Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UUUUUUUU.uuu persists on SD, Android, Latitude despite much web advice


  • This topic is locked This topic is locked
1 reply to this topic

#1 SeatedWithHim

SeatedWithHim

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 03 June 2017 - 06:20 AM

I originally posted this on 30 April 2017 - 09:56 PM, but the post got hung up, so am starting a new post here with updated info.

 

I purchased a "new" Huawei Ascend Y330 and Samsung microSDHC card.  Apparently something had been used previously as I have the UUUUUUUU.uuu virus(?).  It does not seem to wipe out my current data, but whenever I create a new folder it fills the new folder with 1024 more folders all called UUUUUUUU.uuu, none of which can I open or delete.  I believe these folders have been created on the SD card both when it is in my SD slot in my laptop, and when it is in my Android phone. (It does not happen to folders on my laptop.)  If I pop the SD card into my laptop, Windows scans and fixes it so that I can delete the new folder and all the bogus sub-folders.

 

I have also tried reformatting the SD card, and reseting the phone to factory settings and still the problem comes back.

 

Initially I had been just using Microsoft Security Essentials.  Then I got Kaspersky Endpoint Security 10.  Neither have identified any viruses or other problems.  I have tried various suggestions I've found on the internet, including ComboFix.

 

I have a 2Tb external hard drive that also connects through USB, so would want to make sure it is clean also, in addition to the laptop, SD card and Android mobile phone.

 

Thanks for any help you can offer.

 

Here is the FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2017
Ran by Peter (administrator) on D4ZCDF12 (02-06-2017 17:25:57)
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter (Available Profiles: Admin & Peter)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
() C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\DIGICEL USB Modem\ModemListener.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
() C:\Program Files (x86)\OfficePopup\OfficePopup.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Farbar) C:\Users\Peter\Downloads\Farbar Recovery Scan Tool FRST64.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114944 2013-04-19] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-05-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-07-02] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-25] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2016-06-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ModemListener] => C:\Program Files (x86)\DIGICEL USB Modem\ModemListener.exe [98304 2011-01-11] ()
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 1916A2AF346D399F50313C393200F14140456616 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 6431723036FD26DEA502792FA595922493030F97 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: B533345D06F64516403C00DA03187D3BFEF59156 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: CEA586B2CE593EC7D939898337C57814708AB2BE (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (Avast Antivirus/Software) <==== ATTENTION
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-24] (Piriform Ltd)
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [8501760 2016-04-07] (FreeDownloadManager.org)
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5728208 2016-11-19] (SecureMix LLC)
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\...\MountPoints2: {88f37bd8-2087-11e5-9834-ecf4bb3b7076} - F:\autorun.exe
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\...\MountPoints2: {f8727c03-a32f-11e4-9956-ecf4bb3b7076} - E:\AutoRun.exe
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\...\MountPoints2: {f8727c11-a32f-11e4-9956-ecf4bb3b7076} - E:\AutoRun.exe
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\...\MountPoints2: {f8727c2d-a32f-11e4-9956-ecf4bb3b7076} - E:\AutoRun.exe
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 2130 series.lnk [2017-06-02]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 2130 series.lnk -> C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OfficePopup.lnk [2015-02-11]
ShortcutTarget: OfficePopup.lnk -> C:\Program Files (x86)\OfficePopup\OfficePopup.exe ()
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.239.1
Tcpip\..\Interfaces\{0C389E9B-7597-4DAE-B62B-7B15C312C29C}: [DhcpNameServer] 172.23.68.41 172.23.68.42
Tcpip\..\Interfaces\{145459EC-A593-42BE-9AA4-E1A6B8FB6F5D}: [NameServer] 10.149.64.76 8.8.8.8
Tcpip\..\Interfaces\{1D9B7E7D-BE1C-44A9-A381-97E28454E879}: [DhcpNameServer] 192.168.1.151 192.168.1.152
Tcpip\..\Interfaces\{2C8B24FA-FB9A-4BFC-A382-6A43E43F88DC}: [NameServer] 10.149.64.76 8.8.8.8
Tcpip\..\Interfaces\{41DB219B-71E4-4903-8D05-8931B81538A7}: [DhcpNameServer] 192.168.1.151 192.168.1.152
Tcpip\..\Interfaces\{55086DDC-9DF2-40C1-89C2-E5ABFC0C592B}: [DhcpNameServer] 192.168.1.151 192.168.1.152
Tcpip\..\Interfaces\{E225CA54-EDFA-46D1-856D-AA0363BA6F8E}: [DhcpNameServer] 192.168.239.1
Tcpip\..\Interfaces\{E6CDF7EF-5E08-49F6-A5A6-E8B58C498A93}: [DhcpNameServer] 192.168.1.151 192.168.1.152
Tcpip\..\Interfaces\{F73D4017-AEB7-43EE-837A-8FAB189CD964}: [DhcpNameServer] 192.168.1.151 192.168.1.152
 
Internet Explorer:
==================
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://usa.ntm.org/
HKU\S-1-5-21-473292948-3015293580-4091639569-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-473292948-3015293580-4091639569-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-06] (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-06] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-06] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-06] (Google Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found
FF HKLM-x32\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: (WordWeb one-click lookup) - C:\Program Files (x86)\WordWeb\WCaptureMoz [2016-05-15] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.1 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-02] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-24] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default [2017-06-02]
CHR Extension: (Google Slides) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-03-11]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-15]
CHR Extension: (Google Sheets) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-02]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
R2 DeviceManager; C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-08-27] () [File not signed]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4397008 2016-11-19] (SecureMix LLC)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-15] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-02] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-12] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2013-01-10] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-04-24] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-08-15] (Intel Corporation)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-05-21] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [112072 2013-06-14] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2161752 2013-06-29] (Realtek Semiconductor Corp.)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2013-03-22] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-02-14] ()
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2010-08-27] (TCT International Mobile Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-09-05] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [98400 2017-04-27] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30816 2013-07-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [661600 2017-04-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-07-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2013-07-01] (Kaspersky Lab ZAO)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-10-23] (Atheros)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-07-02] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S2 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34916 1999-08-30] (Marimba, Inc.) [File not signed]
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-08] (O2Micro )
S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-28] (STMicroelectronics)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-02 17:25 - 2017-06-02 17:26 - 00024373 _____ C:\Users\Peter\Downloads\FRST.txt
2017-06-02 17:22 - 2017-06-02 17:23 - 02433536 _____ (Farbar) C:\Users\Peter\Downloads\Farbar Recovery Scan Tool FRST64.exe
2017-06-02 14:53 - 2017-06-02 17:22 - 30663168 _____ (SecureMix LLC) C:\Users\Peter\Downloads\GlassWireSetup (2).exe
2017-06-02 13:49 - 2017-06-02 14:48 - 95375707 _____ C:\Users\Peter\Downloads\~yt44BE.tmp
2017-06-01 10:28 - 2017-06-02 05:48 - 344921464 _____ C:\Users\Peter\Downloads\~ytBB92.tmp
2017-05-30 06:52 - 2017-05-30 08:16 - 00009814 _____ C:\Users\Peter\Documents\Flight Manifest 170530 AYKC to AYHK.xlsx
2017-05-28 05:43 - 2017-05-29 11:51 - 00013810 _____ C:\Users\Peter\Documents\Lavalus Inventory, Stock Take & Needs List.xlsx
2017-05-27 20:16 - 2017-05-27 20:19 - 00010245 _____ C:\Users\Peter\Documents\VDD kids' heights - Jotham.xlsx
2017-05-27 15:03 - 2017-05-27 15:02 - 00015413 _____ C:\Users\Peter\Documents\VDD kids' heights1.xlsx
2017-05-21 16:01 - 2017-05-21 16:02 - 00000000 ____D C:\Users\Peter\Downloads\Kaulong Mobile SD cards
2017-05-20 13:30 - 2017-05-20 13:30 - 00000000 ____D C:\Program Files (x86)\Harmonic Vision
2017-05-20 13:29 - 2017-05-20 13:29 - 00003032 _____ C:\Windows\System32\Tasks\{149893F4-2411-4518-B635-9E3C2E92F3E5}
2017-05-06 14:32 - 2017-05-31 06:18 - 00097360 _____ C:\Users\Peter\Documents\For Sale and sorted stuff.xlsx
2017-05-06 14:32 - 2017-05-06 14:32 - 00000165 ____H C:\Users\Peter\Documents\~$For Sale and sorted stuff.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-02 17:25 - 2017-04-30 18:57 - 00000000 ____D C:\FRST
2017-06-02 17:24 - 2009-07-14 14:45 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-02 17:24 - 2009-07-14 14:45 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-02 17:23 - 2016-04-19 20:23 - 00000000 ____D C:\Users\Peter\AppData\Local\Free Download Manager
2017-06-02 17:22 - 2009-07-14 15:13 - 00802658 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-02 17:22 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf
2017-06-02 17:16 - 2017-04-26 14:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-06-02 17:16 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-02 14:48 - 2017-04-27 08:28 - 00000000 ____D C:\Users\Peter\Downloads\Antivirus software
2017-06-02 14:48 - 2016-08-09 22:35 - 00004142 _____ C:\Users\Peter\Documents\Peter Van Der Decker.kdbx
2017-06-02 14:48 - 2016-08-09 22:35 - 00000000 ____D C:\Users\Peter\AppData\Roaming\KeePass
2017-06-02 13:46 - 2016-07-13 18:36 - 00040096 _____ C:\Users\Peter\Documents\Check in List for Tribal locations 2016 07.xlsx
2017-05-31 16:34 - 2016-07-06 14:32 - 00000000 ____D C:\UUPlus6
2017-05-31 12:01 - 2013-12-07 12:39 - 00795272 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-31 09:05 - 2014-12-23 17:43 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-31 09:05 - 2014-12-23 17:43 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-30 17:29 - 2014-03-07 02:53 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-30 17:28 - 2014-01-14 07:50 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-30 17:28 - 2014-01-14 07:50 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-30 17:28 - 2014-01-14 07:50 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-30 17:28 - 2014-01-14 07:50 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-21 12:52 - 2016-10-09 07:20 - 00000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2017-05-20 13:35 - 2013-12-07 12:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-15 04:50 - 2015-01-08 04:34 - 00000000 ____D C:\Users\Peter\Documents\e-Sword
 
==================== Files in the root of some directories =======
 
2014-08-02 03:40 - 2015-04-11 10:37 - 0006656 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-07 11:05 - 2015-12-07 11:05 - 0007609 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2016-04-15 22:29 - 2016-04-15 22:29 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
2014-01-14 07:53 - 2014-01-14 08:02 - 98936120 _____ (                                                            ) C:\Users\Admin\AppData\Local\Temp\8A92.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-02 12:59
 
==================== End of FRST.txt ============================
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:24 AM

Posted 03 June 2017 - 10:13 AM

Duplicate...original topic at https://www.bleepingcomputer.com/forums/t/645568/uuuuuuuuuuu-persists-on-sd-android-despite-following-multiple-web-suggestions/ .

 

Please pursue posting at the original topic listed above.

 

This topic is now closed to posts.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users