Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp virus keeps comming


  • This topic is locked This topic is locked
10 replies to this topic

#1 SeekDNStroy

SeekDNStroy

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 02 June 2018 - 04:03 PM

Hello, so ihave been getting that virus in my task manager it's called random names like :
 
klhj.exe      lckc.exe      kokcs.exe     icke.exe      axude.exe        wintks.exe

i opened file location and it was in Temp
now the problem with this virus is that it takes 40% of my cpu i endtask it and delete it from temp it keeps comming back 

 

i downloaded alot of antiviruses but nothing work they keep comming back...
 

Attached Files


Edited by SeekDNStroy, 02 June 2018 - 04:13 PM.


BC AdBot (Login to Remove)

 


#2 SeekDNStroy

SeekDNStroy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 02 June 2018 - 04:10 PM

HELP


Edited by SeekDNStroy, 02 June 2018 - 04:14 PM.


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:32 PM

Posted 02 June 2018 - 07:37 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 

  • Highlight the entire content of the quote box below.

Start::  
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S3 DrvAgent64; \??\C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [X]
S1 kfjhhpvg; \??\C:\WINDOWS\system32\drivers\kfjhhpvg.sys [X]
S1 koucjxla; \??\C:\WINDOWS\system32\drivers\koucjxla.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
FF ProfilePath: C:\Users\f\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\4llp1768.default\Profiles\4llp1768.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\f\AppData\Roaming\Firefox\Firefox\Profiles\4llp1768.default [2017-10-16] <==== ATTENTION
HKU\S-1-5-21-378519289-2413007832-1559701836-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Footjane\Application\chrome.exe <==== ATTENTION
Task: {7906A941-0016-4A33-B763-4453ED09D66E} - System32\Tasks\curls => C:\Users\f\AppData\Roaming\curl\curl.exe <==== ATTENTION
Task: {A59BA09F-45B7-41E7-A143-B9C958AB4EBF} - System32\Tasks\wutphost => C:\Users\f\AppData\Local\wutphost\wutphost.exe <==== ATTENTION
Task: {C9999A87-395B-4B8B-9DD4-4366B247411B} - System32\Tasks\curl => C:\Users\f\AppData\Roaming\curl\curl_7_54.exe <==== ATTENTION
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [No File]
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
C:\Users\f\AppData\Local\Temp\klhj.exe
C:\Users\f\AppData\Local\Temp\axuds.exe
C:\Users\f\AppData\Local\Temp\kokcs.exe
ShortcutTarget: MEGAsync.lnk -> C:\Users\f\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
2018-05-30 07:57 - 2018-06-02 15:01 - 000000000 _____ () C:\Users\f\AppData\Local\Temp\05989ba9835688c880afaaa90a04c180.dll
2018-06-02 22:24 - 2018-06-02 22:24 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\axuds.exe
2018-05-30 07:58 - 2018-06-02 13:48 - 000000088 _____ () C:\Users\f\AppData\Local\Temp\fe151dab0d30158ffd83abec5ee7b7ef.dll
2018-06-02 21:59 - 2018-06-02 21:59 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\klhj.exe
2018-06-02 22:25 - 2018-06-02 22:25 - 000011776 _____ () C:\Users\f\AppData\Local\Temp\kokcs.exe
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
Task: {A59BA09F-45B7-41E7-A143-B9C958AB4EBF} - System32\Tasks\wutphost => C:\Users\f\AppData\Local\wutphost\wutphost.exe <==== ATTENTION
2017-06-07 22:09 - 2017-06-07 22:09 - 000598528 _____ () C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll
2018-06-02 21:59 - 2018-06-02 21:59 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\klhj.exe
2018-06-02 22:24 - 2018-06-02 22:24 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\axuds.exe
2018-06-02 22:25 - 2018-06-02 22:25 - 000011776 _____ () C:\Users\f\AppData\Local\Temp\kokcs.exe
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\WhatsApp\WhatsApp.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Discord\app-0.0.301\Discord.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winuykygj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpftgg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\usqxo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winfabgk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wqfm.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windgwcl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\asrbns.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nmylf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winwpfqjl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\skaf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windvrvb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winrpnxn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winiqjlx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hnrkr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winagrxg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winjutoti.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winawhanv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ywoyx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nuvgiy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpwawj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nkgfcw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winufgst.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\omsatf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winrlake.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\uocbg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\is-OENT3.tmp\stat\InstStat.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\eofepe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winjjucvi.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingqvfq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\~nsu.tmp\Au_.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\New Technology Studio\Apps\OpenIV\uninstall.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ovi-uninstall.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvqxwf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winiiaq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winumujk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\erhh.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winlkhur.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winknxn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mirfp.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\okrfo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvatkf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ccuml.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winqlcks.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\xqxli.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winilvial.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvtrms.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winoqakn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\dmcxf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winlcfr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmttslr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nrnfwo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wintfyw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\cume.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\otrq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingyjl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hmuffn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpfqolt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windfqedy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\jyfg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mnvmhk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\emvsv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winsvdisv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pjem.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wyqjkb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mrkglt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mgci.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\blrpx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\sfmxy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\quycd.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pbovl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\rtyaot.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windwiwk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ofsthb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winnpnf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winbixwkx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\fqtt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\jclqep.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\twgxpx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmxqakv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\lvvc.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ngex.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\uwtpsv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winxjjsb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hdjkou.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windynfln.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winhpoex.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvqcv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\eibo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmldhe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingmxbqe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pnsj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingbph.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winbpret.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\fgsrys.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winubqpw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\klhj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\kokcs.exe] => Enabled:ipsec
C:\Users\f\AppData\Local\Temp\noayet.exe
C:\Users\f\AppData\Local\Temp\klhj.exe
C:\Users\f\AppData\Local\Temp\axuds.exe
C:\Users\f\AppData\Local\Temp\kokcs.exe
2018-05-30 07:57 - 2018-06-02 15:01 - 000000000 _____ () C:\Users\f\AppData\Local\Temp\05989ba9835688c880afaaa90a04c180.dll
2018-06-02 22:24 - 2018-06-02 22:24 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\axuds.exe
2018-05-30 07:58 - 2018-06-02 13:48 - 000000088 _____ () C:\Users\f\AppData\Local\Temp\fe151dab0d30158ffd83abec5ee7b7ef.dll
2018-06-02 21:59 - 2018-06-02 21:59 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\klhj.exe
2018-06-02 22:25 - 2018-06-02 22:25 - 000011776 _____ () C:\Users\f\AppData\Local\Temp\kokcs.exe
2018-06-02 21:59 - 2018-06-02 21:59 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\klhj.exe
2018-06-02 22:24 - 2018-06-02 22:24 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\axuds.exe
2018-06-02 22:25 - 2018-06-02 22:25 - 000011776 _____ () C:\Users\f\AppData\Local\Temp\kokcs.exe
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winuykygj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpftgg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\usqxo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winfabgk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wqfm.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windgwcl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\asrbns.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nmylf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winwpfqjl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\skaf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windvrvb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winrpnxn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winiqjlx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hnrkr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winagrxg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winjutoti.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winawhanv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ywoyx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nuvgiy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpwawj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nkgfcw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winufgst.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\omsatf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winrlake.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\uocbg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\is-OENT3.tmp\stat\InstStat.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\eofepe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winjjucvi.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingqvfq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\~nsu.tmp\Au_.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ovi-uninstall.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvqxwf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winiiaq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winumujk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\erhh.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winlkhur.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winknxn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mirfp.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\okrfo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvatkf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ccuml.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winqlcks.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\xqxli.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winilvial.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvtrms.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winoqakn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\dmcxf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winlcfr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmttslr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nrnfwo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wintfyw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\cume.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\otrq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingyjl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hmuffn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpfqolt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windfqedy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\jyfg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mnvmhk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\emvsv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winsvdisv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pjem.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wyqjkb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mrkglt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mgci.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\blrpx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\sfmxy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\quycd.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pbovl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\rtyaot.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windwiwk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ofsthb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winnpnf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winbixwkx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\fqtt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\jclqep.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\twgxpx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmxqakv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\lvvc.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ngex.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\uwtpsv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winxjjsb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hdjkou.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windynfln.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winhpoex.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvqcv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\eibo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmldhe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingmxbqe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pnsj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingbph.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winbpret.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\fgsrys.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winubqpw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\klhj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\kokcs.exe] => Enabled:ipsec
Path: file:_C:\Users\f\AppData\Local\Temp\noayet.exe
2018-02-05 22:10 - 2018-02-05 22:10 - 050063360 _____ () C:\Program Files (x86)\GUT3678.tmp
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\is-OENT3.tmp\stat\InstStat.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\~nsu.tmp\Au_.exe] => Enabled:ipsec
C:\Users\f\AppData\Local\Temp\~nsu.tmp
C:\Users\f\AppData\Local\Temp\is-OENT3.tmp
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

 

Remove the following program:

 

AlphaGo
 

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 SeekDNStroy

SeekDNStroy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 03 June 2018 - 06:11 PM

Ok i opened up FRST  with Administrator  and clicked on fix and when it finshed it restarted my windows, i don't see the virus but iam sure it will comeback

here's fixlog.txt

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by f (04-06-2018 00:47:46) Run:2
Running from C:\Users\f\Desktop
Loaded Profiles: f (Available Profiles: f & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S3 DrvAgent64; \??\C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [X]
S1 kfjhhpvg; \??\C:\WINDOWS\system32\drivers\kfjhhpvg.sys [X]
S1 koucjxla; \??\C:\WINDOWS\system32\drivers\koucjxla.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
FF ProfilePath: C:\Users\f\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\4llp1768.default\Profiles\4llp1768.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\f\AppData\Roaming\Firefox\Firefox\Profiles\4llp1768.default [2017-10-16] <==== ATTENTION
HKU\S-1-5-21-378519289-2413007832-1559701836-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Footjane\Application\chrome.exe <==== ATTENTION
Task: {7906A941-0016-4A33-B763-4453ED09D66E} - System32\Tasks\curls => C:\Users\f\AppData\Roaming\curl\curl.exe <==== ATTENTION
Task: {A59BA09F-45B7-41E7-A143-B9C958AB4EBF} - System32\Tasks\wutphost => C:\Users\f\AppData\Local\wutphost\wutphost.exe <==== ATTENTION
Task: {C9999A87-395B-4B8B-9DD4-4366B247411B} - System32\Tasks\curl => C:\Users\f\AppData\Roaming\curl\curl_7_54.exe <==== ATTENTION
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [No File]
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
C:\Users\f\AppData\Local\Temp\klhj.exe
C:\Users\f\AppData\Local\Temp\axuds.exe
C:\Users\f\AppData\Local\Temp\kokcs.exe
ShortcutTarget: MEGAsync.lnk -> C:\Users\f\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
2018-05-30 07:57 - 2018-06-02 15:01 - 000000000 _____ () C:\Users\f\AppData\Local\Temp\05989ba9835688c880afaaa90a04c180.dll
2018-06-02 22:24 - 2018-06-02 22:24 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\axuds.exe
2018-05-30 07:58 - 2018-06-02 13:48 - 000000088 _____ () C:\Users\f\AppData\Local\Temp\fe151dab0d30158ffd83abec5ee7b7ef.dll
2018-06-02 21:59 - 2018-06-02 21:59 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\klhj.exe
2018-06-02 22:25 - 2018-06-02 22:25 - 000011776 _____ () C:\Users\f\AppData\Local\Temp\kokcs.exe
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
Task: {A59BA09F-45B7-41E7-A143-B9C958AB4EBF} - System32\Tasks\wutphost => C:\Users\f\AppData\Local\wutphost\wutphost.exe <==== ATTENTION
2017-06-07 22:09 - 2017-06-07 22:09 - 000598528 _____ () C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll
2018-06-02 21:59 - 2018-06-02 21:59 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\klhj.exe
2018-06-02 22:24 - 2018-06-02 22:24 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\axuds.exe
2018-06-02 22:25 - 2018-06-02 22:25 - 000011776 _____ () C:\Users\f\AppData\Local\Temp\kokcs.exe
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\WhatsApp\WhatsApp.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Discord\app-0.0.301\Discord.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winuykygj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpftgg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\usqxo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winfabgk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wqfm.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windgwcl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\asrbns.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nmylf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winwpfqjl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\skaf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windvrvb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winrpnxn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winiqjlx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hnrkr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winagrxg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winjutoti.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winawhanv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ywoyx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nuvgiy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpwawj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nkgfcw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winufgst.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\omsatf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winrlake.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\uocbg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\is-OENT3.tmp\stat\InstStat.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\eofepe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winjjucvi.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingqvfq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\~nsu.tmp\Au_.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\New Technology Studio\Apps\OpenIV\uninstall.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ovi-uninstall.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvqxwf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winiiaq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winumujk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\erhh.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winlkhur.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winknxn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mirfp.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\okrfo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvatkf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ccuml.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winqlcks.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\xqxli.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winilvial.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvtrms.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winoqakn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\dmcxf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winlcfr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmttslr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nrnfwo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wintfyw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\cume.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\otrq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingyjl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hmuffn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpfqolt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windfqedy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\jyfg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mnvmhk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\emvsv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winsvdisv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pjem.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wyqjkb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mrkglt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mgci.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\blrpx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\sfmxy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\quycd.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pbovl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\rtyaot.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windwiwk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ofsthb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winnpnf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winbixwkx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\fqtt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\jclqep.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\twgxpx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmxqakv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\lvvc.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ngex.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\uwtpsv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winxjjsb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hdjkou.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windynfln.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winhpoex.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvqcv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\eibo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmldhe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingmxbqe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pnsj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingbph.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winbpret.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\fgsrys.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winubqpw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\klhj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\kokcs.exe] => Enabled:ipsec
C:\Users\f\AppData\Local\Temp\noayet.exe
C:\Users\f\AppData\Local\Temp\klhj.exe
C:\Users\f\AppData\Local\Temp\axuds.exe
C:\Users\f\AppData\Local\Temp\kokcs.exe
2018-05-30 07:57 - 2018-06-02 15:01 - 000000000 _____ () C:\Users\f\AppData\Local\Temp\05989ba9835688c880afaaa90a04c180.dll
2018-06-02 22:24 - 2018-06-02 22:24 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\axuds.exe
2018-05-30 07:58 - 2018-06-02 13:48 - 000000088 _____ () C:\Users\f\AppData\Local\Temp\fe151dab0d30158ffd83abec5ee7b7ef.dll
2018-06-02 21:59 - 2018-06-02 21:59 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\klhj.exe
2018-06-02 22:25 - 2018-06-02 22:25 - 000011776 _____ () C:\Users\f\AppData\Local\Temp\kokcs.exe
2018-06-02 21:59 - 2018-06-02 21:59 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\klhj.exe
2018-06-02 22:24 - 2018-06-02 22:24 - 000004096 _____ () C:\Users\f\AppData\Local\Temp\axuds.exe
2018-06-02 22:25 - 2018-06-02 22:25 - 000011776 _____ () C:\Users\f\AppData\Local\Temp\kokcs.exe
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winuykygj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpftgg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\usqxo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winfabgk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wqfm.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windgwcl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\asrbns.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nmylf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winwpfqjl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\skaf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windvrvb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winrpnxn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winiqjlx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hnrkr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winagrxg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winjutoti.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winawhanv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ywoyx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nuvgiy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpwawj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nkgfcw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winufgst.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\omsatf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winrlake.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\uocbg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\is-OENT3.tmp\stat\InstStat.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\eofepe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winjjucvi.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingqvfq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\~nsu.tmp\Au_.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ovi-uninstall.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvqxwf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winiiaq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winumujk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\erhh.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winlkhur.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winknxn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mirfp.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\okrfo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvatkf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ccuml.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winqlcks.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\xqxli.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winilvial.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvtrms.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winoqakn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\dmcxf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winlcfr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmttslr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\nrnfwo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wintfyw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\cume.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\otrq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingyjl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hmuffn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winpfqolt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windfqedy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\jyfg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mnvmhk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\emvsv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winsvdisv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pjem.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wyqjkb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mrkglt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\mgci.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\blrpx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\sfmxy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\quycd.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pbovl.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\rtyaot.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windwiwk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ofsthb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winnpnf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winbixwkx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\fqtt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\jclqep.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\twgxpx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmxqakv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\lvvc.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\ngex.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\uwtpsv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winxjjsb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\hdjkou.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\windynfln.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winhpoex.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winvqcv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\eibo.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winmldhe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingmxbqe.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\pnsj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\wingbph.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winbpret.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\fgsrys.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\winubqpw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\klhj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\kokcs.exe] => Enabled:ipsec
Path: file:_C:\Users\f\AppData\Local\Temp\noayet.exe
2018-02-05 22:10 - 2018-02-05 22:10 - 050063360 _____ () C:\Program Files (x86)\GUT3678.tmp
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\is-OENT3.tmp\stat\InstStat.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\f\AppData\Local\Temp\~nsu.tmp\Au_.exe] => Enabled:ipsec
C:\Users\f\AppData\Local\Temp\~nsu.tmp
C:\Users\f\AppData\Local\Temp\is-OENT3.tmp
EMPTYTEMP:
Reboot:
 
*****************
 
"HKLM\System\CurrentControlSet\Services\HuaweiHiSuiteService64.exe" => removed successfully
HuaweiHiSuiteService64.exe => service removed successfully
"HKLM\System\CurrentControlSet\Services\DrvAgent64" => removed successfully
DrvAgent64 => service removed successfully
"HKLM\System\CurrentControlSet\Services\kfjhhpvg" => removed successfully
kfjhhpvg => service removed successfully
"HKLM\System\CurrentControlSet\Services\koucjxla" => removed successfully
koucjxla => service removed successfully
"HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible" => removed successfully
nvvad_WaveExtensible => service removed successfully
C:\Users\f\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\4llp1768.default\Profiles\4llp1768.default => path removed successfully
C:\Users\f\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\4llp1768.default\Profiles\4llp1768.default => path removed successfully
C:\Users\f\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\4llp1768.default\Profiles\4llp1768.default => path removed successfully
C:\Users\f\AppData\Roaming\Firefox\Firefox\Profiles\4llp1768.default => moved successfully
"HKU\S-1-5-21-378519289-2413007832-1559701836-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7906A941-0016-4A33-B763-4453ED09D66E} => not found
"C:\WINDOWS\System32\Tasks\curls" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\curls => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A59BA09F-45B7-41E7-A143-B9C958AB4EBF} => not found
"C:\WINDOWS\System32\Tasks\wutphost" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wutphost => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9999A87-395B-4B8B-9DD4-4366B247411B} => not found
"C:\WINDOWS\System32\Tasks\curl" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\curl => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => removed successfully
"HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\wlpg" => removed successfully
HKLM\Software\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => removed successfully
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"C:\Users\f\AppData\Local\Temp\klhj.exe" => not found
"C:\Users\f\AppData\Local\Temp\axuds.exe" => not found
"C:\Users\f\AppData\Local\Temp\kokcs.exe" => not found
C:\Users\f\AppData\Local\MEGAsync\MEGAsync.exe => moved successfully
C:\Users\f\AppData\Local\Temp\05989ba9835688c880afaaa90a04c180.dll => moved successfully
"C:\Users\f\AppData\Local\Temp\axuds.exe" => not found
C:\Users\f\AppData\Local\Temp\fe151dab0d30158ffd83abec5ee7b7ef.dll => moved successfully
"C:\Users\f\AppData\Local\Temp\klhj.exe" => not found
"C:\Users\f\AppData\Local\Temp\kokcs.exe" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
"HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
"HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
"HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
"HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}" => removed successfully
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A59BA09F-45B7-41E7-A143-B9C958AB4EBF} => not found
"C:\WINDOWS\System32\Tasks\wutphost" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wutphost => not found
C:\Users\f\AppData\Local\MEGAsync\ShellExtX64.dll => moved successfully
"C:\Users\f\AppData\Local\Temp\klhj.exe" => not found
"C:\Users\f\AppData\Local\Temp\axuds.exe" => not found
"C:\Users\f\AppData\Local\Temp\kokcs.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\WhatsApp\WhatsApp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Discord\app-0.0.301\Discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winuykygj.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winpftgg.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\usqxo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winfabgk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wqfm.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windgwcl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\asrbns.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\nmylf.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winwpfqjl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\skaf.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windvrvb.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winrpnxn.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winiqjlx.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\hnrkr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winagrxg.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winjutoti.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winawhanv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ywoyx.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\nuvgiy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winpwawj.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\nkgfcw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winufgst.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\omsatf.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winrlake.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\uocbg.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\is-OENT3.tmp\stat\InstStat.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\eofepe.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winjjucvi.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wingqvfq.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\~nsu.tmp\Au_.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\New Technology Studio\Apps\OpenIV\uninstall.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ovi-uninstall.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winvqxwf.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winiiaq.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winumujk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\erhh.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winlkhur.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winknxn.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\mirfp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\okrfo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winvatkf.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ccuml.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winqlcks.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\xqxli.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winilvial.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winvtrms.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winoqakn.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\dmcxf.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winlcfr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winmttslr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\nrnfwo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wintfyw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\cume.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\otrq.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wingyjl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\hmuffn.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winpfqolt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windfqedy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\jyfg.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\mnvmhk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\emvsv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winsvdisv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\pjem.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wyqjkb.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\mrkglt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\mgci.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\blrpx.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\sfmxy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\quycd.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\pbovl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\rtyaot.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windwiwk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ofsthb.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winnpnf.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winbixwkx.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\fqtt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\jclqep.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\twgxpx.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winmxqakv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\lvvc.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ngex.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\uwtpsv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winxjjsb.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\hdjkou.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windynfln.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winhpoex.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winvqcv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\eibo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winmldhe.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wingmxbqe.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\pnsj.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wingbph.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winbpret.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\fgsrys.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winubqpw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\klhj.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\kokcs.exe" => removed successfully
"C:\Users\f\AppData\Local\Temp\noayet.exe" => not found
"C:\Users\f\AppData\Local\Temp\klhj.exe" => not found
"C:\Users\f\AppData\Local\Temp\axuds.exe" => not found
"C:\Users\f\AppData\Local\Temp\kokcs.exe" => not found
"C:\Users\f\AppData\Local\Temp\05989ba9835688c880afaaa90a04c180.dll" => not found
"C:\Users\f\AppData\Local\Temp\axuds.exe" => not found
"C:\Users\f\AppData\Local\Temp\fe151dab0d30158ffd83abec5ee7b7ef.dll" => not found
"C:\Users\f\AppData\Local\Temp\klhj.exe" => not found
"C:\Users\f\AppData\Local\Temp\kokcs.exe" => not found
"C:\Users\f\AppData\Local\Temp\klhj.exe" => not found
"C:\Users\f\AppData\Local\Temp\axuds.exe" => not found
"C:\Users\f\AppData\Local\Temp\kokcs.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winuykygj.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winpftgg.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\usqxo.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winfabgk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wqfm.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windgwcl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\asrbns.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\nmylf.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winwpfqjl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\skaf.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windvrvb.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winrpnxn.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winiqjlx.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\hnrkr.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winagrxg.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winjutoti.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winawhanv.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ywoyx.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\nuvgiy.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winpwawj.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\nkgfcw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winufgst.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\omsatf.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winrlake.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\uocbg.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\is-OENT3.tmp\stat\InstStat.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\eofepe.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winjjucvi.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wingqvfq.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\~nsu.tmp\Au_.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ovi-uninstall.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winvqxwf.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winiiaq.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winumujk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\erhh.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winlkhur.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winknxn.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\mirfp.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\okrfo.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winvatkf.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ccuml.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winqlcks.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\xqxli.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winilvial.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winvtrms.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winoqakn.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\dmcxf.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winlcfr.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winmttslr.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\nrnfwo.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wintfyw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\cume.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\otrq.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wingyjl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\hmuffn.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winpfqolt.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windfqedy.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\jyfg.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\mnvmhk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\emvsv.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winsvdisv.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\pjem.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wyqjkb.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\mrkglt.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\mgci.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\blrpx.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\sfmxy.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\quycd.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\pbovl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\rtyaot.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windwiwk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ofsthb.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winnpnf.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winbixwkx.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\fqtt.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\jclqep.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\twgxpx.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winmxqakv.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\lvvc.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\ngex.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\uwtpsv.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winxjjsb.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\hdjkou.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\windynfln.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winhpoex.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winvqcv.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\eibo.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winmldhe.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wingmxbqe.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\pnsj.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\wingbph.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winbpret.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\fgsrys.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\winubqpw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\klhj.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\kokcs.exe" => not found
Path: file:_C:\Users\f\AppData\Local\Temp\noayet.exe => Error: No automatic fix found for this entry.
C:\Program Files (x86)\GUT3678.tmp => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\is-OENT3.tmp\stat\InstStat.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\f\AppData\Local\Temp\~nsu.tmp\Au_.exe" => not found
"C:\Users\f\AppData\Local\Temp\~nsu.tmp" => not found
"C:\Users\f\AppData\Local\Temp\is-OENT3.tmp" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29694515 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 728 B
Edge => 0 B
Chrome => 249992901 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2462 B
NetworkService => 0 B
f => 146467791 B
DefaultAppPool => 0 B
 
RecycleBin => 129440220 B
EmptyTemp: => 537.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:48:31 ====

i also downloaded adwcleaner and scanned and it restarted my computer and here's the log 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-06-01.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-04-2018
# Duration: 00:00:03
# OS:       Windows 10 Home
# Cleaned:  45
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\f\AppData\Local\ANSARE
Deleted       C:\Program Files\MK
Deleted       C:\Program Files (x86)\MK
Deleted       C:\Program Files (x86)\Default Company Name
Deleted       C:\Users\f\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\f\AppData\Roaming\imminent
Deleted       C:\Users\Public\Documents\Guid
Deleted       C:\Users\f\AppData\Roaming\Firefox
Deleted       C:\ProgramData\Mail.Ru
Deleted       C:\Users\f\AppData\Local\Mail.Ru
 
***** [ Files ] *****
 
Deleted       C:\Windows\System32\log\iSafeKrnlCall.log
Deleted       C:\Users\Public\Documents\temp.dat
Deleted       C:\Users\Public\Documents\report.dat
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted       C:\Windows\System32\Tasks\Driver Booster Scheduler
 
***** [ Registry ] *****
 
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\snare
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\glory
Deleted       HKLM\Software\vSnapshotEncodeTools
Deleted       HKCU\SOFTWARE\60A0DA7FC1AE6DB6864DD566E1B045A1
Deleted       HKLM\Software\Wow6432Node\60A0DA7FC1AE6DB6864DD566E1B045A1
Deleted       HKLM\SOFTWARE\60A0DA7FC1AE6DB6864DD566E1B045A1
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E275E98E-ECF1-4FC5-866C-1D4A78CD1EAE}|NameServer - "46.101.28.31"
Deleted       HKCU\Software\drpsu
Deleted       HKCU\Software\csastats
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{51639FCA-678F-4D71-8044-E16E3D49187F}
Deleted       HKLM\Software\Wow6432Node\msServer
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKCU\Software\APN PIP
Deleted       HKCU\Software\Microsoft\Gosearch
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Deleted       HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F7F90223-162B-4077-8681-4A77DB468AA3}|DhcpNameServer - "95.211.101.198"
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F7F90223-162B-4077-8681-4A77DB468AA3}|DhcpNameServer - "95.211.101.197"
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAC4636A-DD0B-45C5-B808-AC830175F875}|DhcpNameServer - "95.211.101.202"
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAC4636A-DD0B-45C5-B808-AC830175F875}|DhcpNameServer - "95.211.101.200"
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D68FD47-F3CE-4B93-AA73-15B885E77126} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted       HKCU\Software\Mail.Ru
Deleted       HKLM\Software\Classes\IESearchPlugin.MailRuBHO
Deleted       HKLM\Software\Reimage
Deleted       HKLM\Software\Wow6432Node\ScreenShot
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Note : i Unistalled AlphaGo

 

for now the virus is gone but if it Appeared i'll tell you 



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:32 PM

Posted 03 June 2018 - 07:48 PM

Lets perform two more scans to be sure.

 

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg



  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 

 

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 SeekDNStroy

SeekDNStroy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 03 June 2018 - 09:24 PM

Ok i'll do that i'll tell you if anything happens



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:32 PM

Posted 04 June 2018 - 06:09 PM

Any progress?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:32 PM

Posted 07 June 2018 - 08:41 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:06:32 PM

Posted 26 July 2018 - 10:21 PM

This topic has been re-opened at the request of the person who originally posted.

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:32 PM

Posted 27 July 2018 - 11:57 AM

Any progress?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:32 PM

Posted 31 July 2018 - 06:49 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please open a new topic.


Edited by JSntgRvr, 31 July 2018 - 06:50 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users