737561-1CFA-49C8-96E0-4557E7E940F5} -> No File <==== ATTENTION
Task: {4D59597D-FC05-4C6A-862D-F6892E91CF96} - \{0C678B96-0B97-455C-BF66-CE78CE872ADF} -> No File <==== ATTENTION
Task: {4EEA8BB4-657E-4B0B-84E3-B9A4C8236809} - \{E3D20143-DB69-4F24-B6FA-961CDE04C63F} -> No File <==== ATTENTION
Task: {4F171B57-8388-49B3-8D6A-F2B75BAD8E5F} - \CMEClient -> No File <==== ATTENTION
Task: {518E5831-E9C4-43D3-8678-127F1A62A383} - \{8B534022-41C8-4E48-B27A-91F6FCB35584} -> No File <==== ATTENTION
Task: {52D1F8CF-E25F-4DD1-9697-9C244A2CBFFC} - \{153951CF-F55F-492B-A8EF-F91AD3916FE5} -> No File <==== ATTENTION
Task: {54BEF785-FDF3-4FF4-B264-0CD4BC897EC5} - \{B21AA131-0883-4070-9ABB-3BF9A9D6EDE3} -> No File <==== ATTENTION
Task: {54F8CD3A-21CD-4F2D-A498-8402F1777188} - \{0FB69A1C-A51D-41E6-ABC7-D27EC02CA0FE} -> No File <==== ATTENTION
Task: {5534713C-2181-4AE5-B5F5-BFE88A5AF12A} - \Timesy -> No File <==== ATTENTION
Task: {5B67C233-0D8E-448F-BAA1-0FB41BC4DD5A} - \{73CA0C02-BD44-4D02-9E41-BF2A027F706B} -> No File <==== ATTENTION
Task: {5E89A5D6-AEC1-450D-B8E5-A9B16948FBB3} - \{14BFC73B-A8EF-48C1-A40A-20C2AC7C83D3} -> No File <==== ATTENTION
Task: {5EAA541C-C063-4868-8576-43F66AC33FA6} - \{78BAA4A5-01EA-4951-9D45-CB2C97CCA56E} -> No File <==== ATTENTION
Task: {5F2088AB-A85E-4542-8CEF-8281DA685356} - \{BCB5727A-FC57-469B-A966-71342A3924A8} -> No File <==== ATTENTION
Task: {5F6DF262-8DC7-4821-9F92-7BBBBBDB53EC} - \{9781F516-BAB2-46EB-9074-15207D52A8A3} -> No File <==== ATTENTION
Task: {5FCAE301-B644-463D-B3FB-E294F9A72623} - \Update\chrome -> No File <==== ATTENTION
Task: {606774B8-B2DA-44A1-A3B7-B7AB086C592F} - \{71B3850B-3ACE-4D70-A238-2280A89D72F7} -> No File <==== ATTENTION
Task: {60CCC08D-CE3E-4DB1-9370-90C03D9FE0BC} - \{6D4BC6F9-FEFD-4D1D-88D3-C09A390868F7} -> No File <==== ATTENTION
Task: {625F3F09-DA8F-4D23-9A2D-64122F9775ED} - \{F594B291-7678-4578-A441-63DA2C9DC34A} -> No File <==== ATTENTION
Task: {6263ED15-5E75-4A91-ADC3-937203CCAE69} - \{A609F35C-04DB-408F-A66C-36788AB0E610} -> No File <==== ATTENTION
Task: {628265FD-3492-4F05-8744-61CBA7A09C5E} - \{58B04F95-F089-40BB-853A-0FE943499A5E} -> No File <==== ATTENTION
Task: {62DCD9F9-4FAF-4B51-9002-E784ECB94E85} - \{AC81CFA9-EBEE-4052-9DB3-3E4B292851C2} -> No File <==== ATTENTION
Task: {6321355F-40F0-4517-A0A4-C24659D2EBDF} - \RestoreSearch -> No File <==== ATTENTION
Task: {676C0A8B-D51D-487D-BCE9-4D20F53C2338} - \{59F48C20-8D6B-4CF3-A829-D9D782ADE708} -> No File <==== ATTENTION
Task: {67D30E8B-5ABA-47E5-B0FC-5A8463FD9177} - \{FCF913AC-63A3-4B47-B20A-84EB47BF9A62} -> No File <==== ATTENTION
Task: {694122B9-9310-4E71-A633-E98913D44C85} - \{DDAAF7F6-489B-4367-ACE9-6B5DA4BCCEAC} -> No File <==== ATTENTION
Task: {6964A134-99F3-488D-B418-57B8D88096E7} - \{7DE087E5-1089-4F48-9805-C9702283890F} -> No File <==== ATTENTION
Task: {6AE5BF76-6347-4110-8B63-EF772468D21E} - \{6E5C8B73-CA6F-4E19-A489-FAE095EA3191} -> No File <==== ATTENTION
Task: {6C809F9D-A8D8-464A-804D-E5A572A7BA3C} - \{5C11A6CC-EFFE-4928-932E-F22AAA29F54F} -> No File <==== ATTENTION
Task: {6DE8F599-3777-492B-96CB-7FF633D27490} - \{79C16E31-3F5F-458C-AD00-2E2BC6C63A0A} -> No File <==== ATTENTION
Task: {6FE61E75-3A56-4909-BC70-127DF5266A14} - \{33E8DC49-90B4-4265-9778-FD3D7F41D848} -> No File <==== ATTENTION
Task: {7112AE87-6A6C-4055-9D86-6B626A63445D} - \{C34EB7DD-ED9D-4D51-85DF-24AF460D35E7} -> No File <==== ATTENTION
Task: {7384DAF5-6082-48D5-B8AE-DD724C0ABA6E} - \{9893F4A9-510A-43EE-90CE-F8E1AC28AAE4} -> No File <==== ATTENTION
Task: {752C8B01-3AF6-468B-89AB-83BB102BB7E7} - \{88D19BF8-D23C-44D3-8C4B-FC1480E45934} -> No File <==== ATTENTION
Task: {767A1E62-7ABC-4A34-8DD9-C40271F11450} - \{01577AE0-BDFB-4E42-AB57-A8A74314B8AD} -> No File <==== ATTENTION
Task: {76D76043-3116-4CB1-BCC1-8C9A9FE66476} - \{D1DDCCF3-85A8-4712-8801-1E3D362A0650} -> No File <==== ATTENTION
Task: {78F4BF09-6033-4608-AC24-E783F8280F6B} - \{0CB1D5F3-92A3-481B-A65B-6A9EDEF00966} -> No File <==== ATTENTION
Task: {7D6B779B-443A-4172-B65C-86AE9AA3C5EB} - \{D8F9C081-AA0F-47C7-B584-23B655C8EC69} -> No File <==== ATTENTION
Task: {7FC325A9-A41E-45FC-B13E-706E6E41AE0A} - \GridinSoft Anti-Malware -> No File <==== ATTENTION
Task: {808B3929-459F-4A2A-B4B4-01B1714B46C1} - \{68AFB766-E03B-4A14-B9C1-8DC184B4A0B1} -> No File <==== ATTENTION
Task: {80A00316-EE09-4814-A770-4BC79A4022DA} - \{ED9D075E-B974-4C02-A800-55F61758957D} -> No File <==== ATTENTION
Task: {83E6705B-06F6-4CF8-8533-77EF4E8026C9} - \Shawosataleent Cloud -> No File <==== ATTENTION
Task: {862B1AAA-60EB-40CB-A7F4-0E9D5B75477C} - \{E1475237-D29B-4BAB-9798-67BCD0F9EFD6} -> No File <==== ATTENTION
Task: {86368A01-38E3-413B-9061-C3BA096A45F4} - \{334CCA02-2E0A-44F2-8768-7F8A593ADD9A} -> No File <==== ATTENTION
Task: {868C3BD3-631D-4041-A3BB-34B3F6820EAE} - \{045BF733-EB7A-4C92-9A4D-3CC9A533F0DA} -> No File <==== ATTENTION
Task: {87AE5DA7-3B44-4993-B246-37C9AFB289CA} - \{DD52D378-7CB6-4103-B7CB-CEB8F713E300} -> No File <==== ATTENTION
Task: {87DAD38E-1C20-48EA-AAEB-08AC4739DC7D} - \{8CE2615C-6AC0-4030-A887-E42B94BFA9D6} -> No File <==== ATTENTION
Task: {9061F53A-D83E-4C4C-8DA3-8828AB66933D} - \{290B5832-29A8-4102-B459-E30303DD0EB1} -> No File <==== ATTENTION
Task: {906C166C-17CC-44B9-8F31-F9397F8CFF4D} - \{95AF7C6C-0D22-4097-A0BA-2115195ABE40} -> No File <==== ATTENTION
Task: {90904650-488E-475C-98E3-F58B67318F9B} - \coupons_and_fun_updating_service -> No File <==== ATTENTION
Task: {91536AF1-F484-46E7-B6B2-7D60EBB8CD4F} - \{FDCBD0CC-816D-46A0-9E6C-BD2E0F6DA37D} -> No File <==== ATTENTION
Task: {94205AF7-0FBB-467A-8876-4E200A967598} - \{7437A165-B02E-4AAF-AAEB-B092DE8494EA} -> No File <==== ATTENTION
Task: {94881163-641A-4A62-A6C8-8F6B63C8370A} - \{12333994-9EC9-4422-A640-CCC1ACA8AB1B} -> No File <==== ATTENTION
Task: {98D38215-B7F0-41BB-8D57-3C7CAB79D653} - \{BD27B57D-DB8E-4DDC-AAF2-61D5AF9686A1} -> No File <==== ATTENTION
Task: {99553831-921F-4CC7-AF74-4327DA32035A} - \{DBC3418B-1DE9-44FE-84BF-64B1973B56D7} -> No File <==== ATTENTION
Task: {9A109CC5-D9B4-4BE4-8AEF-393F8C2B8173} - \{FDF2D748-1C5B-4280-8473-AAB32D20CF76} -> No File <==== ATTENTION
Task: {9A449F88-9F49-4B3F-927A-7440B7EF8DE3} - \{07C70E3D-8BE3-41A9-830E-E491D9058401} -> No File <==== ATTENTION
Task: {9B10E5E6-F464-4E4D-B03D-F87240F54A8F} - \coupons_and_fun_notification_service -> No File <==== ATTENTION
Task: {9B6F8B34-85EA-44E2-9BD6-EA315D746569} - \{299DD45D-47D7-4C9D-BDF5-480CAA6302F6} -> No File <==== ATTENTION
Task: {9D462400-312F-49E9-B9F2-BC139103459A} - \{43639429-14DC-48D1-BF78-1987A1BB864E} -> No File <==== ATTENTION
Task: {9FA33983-7B4A-47E3-9BE3-F576C8BA33DF} - \{642C71FA-DCB4-4F75-B659-34EE9570F8D3} -> No File <==== ATTENTION
Task: {9FE6D745-2EA4-425D-B718-8661C57FAD75} - \{4CD0F658-AABF-40F2-A701-D1CBC68E7AF5} -> No File <==== ATTENTION
Task: {A040AD14-515A-4014-B66F-3975D92835FC} - \{561272E7-898C-4E50-A001-C727A7DBBF79} -> No File <==== ATTENTION
Task: {A1D603F9-F83B-49E4-824B-5B8ED922484D} - \{773DBD55-3BE1-4709-834A-EF28DA0DFEA3} -> No File <==== ATTENTION
Task: {A524C7A8-FD0E-4B5B-9381-975464C5748A} - \{5391EC33-AEFC-4950-8F95-32A7873E4882} -> No File <==== ATTENTION
Task: {A5B01224-EBB6-4A7E-B17D-49429F330104} - \{5131064A-5B24-4E9B-B40C-E42C890A10D5} -> No File <==== ATTENTION
Task: {A5F1A4C7-92D6-4578-8573-48531ABDACBB} - \{0C39D59B-64C6-4E6B-84C6-AB556C129457} -> No File <==== ATTENTION
Task: {A64F46F6-EC0E-491C-B0E5-F28DFE108C28} - \{D51392F9-FBA5-4083-8041-F06093568E46} -> No File <==== ATTENTION
Task: {AA1C1FD3-DF32-434A-8183-AD2DE31A02E1} - \{28A1E884-0527-43F2-ADB0-84CFB9B3C154} -> No File <==== ATTENTION
Task: {ACAAE61A-EA69-46F0-B9EC-3D49732E83C2} - \{C849BB67-932F-49BC-9939-BC60C5A25066} -> No File <==== ATTENTION
Task: {AED1B781-66DB-4AE7-8E9D-0838E255A7D0} - \{7341FAA7-1FCE-414E-9EA5-E9EEA188D6CE} -> No File <==== ATTENTION
Task: {AF53A491-0991-4606-8CC0-E77AD6E5BC62} - \{D522F370-A345-47DE-A74D-5A932F3705F4} -> No File <==== ATTENTION
Task: {B0982C98-F420-4B6F-AB9C-AEF909E0389D} - \{E50759DE-ACEC-435E-9CEA-FF942C9ED51D} -> No File <==== ATTENTION
Task: {B1062B71-0EB2-40A2-885E-FBAF93EA0B76} - \{86BFCAEA-FDF2-4FD6-9C42-645A56ED90B1} -> No File <==== ATTENTION
Task: {B15BC34C-DB97-4265-B869-B8B8FCE9E959} - \{A57A6081-5972-4FCF-8D2B-D793867341E2} -> No File <==== ATTENTION
Task: {B3B7B041-8FBE-443D-872A-E02EC330435E} - \{CB2747D4-01AC-4126-8FBF-CF6372A1B545} -> No File <==== ATTENTION
Task: {B4F13F0B-5510-4D04-AAF5-E6D7662014B1} - \{779A1025-9DAC-4907-9806-6AD0298EA532} -> No File <==== ATTENTION
Task: {B81130D1-ADC5-4331-943B-6794BCBB3F46} - no filepath
Task: {BA5EA2B9-037E-402C-9CDC-76ED3144AFE8} - \{0B2E8D38-E2F4-4664-9ED5-2F65AD204AEC} -> No File <==== ATTENTION
Task: {BC63F092-3085-4230-8E35-FA61D8D8C7C5} - \{AD60BBB4-E956-4EA4-93C7-D6236328B21E} -> No File <==== ATTENTION
Task: {C013D968-E173-4B8A-A2AB-D1F978F52B5D} - \{D95DA88E-D1BD-41CE-8B93-0AE7C9229CE7} -> No File <==== ATTENTION
Task: {C0922C5B-27C4-4373-96AA-362CBCA7A228} - \{2570E579-544B-4476-B415-804957ABA4DA} -> No File <==== ATTENTION
Task: {C733F075-83C5-4815-A5B6-91F49D9BAFA6} - \{7A27D2EF-A219-49B9-9AE8-F260C76BCEC9} -> No File <==== ATTENTION
Task: {C86CD957-10C7-432B-9BEA-AAFE4F7755E6} - \{474D12C5-9E5C-4282-8229-3F734F98586C} -> No File <==== ATTENTION
Task: {C8A2ADBB-C4AB-48EE-A846-E4D5C82104E4} - \{32EBD1BF-8D5A-4778-9270-CDA181859C39} -> No File <==== ATTENTION
Task: {C9A3BFE3-D53F-46DF-935F-43E19D746CE9} - \{F4788590-2878-4246-9B65-997F436B1CE7} -> No File <==== ATTENTION
Task: {CB53B909-83D8-44BF-B11C-D94529186A30} - \{183E2C26-DE4A-43BE-83DF-7DB8EC808242} -> No File <==== ATTENTION
Task: {CDAFA60E-FC0E-4896-9D08-5F78F4663A1D} - \{DE7265C2-5B4E-403F-B90D-65D115F186C7} -> No File <==== ATTENTION
Task: {D08EF97B-0031-4E6F-826C-9F658D5DB1A3} - \{5CCEAA64-D75E-4BAF-BAA7-077EBA0F6D7E} -> No File <==== ATTENTION
Task: {D3E55202-7584-488A-8567-E962501E73A2} - \{1FE525F5-9A9C-4BE0-A017-8C831E5E7E06} -> No File <==== ATTENTION
Task: {D774E6E4-BDB7-48DA-AEF9-7B89E4B2E917} - \{5E3C9803-0ABD-4BD1-BD6B-0D036EF107C6} -> No File <==== ATTENTION
Task: {D8AA1DA3-3C6A-4E6B-9DAE-3D3A072DEE3C} - \{BB4B2CBE-9F89-4B03-BEFA-30C2B0283936} -> No File <==== ATTENTION
Task: {D9141D10-FD8E-403D-A17E-99FD4D44CEBF} - \{90A6E678-98E9-4835-8FC7-3225E0878DE1} -> No File <==== ATTENTION
Task: {DACE5D1F-42B6-4ED3-B49C-BBA07A8A8E4F} - \{23ACFCAB-24DE-4D71-BB56-0121D15C9854} -> No File <==== ATTENTION
Task: {DEAE654C-724F-4C1E-9451-0D1399F15709} - \{7A6DBB70-ACE8-4BEF-AE40-0C74D35C3E3D} -> No File <==== ATTENTION
Task: {DF280203-FBEF-4DF6-B812-3806AABA4013} - \update-sys -> No File <==== ATTENTION
Task: {DFDB715A-39DE-47A0-800E-4C6AB8BE1F29} - \{26459E4A-3952-408A-B1C5-5ADD14DCF284} -> No File <==== ATTENTION
Task: {E401BC0F-53D9-4B28-AA6E-B1FA6527EA2E} - \{96CEAA70-C8B6-404C-B285-494EE7555670} -> No File <==== ATTENTION
Task: {E4F98165-1938-49EB-9C85-0988817B4F98} - \{8495F13A-38A9-4978-BA78-193F345D31FE} -> No File <==== ATTENTION
Task: {E5BC2D54-130A-43AD-A53F-545F77C95C36} - \{7F658C86-2B36-45D1-94D8-4D1E5ACADCBE} -> No File <==== ATTENTION
Task: {E6CFA8CC-BEDB-4685-8A47-F5BB9A5B7F34} - \{AA3DBA3F-71D6-484B-880A-54ABDF62C5D3} -> No File <==== ATTENTION
Task: {E8BA350F-DDD1-4A8D-BB0D-7C5D26CE6C6C} - \Bidaily Synchronize Task[973b] -> No File <==== ATTENTION
Task: {ED330281-44BB-410B-892B-7E074BA59184} - \{1BF87C55-2F88-45E8-9BAD-DF0F7E7D9C6F} -> No File <==== ATTENTION
Task: {EDDAB509-3037-42EF-BC49-A55743E8DC8A} - \{F6C3CCBA-79E8-4D43-BE04-BE15D6D8B58A} -> No File <==== ATTENTION
Task: {EE258BCB-564F-4DF1-A3C0-B2CEC098E9B8} - \{B4A21FD2-832A-4908-AD2A-6B38EC02D4AE} -> No File <==== ATTENTION
Task: {F174762F-70C0-4E7F-AE1D-E0BEC0253A36} - \UtilTool Antivirus Uninstallation task -> No File <==== ATTENTION
Task: {F22D5EB5-1E51-4FB1-ACA2-71CEB34AC400} - \{D2BA58CB-45A0-49BC-8B56-E98FF95E109A} -> No File <==== ATTENTION
Task: {F2397D82-3932-4DE2-ACE5-D558FF68651F} - \{62A89521-D82E-49A5-836B-6F5F121E7949} -> No File <==== ATTENTION
Task: {F27DB97D-892E-4C3C-8130-79A820D48563} - \{BC2AF270-358B-4662-A9C8-89EE38688826} -> No File <==== ATTENTION
Task: {F64BFCD1-BCB2-4A10-B8B3-8603D0B36129} - \{9E0E9A39-6A52-4322-98F7-825F10C2F1C9} -> No File <==== ATTENTION
Task: {F7ADF2F9-8CC8-4A91-B051-12116D4E078D} - \{191F0379-CC41-447E-BD4B-AE10DBF7D3DF} -> No File <==== ATTENTION
Task: {F8530F81-6AA9-4AA9-B2AD-DEC192D929AC} - no filepath
Task: {FAA3241D-CA85-4A20-A6C5-5F677E78EA6E} - \{E0AAE885-7FCF-4A2C-BA19-96CA5E6EE21B} -> No File <==== ATTENTION
Task: {FAF269ED-29A5-4509-AC44-70E9F6C0E6C8} - \{2E97BB2A-B64E-4E25-AE7A-303022D72EB5} -> No File <==== ATTENTION
Task: {FC4E7752-5966-45D7-ADAC-538F7431FEBF} - \{2AFF3FFF-C0C7-496D-9532-AA76389FF8E1} -> No File <==== ATTENTION
Task: {FC5B0757-55E1-4646-B036-7A47CBA1B012} - \{A5791B10-2C91-4460-B01D-31759DD53E9C} -> No File <==== ATTENTION
Task: {FE107C6A-91C2-48B5-B8B1-099DCDE12898} - \update-S-1-5-21-891269962-2659327078-604941568-1000 -> No File <==== ATTENTION
Task: {FE926D2E-8C67-40E6-B2B5-D3F6E50047C8} - \{CDEFA47E-F98A-4418-AE96-AE94152A81BB} -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\home:Heroes & Generals [38]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
FirewallRules: [{5A1A156A-AE18-4F77-90FE-6DEEA7E4C1EB}] => (Allow) C:\Users\home\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{D70A3DF0-ACCE-4650-9BB1-49F13955213A}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{964E4CC6-DDD4-41D5-8B2B-ED0D2490481F}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{A19A0002-B4BC-4F76-BBC5-F9A646D6F5EF}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{AEF41E2D-43DA-4328-A5FA-7C219813C88B}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Twitch.lnk
C:\Windows\SysWow64\Auhardwaregl.dll
C:\Windows\system32\drivers\netboostmaster.sys
C:\Windows\system32\drivers\Uefochubsrv.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 29 May 2017 - 08:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users