Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really sneaky virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 PussEKatt

PussEKatt

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 10 September 2017 - 03:06 AM

Hi all,

  I have a very sneeky virus that is actually sitting on my PC and apparently waiting for me to go on the internet,it will then activate itself and cause much havoc.

Let me explain.I am running Windows 7 home premium on a 64bit system.When I first got this virus I went on the Windows 7 forums and was helped by "Torchwood", he agrees that there is definately something wrong and suggested I contact "Bleeping Computers/am i infected,so here I am.Torchwood also said to refer to my thread at Windows 7 forums which is at

https://www.sevenforums.com/general-discussion/409936-safe-mode-restore-problems.html.

Basicly what happened is I got a virus called "wtmhdintus"With Torchwoods help I was able to get rid of 99% of it but here is the problem.Using Un-Hack me I managed to get rid of 99% of the virus but according to the log that I printed for Torchwood there is still a piece of the virus on my PC and as this part is lying dormant Un-Hack me and various other solutions have all failed to find it.I have never heard of this type of behavior before from a virus so I really hope someone can help.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:41 PM

Posted 10 September 2017 - 09:38 AM

Hello, please repost this by doing steps 6 and 7. We can get to the bottom then.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 PussEKatt

PussEKatt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 11 September 2017 - 09:45 AM

I followed the advice given above and included the log files asked for ( I had to attach the files ) because I kept getting a time out error but I dont see my new topic/thread ? so I am placing the log files here.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Colin (administrator) on COLIN-PC (09-09-2017 19:00:35)
Running from C:\Users\Colin\Desktop
Loaded Profiles: Colin (Available Profiles: Colin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\TotalAV\SecurityService.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\TotalAV\TotalAV.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-1413940874-3548436395-3315761783-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-18] (SUPERAntiSpyware)
HKU\S-1-5-21-1413940874-3548436395-3315761783-1000\...\Run: [CCleaner Monitoring] => "I:\CCleaner\CCleaner64.exe" /MONITOR
HKU\S-1-5-21-1413940874-3548436395-3315761783-1000\...\MountPoints2: {577760c7-5577-11e7-aade-806e6f6e6963} - E:\Bin\Instv2.exe
BootExecute: autocheck autochk * Partizan
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{C0AA6FE9-6A55-416C-ACD4-FCBE4B261520}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C0AA6FE9-6A55-416C-ACD4-FCBE4B261520}: [DhcpNameServer] 10.1.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1413940874-3548436395-3315761783-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1413940874-3548436395-3315761783-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
URLSearchHook: [S-1-5-21-1413940874-3548436395-3315761783-1000] ATTENTION => Default URLSearchHook is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF HKU\S-1-5-21-1413940874-3548436395-3315761783-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Colin\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Colin\AppData\Roaming\IDM\idmmzcc5 [2017-09-08] [not signed]
FF HKU\S-1-5-21-1413940874-3548436395-3315761783-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-1413940874-3548436395-3315761783-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
 
Chrome: 
=======
CHR Profile: C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
CHR Extension: (Docs) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-08]
CHR Extension: (Google Drive) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08]
CHR Extension: (YouTube) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
CHR Extension: (Gmail) - C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [324560 2017-06-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [441696 2017-08-11] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [514024 2016-10-05] (Intel Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-09-03] () [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [32224 2016-09-19] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2017-09-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-09] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2016-09-06] (Intel Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-09-06] (Greatis Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 wtmhdkernel; C:\Windows\system32\drivers\wtmhdkernel.sys [205160 2010-11-21] () [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-09 19:00 - 2017-09-09 19:00 - 000009620 _____ C:\Users\Colin\Desktop\FRST.txt
2017-09-09 19:00 - 2017-09-09 19:00 - 000000000 ____D C:\FRST
2017-09-09 15:40 - 2017-09-09 15:25 - 002395648 _____ (Farbar) C:\Users\Colin\Desktop\FRST64.exe
2017-09-08 20:41 - 2017-09-08 20:46 - 000152708 _____ C:\Windows\ntbtlog.txt
2017-09-08 20:26 - 2017-09-08 20:26 - 000002762 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-08 20:19 - 2017-09-08 20:19 - 000000000 ____D C:\Windows\pss
2017-09-07 22:32 - 2017-09-09 18:59 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-07 22:23 - 2017-09-07 22:23 - 000000207 _____ C:\Windows\tweaking.com-regbackup-COLIN-PC-Windows-7-Home-Premium-(64-bit).dat
2017-09-07 22:23 - 2017-09-07 22:23 - 000000000 ____D C:\RegBackup
2017-09-07 22:16 - 2017-09-07 22:17 - 000000000 ____D C:\Users\Public\Desktop\CC Support
2017-09-07 20:34 - 2017-09-08 08:45 - 000000000 ____D C:\VIPRERESCUE
2017-09-07 20:34 - 2016-03-04 12:26 - 000032400 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2017-09-07 20:34 - 2015-08-27 07:31 - 000040584 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2017-09-06 20:11 - 2017-09-06 20:11 - 000040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2017-09-06 20:00 - 2017-09-09 18:58 - 000000248 _____ C:\Windows\SysWOW64\PARTILOG.EXE
2017-09-06 19:53 - 2017-09-06 19:53 - 000000000 ____D C:\@RestoreQuarantine
2017-09-06 19:50 - 2017-09-08 20:46 - 000002447 _____ C:\Windows\SysWOW64\Partizan.RRI
2017-09-06 19:44 - 2017-09-08 20:50 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2017-09-06 19:44 - 2017-09-08 20:50 - 000000000 ____D C:\Users\Colin\Documents\RegRun2
2017-09-06 19:44 - 2017-09-08 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-09-06 19:44 - 2017-09-08 08:45 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-09-06 19:44 - 2017-09-06 19:45 - 000000000 ____D C:\ProgramData\RegRun
2017-09-06 19:44 - 2017-09-06 19:44 - 000001011 _____ C:\Users\Colin\Desktop\UnHackMe.lnk
2017-09-06 19:44 - 2017-09-06 19:44 - 000000418 _____ C:\Windows\Tasks\UnHackMe Task Scheduler.job
2017-09-06 19:44 - 2017-09-06 19:44 - 000000002 RSHOT C:\Windows\winstart.bat
2017-09-06 19:44 - 2017-09-06 19:44 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-09-06 19:44 - 2017-09-06 19:44 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-09-06 19:44 - 2017-08-30 11:47 - 000014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2017-09-06 19:44 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2017-09-04 20:37 - 2017-09-08 08:45 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-09-04 20:37 - 2017-09-08 08:45 - 000000000 ____D C:\Windows\SysWOW64\GPBAK
2017-09-04 20:37 - 2008-04-14 02:11 - 000295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2017-09-04 20:37 - 2001-08-23 13:00 - 000034871 _____ C:\Windows\SysWOW64\gpedit.msc
2017-09-04 20:16 - 2017-09-08 08:45 - 000000000 ____D C:\Program Files (x86)\TotalAV
2017-09-04 20:16 - 2017-09-04 20:16 - 000001020 _____ C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2017-09-04 20:16 - 2017-09-04 20:16 - 000000000 ____D C:\Users\Colin\AppData\Roaming\TotalAV
2017-09-04 19:21 - 2017-09-04 19:21 - 000875463 _____ C:\Users\Colin\Desktop\add_gpedit_msc_by_jwils876.zip
2017-09-03 22:45 - 2017-09-03 22:45 - 026980753 _____ C:\Users\Colin\Desktop\cce_public_x86.zip
2017-09-03 22:13 - 2017-09-03 22:13 - 000193436 _____ C:\TDSSKiller.3.1.0.15_03.09.2017_22.13.25_log.txt
2017-09-03 22:09 - 2017-09-03 22:09 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-09-03 21:44 - 2017-09-03 21:44 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-09-03 21:43 - 2017-09-03 21:48 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-03 21:42 - 2017-09-03 22:14 - 000003374 _____ C:\Users\Colin\Desktop\Rkill.txt
2017-09-03 21:40 - 2017-09-08 08:45 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-09-02 17:41 - 2017-09-08 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-02 17:41 - 2017-09-02 17:47 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-02 17:41 - 2017-09-02 17:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-02 17:41 - 2017-09-02 17:41 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-02 17:41 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-02 17:34 - 2017-09-03 20:50 - 000140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-08-31 22:43 - 2017-08-31 22:43 - 000000000 ____D C:\Users\Colin\AppData\Local\ElevatedDiagnostics
2017-08-31 21:43 - 2017-08-31 20:01 - 012845072 _____ (IObit ) C:\Users\Colin\Desktop\sd5_setup.exe
2017-08-31 21:43 - 2017-08-30 22:47 - 009932672 _____ C:\Users\Colin\Desktop\bitdefender_online.exe
2017-08-30 20:55 - 2017-09-08 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-08-30 20:55 - 2017-09-08 08:45 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-30 20:55 - 2017-08-30 20:55 - 000000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f75019b9-7557-425a-9990-75f0ee055139.job
2017-08-30 20:55 - 2017-08-30 20:55 - 000000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6506c494-bc70-4be6-8608-43bd7464a13d.job
2017-08-30 20:55 - 2017-08-30 20:55 - 000000000 ____D C:\Users\Colin\AppData\Roaming\SUPERAntiSpyware.com
2017-08-30 20:55 - 2017-08-30 20:55 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-08-30 20:24 - 2017-08-30 20:24 - 000002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-30 20:24 - 2017-08-30 20:24 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-27 22:47 - 2017-09-08 08:45 - 000000000 ____D C:\Users\Colin\AppData\Roaming\ae65c38d79ba402c8ced2148f46eacb1
2017-08-27 22:47 - 2017-09-08 08:45 - 000000000 ____D C:\Users\Colin\AppData\Local\f46802122f414b3dbec9e1924c2be0fd
2017-08-27 22:46 - 2017-08-27 22:46 - 000000258 __RSH C:\Users\Colin\ntuser.pol
2017-08-27 22:36 - 2017-09-08 08:45 - 000000000 ____D C:\Users\Colin\AppData\Roaming\08f068fe99da4b579c3473013e86dcc3
2017-08-27 22:36 - 2017-09-08 08:45 - 000000000 ____D C:\Users\Colin\AppData\Local\a870a402b92847829d9bf43e926b6034
2017-08-27 22:36 - 2017-08-27 22:37 - 005563776 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2017-08-27 22:36 - 2017-08-27 22:37 - 000642944 _____ (Microsoft Corporation) C:\Windows\system32\osloader.efi
2017-08-27 22:35 - 2017-08-28 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\WindowsTM
2017-08-27 22:35 - 2017-08-27 22:35 - 000000000 ____D C:\ProgramData\Cache
2017-08-27 22:35 - 2017-08-25 23:33 - 001952256 ___SH C:\Users\Colin\AppData\Roaming\tmp546.dat
2017-08-27 22:34 - 2017-09-07 22:32 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-08-27 22:33 - 2017-09-08 08:45 - 000000000 ___HD C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAABF70B8}
2017-08-27 22:33 - 2017-08-27 22:33 - 000000000 ___HD C:\ProgramData\{4FCEED6C-B7D9-405B-A844-C3DBF418BF87}
2017-08-27 22:32 - 2017-08-27 22:32 - 000000000 ____D C:\Windows\Azart
2017-08-25 19:00 - 2017-08-25 22:05 - 000000000 ____D C:\Users\Colin\Desktop\Penny
2017-08-24 20:28 - 2017-08-27 22:11 - 000000000 ____D C:\Users\Colin\Desktop\TCM 2003
2017-08-22 21:48 - 2017-09-08 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront
2017-08-22 21:48 - 2017-08-22 21:48 - 000001330 _____ C:\Users\Colin\Desktop\Down in Flames.lnk
2017-08-22 21:47 - 2017-08-22 21:47 - 000000000 ____D C:\Program Files (x86)\Battlefront
2017-08-22 21:43 - 2017-09-08 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncommon Valor
2017-08-22 21:43 - 2017-08-22 21:43 - 000001664 _____ C:\Users\Colin\Desktop\Uncommon Valor Game Menu.lnk
2017-08-22 21:43 - 2017-08-22 21:36 - 000720896 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe
2017-08-22 21:37 - 2017-08-22 21:37 - 000000000 ____D C:\Matrix Games
2017-08-22 21:30 - 2017-08-22 21:30 - 000000330 _____ C:\Windows\ereg077.dat
2017-08-22 21:30 - 2017-08-22 21:30 - 000000000 _____ C:\Windows\SETUP32.INI
2017-08-22 21:27 - 2017-09-08 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2017-08-22 21:27 - 2017-08-22 21:27 - 000002132 _____ C:\Users\Public\Desktop\A Bridge Too Far.lnk
2017-08-22 21:26 - 2017-08-22 21:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2017-08-22 21:15 - 1998-10-29 16:45 - 000306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2017-08-22 20:13 - 2017-09-08 08:45 - 000000000 ____D C:\Users\Colin\Desktop\Prod Key
2017-08-15 19:28 - 2017-08-15 21:49 - 000000910 _____ C:\Users\Colin\Desktop\Ocean Games.txt
2017-08-14 19:07 - 2017-08-20 16:50 - 000000000 ____D C:\Users\Colin\Desktop\Print Fin
2017-08-12 19:49 - 2017-08-12 19:49 - 000781699 _____ C:\Users\Colin\Downloads\Full Manual (English).pdf
2017-08-12 19:16 - 2017-08-12 19:20 - 051242360 _____ C:\Users\Colin\Downloads\Karlmod_full_version.1.rar
2017-08-10 20:58 - 2017-08-10 20:58 - 000000000 ____D C:\Users\Reg\AppData\Roaming\ImgBurn
2017-08-10 20:58 - 2017-08-10 20:58 - 000000000 ____D C:\Users\Reg
2017-08-10 18:59 - 2017-09-08 08:45 - 000000000 ____D C:\Users\Colin\Desktop\Pete
2017-08-10 18:55 - 2017-08-25 22:03 - 000000000 ____D C:\Users\Colin\Desktop\Cindy
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-09 18:59 - 2017-06-20 16:14 - 000000000 __SHD C:\Users\Colin\IntelGraphicsProfiles
2017-09-09 18:58 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-09 15:19 - 2009-07-14 12:45 - 000020464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-09 15:19 - 2009-07-14 12:45 - 000020464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-09 14:54 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-09 14:54 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2017-09-08 20:27 - 2017-06-23 21:25 - 000000000 ____D C:\Users\Colin\AppData\Roaming\IDM
2017-09-08 20:26 - 2017-06-21 07:14 - 000000000 ____D C:\Windows\Panther
2017-09-08 08:45 - 2017-07-31 20:30 - 000000000 ____D C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BUG Mod 4.4
2017-09-08 08:45 - 2017-07-26 19:32 - 000000000 ____D C:\Users\Colin\Desktop\Zipped Games
2017-09-08 08:45 - 2017-07-26 19:21 - 000000000 ____D C:\Users\Colin\Desktop\Chk Out
2017-09-08 08:45 - 2017-07-12 03:04 - 000000000 ____D C:\Users\Colin\AppData\Local\FM_Scout_Editor_2017
2017-09-08 08:45 - 2017-07-09 04:48 - 000000000 ____D C:\Users\Colin\Desktop\CHK
2017-09-08 08:45 - 2017-07-05 07:03 - 000000000 ____D C:\Users\Colin\Desktop\Combat.Command.2.Danger.Forward.Gold.Edition-iND
2017-09-08 08:45 - 2017-06-27 20:15 - 000000000 ____D C:\Users\Colin\AppData\Roaming\anyburn
2017-09-08 08:45 - 2017-06-24 16:36 - 000000000 ____D C:\Users\Colin\AppData\Roaming\Thunderbird
2017-09-08 08:45 - 2017-06-23 21:25 - 000000000 ____D C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-09-08 08:45 - 2017-06-23 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-09-08 08:45 - 2017-06-23 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-09-08 08:45 - 2017-06-23 20:23 - 000000000 ____D C:\Program Files\7-Zip
2017-09-08 08:45 - 2017-06-22 22:19 - 000000000 ____D C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-09-08 08:45 - 2017-06-22 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shareaza
2017-09-08 08:45 - 2017-06-22 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler
2017-09-08 08:45 - 2017-06-22 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyBurn
2017-09-08 08:45 - 2017-06-22 20:11 - 000000000 ____D C:\Users\Colin\Desktop\ShortCuts
2017-09-08 08:45 - 2017-06-22 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-09-08 08:45 - 2017-06-20 15:59 - 000000000 ____D C:\Users\Colin\AppData\Local\Apps\2.0
2017-09-08 08:45 - 2017-06-20 15:43 - 000000000 ____D C:\ProgramData\Intel
2017-09-08 08:45 - 2017-06-20 15:23 - 000000000 ____D C:\Users\Colin
2017-09-08 08:45 - 2011-04-12 16:28 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-09-08 08:45 - 2009-07-14 13:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-08 08:45 - 2009-07-14 13:32 - 000000000 ____D C:\Windows\Offline Web Pages
2017-09-08 08:45 - 2009-07-14 13:32 - 000000000 ____D C:\Windows\Downloaded Program Files
2017-09-08 08:45 - 2009-07-14 13:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2017-09-08 08:45 - 2009-07-14 13:32 - 000000000 ____D C:\Program Files\Microsoft Games
2017-09-08 08:45 - 2009-07-14 13:32 - 000000000 ____D C:\Program Files\DVD Maker
2017-09-08 08:45 - 2009-07-14 13:32 - 000000000 ____D C:\Program Files (x86)\Windows Sidebar
2017-09-08 08:45 - 2009-07-14 12:45 - 000000000 ____D C:\Windows\Setup
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 __RSD C:\Windows\Media
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\TAPI
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\sysprep
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\Msdtc
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\ias
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\GroupPolicy
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\servicing
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\security
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\PLA
2017-09-08 08:45 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\Help
2017-09-08 08:44 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2017-09-07 22:37 - 2017-06-20 15:59 - 000057560 _____ C:\Users\Colin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-07 22:36 - 2009-07-14 13:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-07 22:31 - 2009-07-14 12:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-03 21:58 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\S3 IDI
2017-08-30 20:56 - 2010-11-21 11:24 - 000000000 __SHD C:\Users\Colin\AppData\Roaming\82F840
2017-08-30 20:46 - 2017-06-23 21:25 - 000000000 ____D C:\Users\Colin\AppData\Roaming\DMCache
2017-08-30 20:28 - 2017-06-20 16:00 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-30 20:28 - 2017-06-20 16:00 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-30 20:24 - 2017-06-20 16:00 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-27 22:36 - 2009-07-14 10:34 - 000001658 _____ C:\Windows\system32\Drivers\etc\hosts_bak_15
2017-08-27 22:34 - 2017-06-23 21:25 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-08-27 21:15 - 2017-07-05 07:03 - 000000000 ____D C:\Users\Colin\Desktop\Files
2017-08-27 20:55 - 2017-07-13 02:58 - 000000000 ____D C:\Users\Colin\Desktop\Reviews
2017-08-25 19:29 - 2017-06-23 21:25 - 000000000 ____D C:\Users\Colin\Downloads\Compressed
2017-08-22 21:15 - 2017-06-22 22:18 - 000000000 ____D C:\Windows\BBSTORE
2017-08-19 22:09 - 2017-07-01 21:34 - 000000000 ____D C:\Users\Colin\Desktop\ISOs
2017-08-18 21:43 - 2017-07-05 07:05 - 000000000 ____D C:\Users\Colin\Desktop\Bin Q
2017-08-15 19:35 - 2017-06-25 17:29 - 000000000 ____D C:\Users\Colin\Desktop\HDD Contents
2017-08-14 19:34 - 2017-08-01 22:22 - 000000000 ____D C:\Users\Colin\Desktop\To Print
2017-08-10 21:16 - 2017-08-09 22:35 - 000000000 ____D C:\Users\Colin\Desktop\Re=Makes
 
==================== Files in the root of some directories =======
 
2017-08-27 22:35 - 2017-08-25 23:33 - 001952256 ___SH () C:\Users\Colin\AppData\Roaming\tmp546.dat
2017-06-20 15:42 - 2017-06-20 15:42 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-22 18:56
 
==================== End of FRST.txt ============================
"wtmhdintus" is 4th entry up from the bottom of the msconfig services entry:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Colin (09-09-2017 19:01:02)
Running from C:\Users\Colin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-06-20 07:23:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1413940874-3548436395-3315761783-500 - Administrator - Disabled)
Colin (S-1-5-21-1413940874-3548436395-3315761783-1000 - Administrator - Enabled) => C:\Users\Colin
Guest (S-1-5-21-1413940874-3548436395-3315761783-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1413940874-3548436395-3315761783-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 3.5 - Power Software Ltd)
Down in Flames (HKLM-x32\...\Down in Flames_is1) (Version:  - Battlefront.com, Inc.)
DVDStyler v3.0.3 (HKLM\...\DVDStyler_is1) (Version:  - Thüring IT-Consulting)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus SX110_TX110 Manual (HKLM-x32\...\Epson Stylus SX110_TX110 User’s Guide) (Version:  - )
EPSON TX110 Series Printer Uninstall (HKLM\...\EPSON TX110 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: build 25 - Crackingpatching.com Team)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4508 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Close Combat: A Bridge Too Far (HKLM-x32\...\Close Combat) (Version:  - )
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7940 - Realtek Semiconductor Corp.)
Shareaza 2.7.9.0 (HKLM-x32\...\Shareaza_is1) (Version: 2.7.9.0 - Shareaza Development Team)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
Uncommon Valor v1.0 (HKLM-x32\...\UncommonValorv100) (Version:  - )
UnHackMe 9.20 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-06-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {F2B36E51-ABB3-4C6A-9DB2-B939B63E8CA6} - System32\Tasks\CCleanerSkipUAC => I:\CCleaner\CCleaner.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6506c494-bc70-4be6-8608-43bd7464a13d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f75019b9-7557-425a-9990-75f0ee055139.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\UnHackMe Task Scheduler.job => C:\Program Files (x86)\UnHackMe\hackmon.exe$(Arg0)Greatis Software, LLC.?Part of RegRun Suite/UnHackMe software. hxxp:/www.greatis.com
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-04 20:16 - 2017-08-11 18:45 - 000441696 _____ () C:\Program Files (x86)\TotalAV\SecurityService.exe
2016-10-07 15:48 - 2016-10-07 15:48 - 000387128 ____R () C:\Program Files\Intel\NCS2\WmiProv\Ncs2Provider.dll
2016-10-07 15:48 - 2016-10-07 15:48 - 000206904 ____R () C:\Program Files\Intel\NCS2\Agent\AdapterAgnt.DLL
2017-09-04 20:16 - 2017-08-11 18:45 - 002675040 _____ () C:\Program Files (x86)\TotalAV\TotalAV.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Colin\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Colin\Downloads\Compressed:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Colin\Downloads\Documents:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Colin\Downloads\Music:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Colin\Downloads\Programs:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Colin\Downloads\Video:Shareaza.GUID [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96697280.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96697280.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2017-09-07 22:28 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1413940874-3548436395-3315761783-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IKEEXT => 3
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: upnphost => 2
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wtmhdintus => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 2
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupreg: 002kXwVR1yg.exe => C:\Users\Colin\AppData\Roaming\c9bf0d6c58ef44f0abe3e57b137013a5\002kXwVR1yg.exe 
MSCONFIG\startupreg: 39YD5xV.exe => C:\Users\Colin\AppData\Local\a870a402b92847829d9bf43e926b6034\39YD5xV.exe 
MSCONFIG\startupreg: AeT7sWlO9.exe => C:\Users\Colin\AppData\Roaming\c667e727858840e4b547350cda1ce73a\AeT7sWlO9.exe -r1_1 -r2_2
MSCONFIG\startupreg: CloudNet => "C:\Users\Colin\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" 31337
MSCONFIG\startupreg: DSS => C:\Windows\BBSTORE\DSS\DSSAGENT.EXE
MSCONFIG\startupreg: EPSON TX110 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBP.EXE /FU "C:\Windows\TEMP\E_S8660.tmp" /EF "HKCU"
MSCONFIG\startupreg: gplyra => C:\Users\Colin\AppData\Roaming\gplyra\gplyra.exe
MSCONFIG\startupreg: HoXuaNg3JzwU.exe => C:\Users\Colin\AppData\Roaming\db50892ee5e947b69ca9d4dd623d4416\HoXuaNg3JzwU.exe -r1_1 -r2_2
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: msiql => C:\Users\Colin\AppData\Local\Temp\00016181\msiql.exe /RUNNING
MSCONFIG\startupreg: n8tmdnçYg3.exe => C:\Program Files\Uninstall Information\EGSC21TJVBWOWLLZ6\n8tmdnçYg3.exe 
MSCONFIG\startupreg: r5U7I4Zjkux79Q.exe => C:\ProgramData\0883d8aa4f314dc28073903b5c9fb464\r5U7I4Zjkux79Q.exe 
MSCONFIG\startupreg: Realtek_HD_Audio_Driver => C:\ProgramData\MicrosoftCorporation\Windows\System32\Isass.exe
MSCONFIG\startupreg: rQXD93NvyGhF.exe => C:\ProgramData\73a89ce208474e31a8cdcd17daac8db1\rQXD93NvyGhF.exe -r1_1 -r2_2
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SilentWildflower => "C:\Windows\rss\csrss.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: XStceHH.exe => C:\ProgramData\e79a3bc7a5cd46efaf34a487d62a77a2\XStceHH.exe 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9DDD00F6-3119-4F17-97E4-946BAA7F39A5}] => (Allow) C:\Program Files (x86)\Shareaza\Shareaza.exe
FirewallRules: [{01544912-9850-43BE-8CBE-0C8BD37BC4F6}] => (Allow) C:\Program Files (x86)\Shareaza\Shareaza.exe
FirewallRules: [TCP Query User{14C081BE-ACA4-4B1E-849C-3ADEBCF47A9C}C:\program files (x86)\shareaza\shareaza.exe] => (Allow) C:\program files (x86)\shareaza\shareaza.exe
FirewallRules: [UDP Query User{125BAA1E-F77E-4461-994A-046F08A91C33}C:\program files (x86)\shareaza\shareaza.exe] => (Allow) C:\program files (x86)\shareaza\shareaza.exe
FirewallRules: [{9E12B889-3AFF-4735-BF7A-5A6E22D342BB}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{71D64DF4-5541-4B89-ADCD-28F84DE9C692}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{27594466-517D-42CA-896C-EE53C963A7C0}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{9E8F5B4B-D167-4C4D-A712-7172C2628BCD}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{791572B8-BB67-42AD-9017-07D5D6675C47}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{B978282D-FBDA-41F4-AF25-4DD2A5D693F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
 
==================== Restore Points =========================
 
22-07-2017 21:36:10 Removed Steam
23-07-2017 15:11:57 Removed Realtek High Definition Audio Driver
23-07-2017 15:15:15 Installed Realtek High Definition Audio Driver
23-07-2017 18:51:33 Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
23-07-2017 18:52:01 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
23-07-2017 18:52:09 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
23-07-2017 18:52:23 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
24-07-2017 19:50:28 Driver Booster : EPSON Scanner
24-07-2017 19:58:20 Windows Update
24-07-2017 20:42:48 Installed DirectX
25-07-2017 17:57:54 Device Driver Package Install: Intel® Corporation Sound, video and game controllers
25-07-2017 17:58:55 Device Driver Package Install: Intel Corporation Display adapters
25-07-2017 18:09:17 Revo Uninstaller's restore point - Driver Booster 4.4
25-07-2017 18:10:07 Revo Uninstaller's restore point - SlimDrivers
25-07-2017 18:10:16 Removed SlimDrivers
25-07-2017 18:12:51 Installed Microsoft Visual C++ 2005 Redistributable
27-08-2017 22:52:26 Revo Uninstaller's restore point - Everything 1.6
27-08-2017 22:52:55 Revo Uninstaller's restore point - FM Wizard Editor 17.3.1
27-08-2017 22:53:41 Revo Uninstaller's restore point - One System Care
27-08-2017 22:54:18 Revo Uninstaller's restore point - Online Application
27-08-2017 22:54:28 Removed Online Application
27-08-2017 22:55:08 Revo Uninstaller's restore point - PC Clean Plus
27-08-2017 22:59:00 Revo Uninstaller's restore point - PC Clean Plus
27-08-2017 23:00:04 Revo Uninstaller's restore point - QWiget 1.0.1
27-08-2017 23:01:05 Revo Uninstaller's restore point - VKOKAdBlock
27-08-2017 23:01:38 Revo Uninstaller's restore point - VidsqaurE
27-08-2017 23:02:11 Revo Uninstaller's restore point - System Healer
27-08-2017 23:03:04 Revo Uninstaller's restore point - 1.0.0.1
27-08-2017 23:04:09 Revo Uninstaller's restore point - Search module
27-08-2017 23:05:10 Revo Uninstaller's restore point - ProxyGate version 3.0.0.1180
28-08-2017 22:37:00 Revo Uninstaller's restore point - WindowsTM
28-08-2017 23:34:42 Revo Uninstaller's restore point - Google Chrome
07-09-2017 22:39:12 Restore Operation
08-09-2017 20:53:11 After Virus
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2017 06:59:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/09/2017 02:48:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/08/2017 08:49:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/08/2017 08:46:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\UnHackMe\reanimator.exe Files (x86)\UnHackMe\reanimator.exe" /wiz /full; Description = UnHackMe Malware Removal; Error = 0x8007043c).
 
Error: (09/08/2017 08:44:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\UnHackMe\reanimator.exe Files (x86)\UnHackMe\reanimator.exe" /wiz /full; Description = UnHackMe Malware Removal; Error = 0x8007043c).
 
Error: (09/08/2017 08:43:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/08/2017 08:42:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\UnHackMe\reanimator.exe Files (x86)\UnHackMe\reanimator.exe" /wiz /full; Description = UnHackMe Malware Removal; Error = 0x8007043c).
 
Error: (09/08/2017 08:28:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1413940874-3548436395-3315761783-1000}/">.
 
Error: (09/08/2017 08:26:57 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1413940874-3548436395-3315761783-1000}/">.
 
Error: (09/08/2017 08:21:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.33.0.6162 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fa0
 
Start Time: 01d3289cf3124b61
 
Termination Time: 1
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id:
 
 
System errors:
=============
Error: (09/09/2017 06:59:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (09/09/2017 06:59:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (09/09/2017 06:59:16 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (09/09/2017 06:59:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
epp
 
Error: (09/09/2017 02:48:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
epp
 
Error: (09/08/2017 08:49:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (09/08/2017 08:49:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
epp
 
Error: (09/08/2017 08:41:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
AsIO
DfsC
discache
epp
NetBIOS
NetBT
nsiproxy
Psched
rdbss
SASDIFSV
SASKUTIL
spldr
tdx
Wanarpv6
WfpLwf
wtmhdkernel
 
Error: (09/08/2017 08:41:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/08/2017 08:41:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-27 22:35:06.567
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-27 22:35:06.520
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-27 22:33:03.263
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-27 22:33:03.262
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7600 CPU @ 3.50GHz
Percentage of memory in use: 19%
Total physical RAM: 8060.63 MB
Available physical RAM: 6470.61 MB
Total Virtual: 16119.46 MB
Available Virtual: 14509.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:473.17 GB) (Free:350.61 GB) NTFS
Drive d: (Games) (Fixed) (Total:465.76 GB) (Free:286.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Misc E) (Fixed) (Total:415.64 GB) (Free:368.6 GB) NTFS
Drive f: (Windows 7) (Fixed) (Total:50.12 GB) (Free:41.81 GB) NTFS
Drive s: (Steam ) (Fixed) (Total:458.12 GB) (Free:211.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1DF0A70D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1A161A15)
Partition 1: (Not Active) - (Size=415.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =========================


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:41 PM

Posted 11 September 2017 - 09:49 AM

Hello, you're new topic is here and has a reply.
https://www.bleepingcomputer.com/forums/t/656930/infected-with-wtmhdintus-lying-dormant-waiting-to-pounce/

To avoid confusion I have closed this one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users