Jump to content

HALOL17

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by HALOL17

  1. I did it! I tried ejecting it and plugging it and it has no drive.bat file. Is my computer and USB safe now?
  2. The software said that my USB is vaccinated. But it still has Drive.bat file. What to do now sir?
  3. The only problem visible in my PC before is that it gives drive.bat in my USBs even if i clean my USB over and over again. For now, it is normally working but I'm afraid to plug my USB because: 1) my PC may infect my USBs or 2) my USBs may infect my PC. Other than that, there is no visible change in my PC. The system is normally functioning as usual. Do you think I could plug my USB now? Thank you so much Sir!
  4. Sorry Sir Valinorum for the late reply: Fix result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02 Ran by matrix reborn (25-09-2017 21:07:02) Run:2 Running from C:\Users\matrix reborn\Desktop Loaded Profiles: matrix reborn (Available Profiles: matrix reborn) Boot Mode: Safe Mode (minimal) ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: EmptyTemp: Task: {02DAE0A8-1F99-4094-A463-33FDCE99F4ED} - System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {08D46366-7F49-4AC0-AB74-F8291AAE1039} - System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => C:\Windows\system32\pcalua.exe -a "D:\TORRENT\Bluestacks Offline Installer [Latest]\NetFx20SP2_x86.exe" -d "D:\TORRENT\Bluestacks Offline Installer [Latest]" Task: {415E96C6-EDF8-49CB-80D0-6838D74B6EA9} - System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} - System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files\Google\Chrome\Application\chrome.exe Task: {AFE1A19F-60D8-43EC-B10E-0E1FFF827832} - \Internet Update -> No File <==== ATTENTION HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [Browser Extensions] => C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] () File: C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\MountPoints2: {e056e920-42e7-11e4-84db-806e6f6e6963} - E:\ASRSetup.exe AppInit_DLLs: C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File File: C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11] ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation) Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11] ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION S3 TSSK; C:\Windows\System32\tssk.sys [74040 2016-02-25] (电脑管家) 2017-09-03 14:18 - 2017-09-03 15:46 - 000000000 ____D C:\Program Files\Shortcut Virus Remover File: C:\Users\matrix reborn\Desktop\winlogon.exe.exe 2017-08-21 18:33 - 2017-09-11 19:17 - 000000000 ___HD C:\Users\matrix reborn\AppData\Roaming\cyelvmh 2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 __SHD C:\found.000 C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat CMD: bitsadmin /reset /allusers End ***************** Error: Restore point can only be created in normal mode. Processes closed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key removed successfully. C:\Windows\System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key removed successfully. C:\Windows\System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key removed successfully. C:\Windows\System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key removed successfully. C:\Windows\System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key removed successfully. C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestart_chrome.exe => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Update => key not found. HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Extensions => value not found. ========================= File: C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe ======================== "C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe" => not found. ====== End of File: ====== "C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe" => not found. HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e056e920-42e7-11e4-84db-806e6f6e6963} => key removed successfully. HKLM\Software\Classes\CLSID\{e056e920-42e7-11e4-84db-806e6f6e6963} => key not found. "C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll" => Value data removed successfully.. ========================= File: C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe ======================== File is digitally signed MD5: 979D74799EA6C8B8167869A68DF5204A Creation and modification date: 2017-09-11 19:17 - 2013-10-11 17:15 Size: 000141824 Attributes: ----A Company Name: Microsoft Corporation Internal Name: wscript.exe Original Name: wscript.exe Product: Microsoft ® Windows Script Host Description: Microsoft ® Windows Based Script Host File Version: 5.8.7601.18283 Product Version: 5.8.7601.18283 Copyright: © Microsoft Corporation. All rights reserved. VirusTotal: 0 ====== End of File: ====== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk => not found. C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe => moved successfully C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk => not found. C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe => not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Policies\Google => key removed successfully. HKLM\System\CurrentControlSet\Services\TSSK => key removed successfully. TSSK => service removed successfully. C:\Program Files\Shortcut Virus Remover => moved successfully ========================= File: C:\Users\matrix reborn\Desktop\winlogon.exe.exe ======================== File is digitally signed MD5: 07B52D258F94D12BE40E25AEFEBF3444 Creation and modification date: 2017-09-02 09:15 - 2017-09-02 09:19 Size: 066347240 Attributes: ----A Company Name: Malwarebytes Internal Name: Original Name: Product: Malwarebytes Description: Malwarebytes File Version: 3.2.2.2018 Product Version: 3.2.2.2018 Copyright: © 2016 Malwarebytes. All Rights Reserved. VirusTotal: 0 ====== End of File: ====== C:\Users\matrix reborn\AppData\Roaming\cyelvmh => moved successfully C:\found.000 => moved successfully C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to connect to BITS - 0x8007042c The dependency service or group failed to start. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49249333 B Java, Flash, Steam htmlcache => 67988 B Windows/system/drivers => 216306228 B Edge => 0 B Chrome => 380658409 B Firefox => 237698676 B Opera => 1274120 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 30330155 B LocalService => 66356 B NetworkService => 1609096 B matrix reborn => 176429820 B RecycleBin => 11468385611 B EmptyTemp: => 11.7 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 21:11:16 ====
  5. When i open the FRST, it showed that a fixlog was created: Fix result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02 Ran by matrix reborn (14-09-2017 17:43:03) Run:1 Running from C:\Users\matrix reborn\Desktop Loaded Profiles: matrix reborn (Available Profiles: matrix reborn) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: EmptyTemp: Task: {02DAE0A8-1F99-4094-A463-33FDCE99F4ED} - System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {08D46366-7F49-4AC0-AB74-F8291AAE1039} - System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => C:\Windows\system32\pcalua.exe -a "D:\TORRENT\Bluestacks Offline Installer [Latest]\NetFx20SP2_x86.exe" -d "D:\TORRENT\Bluestacks Offline Installer [Latest]" Task: {415E96C6-EDF8-49CB-80D0-6838D74B6EA9} - System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} - System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files\Google\Chrome\Application\chrome.exe Task: {AFE1A19F-60D8-43EC-B10E-0E1FFF827832} - \Internet Update -> No File <==== ATTENTION HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [Browser Extensions] => C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] () File: C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\MountPoints2: {e056e920-42e7-11e4-84db-806e6f6e6963} - E:\ASRSetup.exe AppInit_DLLs: C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File File: C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11] ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation) Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11] ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION S3 TSSK; C:\Windows\System32\tssk.sys [74040 2016-02-25] (电脑管家) 2017-09-03 14:18 - 2017-09-03 15:46 - 000000000 ____D C:\Program Files\Shortcut Virus Remover File: C:\Users\matrix reborn\Desktop\winlogon.exe.exe 2017-08-21 18:33 - 2017-09-11 19:17 - 000000000 ___HD C:\Users\matrix reborn\AppData\Roaming\cyelvmh 2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 __SHD C:\found.000 C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat CMD: bitsadmin /reset /allusers End ***************** Restore point was successfully created. Processes closed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied. C:\Windows\System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key could not remove. Access Denied. C:\Windows\System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key could not remove. Access Denied. C:\Windows\System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key could not remove. Access Denied. C:\Windows\System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key could not remove. Access Denied. C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestart_chrome.exe => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Update => key could not remove. Access Denied. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-09-2017 19:45:49) ==> ATTENTION: System is not rebooted. Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestart_chrome.exe => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Update => key could not remove. Access Denied. ==== End of Fixlog 19:45:51 ====
  6. I tried running it yesterday and last Thursday and this was the virus showed, both in quarantine:
  7. Thanks Valinorum! I did what you said and the log named Fixlog contains these: Fix result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02 Ran by matrix reborn (14-09-2017 17:43:03) Run:1 Running from C:\Users\matrix reborn\Desktop Loaded Profiles: matrix reborn (Available Profiles: matrix reborn) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: EmptyTemp: Task: {02DAE0A8-1F99-4094-A463-33FDCE99F4ED} - System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {08D46366-7F49-4AC0-AB74-F8291AAE1039} - System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => C:\Windows\system32\pcalua.exe -a "D:\TORRENT\Bluestacks Offline Installer [Latest]\NetFx20SP2_x86.exe" -d "D:\TORRENT\Bluestacks Offline Installer [Latest]" Task: {415E96C6-EDF8-49CB-80D0-6838D74B6EA9} - System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} - System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files\Google\Chrome\Application\chrome.exe Task: {AFE1A19F-60D8-43EC-B10E-0E1FFF827832} - \Internet Update -> No File <==== ATTENTION HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [Browser Extensions] => C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] () File: C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\MountPoints2: {e056e920-42e7-11e4-84db-806e6f6e6963} - E:\ASRSetup.exe AppInit_DLLs: C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File File: C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11] ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation) Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11] ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION S3 TSSK; C:\Windows\System32\tssk.sys [74040 2016-02-25] (电脑管家) 2017-09-03 14:18 - 2017-09-03 15:46 - 000000000 ____D C:\Program Files\Shortcut Virus Remover File: C:\Users\matrix reborn\Desktop\winlogon.exe.exe 2017-08-21 18:33 - 2017-09-11 19:17 - 000000000 ___HD C:\Users\matrix reborn\AppData\Roaming\cyelvmh 2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 __SHD C:\found.000 C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat CMD: bitsadmin /reset /allusers End ***************** Restore point was successfully created. Processes closed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied. C:\Windows\System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key could not remove. Access Denied. C:\Windows\System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key could not remove. Access Denied. C:\Windows\System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key could not remove. Access Denied. C:\Windows\System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key could not remove. Access Denied. C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestart_chrome.exe => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Update => key could not remove. Access Denied.
  8. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-08-2017 01 Ran by matrix reborn (11-09-2017 19:29:51) Running from C:\Users\matrix reborn\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-09-23 07:22:06) Boot Mode: Safe Mode (minimal) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2398139705-1666454652-2960514220-500 - Administrator - Disabled) Guest (S-1-5-21-2398139705-1666454652-2960514220-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2398139705-1666454652-2960514220-1003 - Limited - Enabled) matrix reborn (S-1-5-21-2398139705-1666454652-2960514220-1000 - Administrator - Enabled) => C:\Users\matrix reborn ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.02 (HKLM\...\{23170F69-40C1-2701-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov) 7-Zip 9.10 beta (HKLM\...\7-Zip) (Version: - ) Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated) Adobe Flash Player 26 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{44537D5C-4CB8-CFCD-2D95-9205FF380CCC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) ASRock 3TB+ Unlocker v1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version: - ASRock Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) BitLord 2.5 (HKLM\...\BitLord) (Version: 2.4.5-316 - House of Life) Brother MFL-Pro Suite DCP-T300 (HKLM\...\{BA07A125-6AC7-4293-89D6-391676FFD041}) (Version: 1.0.2.0 - Brother Industries, Ltd.) Browser Extensions (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.9.9.5 - Spigot, Inc.) <==== ATTENTION calibre (HKLM\...\{B76A3B8A-CD1E-4260-BA4A-6A6EAA05715D}) (Version: 2.82.0 - Kovid Goyal) Comical 0.8 (HKLM\...\Comical_is1) (Version: - James Athey) EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version: - EaseUS) Firefox Packages (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Firefox Packages) (Version: - ) <==== ATTENTION GeoGebra 5 (HKLM\...\GeoGebra 5) (Version: 5.0.255.0 - International GeoGebra Institute) Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment) Hearthstone Deck Tracker (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\HearthstoneDeckTracker) (Version: 1.4.1 - HearthSim) HydraVision (HKLM\...\{6A888ADA-BD9F-9B95-B692-21B2E53A0F29}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden K-Lite Codec Pack 10.0.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.5 - ) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) MAMEUIFX32 (HKLM\...\MAMEUIFX32) (Version: 0.145 - Mamesick) Metric Collection SDK 35 (HKLM\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden Razer Cortex (HKLM\...\Razer Cortex_is1) (Version: 6.1.10.0 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.) SafeZone Stable 1.48.2066.101 (HKLM\...\SafeZone 1.48.2066.101) (Version: 1.48.2066.101 - Avast Software) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.) SHAREit (HKLM\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo) SHAREit (HKLM\...\www.ushareit.com_is1) (Version: 4.0.4.152 - SHAREit Technologies Co.Ltd) Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) Unity Web Player (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS) USB Disk Security (HKLM\...\USB Disk Security_is1) (Version: - Zbshareware Lab) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation) WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) XFast LAN v9.05 (HKLM\...\XFast LAN) (Version: 9.05 - cFos Software GmbH, Bonn) YTD Video Downloader 5.8.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.3 - GreenTree Applications SRL) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuthLib.dll () CustomCLSID: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\matrix reborn\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-15] (AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-15] (AVAST Software) ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files\Lenovo\SHAREit\ShellEx\ShellExt32.dll -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} => -> No File ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-15] (AVAST Software) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files\Lenovo\SHAREit\ShellEx\ShellExt32.dll -> No File ContextMenuHandlers4: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} => -> No File ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-11-01] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-15] (AVAST Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {025E2E0F-394F-4CE1-B2CA-C8BCA6B0B1DE} - System32\Tasks\{1FFEC184-881C-4FA3-A411-CFD0A7F32027} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [2017-08-21] (Malwarebytes) Task: {02DAE0A8-1F99-4094-A463-33FDCE99F4ED} - System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {08D46366-7F49-4AC0-AB74-F8291AAE1039} - System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => C:\Windows\system32\pcalua.exe -a "D:\TORRENT\Bluestacks Offline Installer [Latest]\NetFx20SP2_x86.exe" -d "D:\TORRENT\Bluestacks Offline Installer [Latest]" Task: {0A1F6931-6585-4FF1-9CA8-ADCA541F3392} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-10] (Microsoft Corporation) Task: {0B532717-43F8-4EE1-BFCC-322F661BD795} - System32\Tasks\{66E0D1B6-F987-45B8-B6DE-3ABA9709272B} => C:\Windows\system32\pcalua.exe -a "C:\Users\matrix reborn\Downloads\Detective_Conan_Icon_Pack_01.exe" -d "C:\Users\matrix reborn\Downloads" Task: {182CF878-B076-4F19-BD8E-D965AB5A4E76} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software) Task: {198AB23A-8541-4BB8-9349-EA75BAECA88A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation) Task: {415E96C6-EDF8-49CB-80D0-6838D74B6EA9} - System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} - System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar) Task: {5F7E2671-B635-41BA-92B6-201DAB0361C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation) Task: {68D588D2-3B38-465F-B822-8C07D9E5DAA4} - System32\Tasks\{C0A1A171-69F5-4337-9487-0F95471A52E0} => C:\Program Files\BitLord\BitLord.exe [2017-02-10] (House of Life) Task: {792DB78C-AD4D-4BBB-97E7-490B1A97CEE6} - System32\Tasks\{D7DC832B-F62F-4D4E-89E5-9F196F7277DE} => C:\Program Files\BitLord\BitLord.exe [2017-02-10] (House of Life) Task: {7F4CE1BA-E309-4B30-A078-5BA0B22E6100} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated) Task: {7F577CE7-A2AE-4190-BD1F-C6075F49EDE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.) Task: {902CD296-6705-4CE7-8B39-5B142C3B28BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.) Task: {90EB5205-9752-413F-8489-500385EB08DA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated) Task: {991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files\Google\Chrome\Application\chrome.exe Task: {AFE1A19F-60D8-43EC-B10E-0E1FFF827832} - \Internet Update -> No File <==== ATTENTION Task: {B555B76D-EB4C-4413-ACF5-2D4C60D7F5F9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe Task: {BFD6FE00-CCFF-414D-A40C-6878C4E24389} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-15] (AVAST Software) Task: {D6881F1C-9D15-4556-AF1C-0AF251E9A3E4} - System32\Tasks\{996FBF27-F55D-401E-B347-EB0F052888F4} => C:\Program Files\BitLord\BitLord.exe [2017-02-10] (House of Life) Task: {E6C8C6E2-4371-4087-884F-BC52839294EA} - System32\Tasks\SafeZone scheduled Autoupdate 1466046912 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {E92B6024-335A-40C0-ADD1-6C22CA6E8B14} - System32\Tasks\{598D76F4-12DC-4D85-B693-E051E5B47DB3} => C:\Windows\system32\pcalua.exe -a "F:\FILES\INSTALLERS\NET 3.5 OFLINE INSTALLER\dotnetfx35.exe" -d "F:\FILES\INSTALLERS\NET 3.5 OFLINE INSTALLER" Task: {EC363DBE-E050-482F-9F5C-9B283397E5D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {F80A3052-974C-4E43-8742-062A3DBF9266} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-10] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-08-01 17:16 - 2016-08-01 17:16 - 000679624 _____ () C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2017-08-23 01:10 - 2017-09-10 19:49 - 008903232 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" e" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:04 - 2017-02-13 20:14 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^Users^matrix reborn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup MSCONFIG\startupreg: Browser Extensions => "C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe" MSCONFIG\startupreg: gpuminer => C:\Users\matrix reborn\AppData\Roaming\cpuminer\sgminer\sgminer.cmd MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun MSCONFIG\startupreg: USB Security => C:\Program Files\USB Disk Security\USBGuard.exe MSCONFIG\startupreg: uTorrent => "C:\Users\matrix reborn\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: XFast LAN => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{233DDACA-A58C-4F3E-A696-EE37B216CAA1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{8A850B5B-4830-40EB-9AC0-310CCF9853EC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{C5313B11-C0E6-418F-A6D5-8886D87AB8F2}D:\gamesz\left 4 dead 2\left4dead2.exe] => (Allow) D:\gamesz\left 4 dead 2\left4dead2.exe FirewallRules: [UDP Query User{3206512F-C319-412C-80A3-43CC7536F774}D:\gamesz\left 4 dead 2\left4dead2.exe] => (Allow) D:\gamesz\left 4 dead 2\left4dead2.exe FirewallRules: [TCP Query User{4440FA01-F0AA-4710-AED5-39950AA9947B}C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{B0B42EAA-3947-4C9D-B60F-86D74AC20E5A}C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{78957154-07CB-4DC2-B09C-4961975A262D}] => (Allow) C:\Program Files\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe FirewallRules: [{1EF5F4EA-39B2-4E95-A0F2-D196312D64A9}] => (Allow) C:\Program Files\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe FirewallRules: [{40108765-E6F5-4F7D-B66C-C281E4B42FEF}] => (Allow) C:\Program Files\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe FirewallRules: [{09869BB0-25B2-4FD6-916A-3BA8389858B2}] => (Allow) C:\Program Files\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe FirewallRules: [TCP Query User{A4551FEF-2B6B-4EDD-9D51-838A93F59892}C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{DF7CCD9E-7C75-4A06-8461-99605EE82C32}C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{620F6CE9-E5E2-41F1-BA46-A95F6E1DE569}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{B75A9347-D1B0-480E-BCB4-531BA8FA5E3E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{91603311-D0B5-4094-886B-E3213BD9E75D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{938DD7F7-0FA2-4F61-BE12-A71FA431BFA8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{A4CCFAD4-FDFB-4C27-940F-AA1133E85609}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{6A5A5957-D469-485B-9515-B0132420487C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{F848171F-5D22-43F9-9D9D-61AE9F7D172E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{0787B4A3-C5C0-480F-8F11-7C180988B5B5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{E322C4CA-4E9C-44DE-85BD-37090ACC426C}] => (Allow) %ProgramFiles%\Google\Chrome\Application\chrome.exe FirewallRules: [{651B5F56-1344-4579-B688-FFBDB388B1EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{E5D57EE3-B6ED-4077-9139-7281AED16B17}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{CA032DFF-D9AB-448D-8CB1-BDA25352B4F4}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{54A3AEFC-1115-4CA3-9336-424E09283B40}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [TCP Query User{48D806CF-7AD5-48DB-AD79-D6D992B29A0F}C:\users\matrix reborn\desktop\utorrent plus v3.4.2 build 33023 stable\utorrent.exe] => (Allow) C:\users\matrix reborn\desktop\utorrent plus v3.4.2 build 33023 stable\utorrent.exe FirewallRules: [UDP Query User{65C69DA1-5F98-4A7C-8A9A-FE45AEF24A99}C:\users\matrix reborn\desktop\utorrent plus v3.4.2 build 33023 stable\utorrent.exe] => (Allow) C:\users\matrix reborn\desktop\utorrent plus v3.4.2 build 33023 stable\utorrent.exe FirewallRules: [{6A16C393-EF4F-4084-A93B-2D79B0E1B14D}] => (Allow) C:\Users\matrix reborn\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{963F13DB-8A96-420D-939C-A7BEF072F344}] => (Allow) C:\Users\matrix reborn\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9ACFC474-17FF-4391-8E4F-D1CB0BC97087}] => (Allow) C:\Program Files\fdFFHBX\fdFFHBX\chrome.exe FirewallRules: [{705D4F07-E345-4D80-93B7-4B5FDD8D23D1}] => (Allow) C:\ProgramData\Chrome\Application\GoogleUpdateSetup.exe FirewallRules: [{F4427A5E-FEAC-43BE-9BD6-C438617C0F39}] => (Allow) C:\ProgramData\Google\update\GoogleUpdate.exe FirewallRules: [{4787BBE9-C9B2-424A-9F18-F2C4FE017287}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{9611078F-709A-4C02-B90A-212FA60570DC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{DAD3BD36-7528-44AA-A632-39040EC49669}] => (Allow) C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{2054AD48-E898-4B7E-91C1-1CD53DA5F58B}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{C5B4DDBF-934F-4230-9B11-9B85E46662E0}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{04F0B885-F1DB-4871-9BCA-CE980B756F3E}] => (Allow) LPort=1688 FirewallRules: [TCP Query User{25EB1E48-3D8A-4B3D-A2A7-E7CAF8C7404B}F:\hearthstone\hearthstone.exe] => (Allow) F:\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{A62A4FEB-69D0-4520-BCA4-59F3971F61E0}F:\hearthstone\hearthstone.exe] => (Allow) F:\hearthstone\hearthstone.exe FirewallRules: [{5EB03AB2-2EB1-45BE-84A7-219E9606D83E}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{1B413D9E-518C-4C50-99B6-79BD4FF08069}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{2F20B65B-58C6-4D63-9F22-A6D6E5415389}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{1665CBD1-8C50-46E2-A0AE-A985E7D2465E}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe FirewallRules: [TCP Query User{DD0DCD65-1D02-4C75-B220-4B377386E3B6}C:\program files\bitlord\bitlord.exe] => (Block) C:\program files\bitlord\bitlord.exe FirewallRules: [UDP Query User{F5B05340-8563-425F-A9B3-9AD86CF16807}C:\program files\bitlord\bitlord.exe] => (Block) C:\program files\bitlord\bitlord.exe FirewallRules: [TCP Query User{5B1CB0A2-0B35-405F-BC64-0B74BAB1BD07}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{DBF0D48C-F7D0-486F-A825-47FFC415D783}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{C8527AD2-BE5D-495A-B9A1-A271DD7B0D9C}C:\program files\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8142\battle.net.exe FirewallRules: [UDP Query User{57B78672-73B3-4EB6-A008-DF347894A2F8}C:\program files\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8142\battle.net.exe FirewallRules: [{425ACF0B-EFAF-4B88-9164-29EE4E5D8300}] => (Allow) C:\Windows\System32\muzapp.exe FirewallRules: [{9716FEEE-D673-40F5-91C0-17E03AEA773E}] => (Allow) C:\Windows\System32\muzapp.exe FirewallRules: [TCP Query User{E995851B-7C15-4180-8A78-B162E88AE933}C:\program files\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8180\battle.net.exe FirewallRules: [UDP Query User{BC2D28A6-F3B2-4E39-BC16-F698D3252911}C:\program files\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8180\battle.net.exe FirewallRules: [{7A2093F5-53ED-4E27-8629-A20CB7AAFF1A}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{6CB68009-A42A-4AF0-8ECD-83F945BF1C9A}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{2FC2BE1D-4314-43C8-ACE7-EDD4F9F3C0EE}] => (Allow) C:\Program Files\BitLord\BitLord.exe FirewallRules: [{F34AC6B9-BF91-46AB-A297-5EB4E6B73E74}] => (Allow) C:\Program Files\BitLord\BitLord.exe FirewallRules: [{27221BAA-614B-4815-8322-D9A38AA4AEBF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{D70CE897-8EC5-458E-9108-3EDDB965F3D1}] => (Allow) C:\Users\matrix reborn\Desktop\mbam-setup-FileHippo.19901-2.2.1.1043.exe FirewallRules: [{ADC4EF9C-AE77-4E7B-9026-A3903F8080F0}] => (Allow) C:\Users\matrix reborn\Desktop\mbam-setup-FileHippo.19901-2.2.1.1043.exe FirewallRules: [{4B991D40-A5AD-4DD6-9677-5FF27DA763B4}] => (Allow) C:\Users\matrix reborn\Desktop\mbam-setup-FileHippo.19901-2.2.1.1043.exe FirewallRules: [{DE798CB2-A39A-4B61-9CC9-FBC8BDD68A0D}] => (Allow) C:\Users\matrix reborn\Desktop\mbam-setup-FileHippo.19901-2.2.1.1043.exe FirewallRules: [{CBE26BFC-3528-4123-B4B4-A2415C65631D}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{3D62F600-0F82-4EB6-80B2-8B54605395B2}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{A86F1212-FA15-493E-8A9B-3878BDF52C6A}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{E9A21344-DB4A-4437-9BEA-F50956701735}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{590BAB68-B2D3-44F7-9B21-C79073DD610C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{89B0201E-BD03-465A-BF67-713A66997064}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{4D2369AA-D172-4987-A0B4-C7E256E54453}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe ==================== Restore Points ========================= 26-08-2017 16:52:28 WASD 27-08-2017 13:24:47 Windows Defender Checkpoint 01-09-2017 19:13:39 Windows Defender Checkpoint ==================== Faulty Device Manager Devices ============= Name: avast! VM Monitor Description: avast! VM Monitor Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: avast! Revert Description: avast! Revert Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/11/2017 07:30:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x594d4411 Exception code: 0xc0000005 Fault offset: 0x001a9fd6 Faulting process id: 0x308 Faulting application start time: 0x01d32b777b03d65f Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: c1abd286-976a-11e7-a600-b1a24033b809 Error: (09/11/2017 07:29:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x594d4411 Exception code: 0xc0000005 Fault offset: 0x001a9fd6 Faulting process id: 0x7e4 Faulting application start time: 0x01d32b775aef8af5 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: a464054e-976a-11e7-a600-b1a24033b809 Error: (09/11/2017 07:28:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/11/2017 07:17:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/11/2017 06:56:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/11/2017 05:56:44 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2017/09/11 05:56:44.689]: [00002828]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/11/2017 05:56:44 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2017/09/11 05:56:44.494]: [00002828]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/11/2017 05:56:44 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2017/09/11 05:56:44.379]: [00002828]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/11/2017 05:55:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/10/2017 07:04:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). System errors: ============= Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/11/2017 07:27:26 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (09/11/2017 07:27:26 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} ==================== Memory info =========================== Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics Percentage of memory in use: 38% Total physical RAM: 2500.86 MB Available physical RAM: 1527.45 MB Total Virtual: 5000.02 MB Available Virtual: 4083.94 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:67 GB) NTFS Drive d: () (Fixed) (Total:270.45 GB) (Free:28.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 935AFE7C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  9. Thanks Valinorum for replying! I did what you suggested and finished a while ago. This was the result of the scan: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-08-2017 01 Ran by matrix reborn (administrator) on MATRIXREBORN-PC (11-09-2017 19:28:01) Running from C:\Users\matrix reborn\Desktop Loaded Profiles: matrix reborn (Available Profiles: matrix reborn) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (minimal) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software) HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4514304 2014-08-26] (Brother Industries, Ltd.) HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.) HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD) HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [Browser Extensions] => C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] () HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\RunOnce: [Uninstall C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\17.3.4604.0120" HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\MountPoints2: {e056e920-42e7-11e4-84db-806e6f6e6963} - E:\ASRSetup.exe AppInit_DLLs: C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11] ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation) Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitLord.lnk [2016-11-04] ShortcutTarget: BitLord.lnk -> C:\Program Files\BitLord\BitLord.exe (House of Life) Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11] ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254 Tcpip\..\Interfaces\{6CCE46BF-10C5-4650-A884-94CBD96A5E12}: [DhcpNameServer] 192.168.254.254 192.168.254.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131488707757778894&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130864100478045633&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130864100478035632&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131488707759058967&GUID=00000000-0000-0000-0000-000000000000 SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-09-10] (Microsoft Corporation) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-15] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-09-10] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-10] (Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-10] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-10] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-10] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-10] (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: t63oiqr5.default FF ProfilePath: C:\Users\matrix reborn\AppData\Roaming\Mozilla\Firefox\Profiles\t63oiqr5.default [2017-07-17] FF NewTab: Mozilla\Firefox\Profiles\t63oiqr5.default -> about:newtab FF Homepage: Mozilla\Firefox\Profiles\t63oiqr5.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/yhp-ff hxxps://www.malwarebytes.org/restorebrowser/ FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t63oiqr5.default -> Google FF DefaultSearchEngine: Mozilla\Firefox\Profiles\t63oiqr5.default -> Google FF DefaultSearchUrl: Mozilla\Firefox\Profiles\t63oiqr5.default -> hxxps://www.google.com/search?bcutc=sp-006 FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\t63oiqr5.default -> Google FF Keyword.URL: Mozilla\Firefox\Profiles\t63oiqr5.default -> hxxps://www.google.com/search?bcutc=sp-006 FF Homepage: Mozilla\Firefox\Profiles\t63oiqr5.default -> hxxps://www.google.com/?bcutc=sp-006 FF Extension: (Ebay Shopping Assistant) - C:\Users\matrix reborn\AppData\Roaming\Mozilla\Firefox\Profiles\t63oiqr5.default\Extensions\{1b80ae74-4912-44fc-9f27-30f9252a5ad7} [2016-11-26] FF SearchPlugin: C:\Users\matrix reborn\AppData\Roaming\Mozilla\Firefox\Profiles\t63oiqr5.default\searchplugins\google-avast.xml [2017-07-17] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-15] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-15] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] () FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-10] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-10] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2398139705-1666454652-2960514220-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\matrix reborn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://ph.search.yahoo.com/?type=715483&fr=yo-yhp-ch CHR StartupUrls: Default -> "hxxp://google.com/" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default [2017-09-11] CHR Extension: (Adblock Plus) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13] CHR Extension: (Adobe Acrobat) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-15] CHR Extension: (AdBlock) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-12] CHR Extension: (Avast Online Security) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Chrome Media Router) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-15] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-09-23] CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url> CHR HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed] S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-15] (AVAST Software) S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [550240 2013-05-31] (cFos Software GmbH) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2840768 2017-08-28] (Microsoft Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes) S2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-14] () S2 RzKLService; C:\Program Files\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-21] (Razer Inc.) S3 ShareItSvc; C:\Program Files\Lenovo\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd) S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2016-09-23] (SHAREit Technologies Co.Ltd) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70464 2013-06-27] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34624 2013-06-27] (Advanced Micro Devices) S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50432 2013-09-19] (Advanced Micro Devices) R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [21000 2011-01-26] (ASRock Inc.) S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [67392 2017-01-03] (AVAST Software) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-15] (AVAST Software) S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-15] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-15] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-06-15] (AVAST Software) S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-15] (AVAST Software) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-15] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-15] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-06-15] (AVAST Software) S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software) S1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1284960 2013-05-31] (cFos Software GmbH) S3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-17] (Creative Technology Ltd.) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2016-11-24] () S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20288 2015-06-12] (Razer, Inc.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.) S3 TSSK; C:\Windows\System32\tssk.sys [74040 2016-02-25] (电脑管家) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-11 19:28 - 2017-09-11 19:29 - 000016970 _____ C:\Users\matrix reborn\Desktop\FRST.txt 2017-09-11 19:27 - 2017-09-11 19:28 - 000000000 ____D C:\FRST 2017-09-11 19:26 - 2017-09-11 19:27 - 000133080 _____ C:\Windows\ntbtlog.txt 2017-09-08 21:20 - 2017-09-08 21:20 - 000592707 _____ C:\Users\matrix reborn\Desktop\crView.pdf 2017-09-07 17:21 - 2017-09-07 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-07 13:23 - 2017-09-07 13:24 - 000000000 ____D C:\eme_utils 2017-09-06 15:28 - 2017-09-06 15:28 - 000026809 _____ C:\Users\matrix reborn\Desktop\Verbs-List-for-Literary-Analysis-17wbq04 (1).pdf 2017-09-06 15:23 - 2017-09-06 15:23 - 000000000 ____D C:\Program Files\Common Files\Skype 2017-09-04 21:40 - 2017-09-04 21:40 - 002661718 _____ C:\Users\matrix reborn\Desktop\Dark-reactions.pptx 2017-09-03 16:57 - 2017-09-03 16:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2017-09-03 14:22 - 2017-09-03 15:51 - 000408113 _____ C:\Windows\system32\test.txt 2017-09-03 14:18 - 2017-09-03 15:46 - 000000000 ____D C:\Program Files\Shortcut Virus Remover 2017-09-02 09:32 - 2017-09-07 17:21 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-02 09:32 - 2017-09-02 09:32 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-02 09:32 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys 2017-09-02 09:15 - 2017-09-02 09:19 - 066347240 _____ (Malwarebytes ) C:\Users\matrix reborn\Desktop\winlogon.exe.exe 2017-09-01 19:54 - 2017-09-01 19:54 - 001792512 _____ (Farbar) C:\Users\matrix reborn\Desktop\FRST.exe 2017-08-22 16:41 - 2017-08-22 16:41 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\OfficeBSCache-MyComputer 2017-08-21 18:33 - 2017-09-11 19:17 - 000000000 ___HD C:\Users\matrix reborn\AppData\Roaming\cyelvmh 2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 __SHD C:\found.000 2017-08-18 18:56 - 2017-08-18 18:56 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\TempOfficeC2RA199A313-C76B-4E44-8EC6-9DFBF3C0606B 2017-08-18 18:41 - 2017-08-18 18:41 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\TempOfficeC2R9371C81D-60F8-4DB7-AE43-FE35EA0A78E9 2017-08-12 23:24 - 2017-08-12 23:25 - 000400211 _____ C:\Users\matrix reborn\Desktop\2018UndergradAppForm.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-11 19:27 - 2017-07-30 20:33 - 000996352 ___SH C:\Users\matrix reborn\Desktop\Thumbs.db 2017-09-11 19:24 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-11 19:23 - 2009-07-13 20:34 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-11 19:23 - 2009-07-13 20:34 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-11 19:14 - 2016-08-03 17:58 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\Battle.net 2017-09-11 18:59 - 2016-08-03 17:49 - 000000000 ____D C:\Program Files\Battle.net 2017-09-11 06:05 - 2016-05-16 21:01 - 000007887 _____ C:\Windows\BRRBCOM.INI 2017-09-10 19:55 - 2014-09-23 00:33 - 000000000 ____D C:\Program Files\Microsoft Office 2017-09-09 21:23 - 2014-09-23 05:20 - 000000000 ____D C:\Windows\system32\Macromed 2017-09-07 17:21 - 2015-07-05 16:17 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-06 15:24 - 2014-09-23 01:17 - 000000000 ____D C:\ProgramData\Skype 2017-09-06 15:23 - 2017-03-16 08:35 - 000000000 ____D C:\Program Files\Skype 2017-09-03 16:58 - 2017-07-24 21:54 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-09-03 16:57 - 2009-07-13 18:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-09-03 15:45 - 2017-07-24 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools 2017-09-03 15:45 - 2017-06-17 07:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader 2017-09-03 15:45 - 2017-06-01 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBIRForms 2017-09-03 15:45 - 2017-04-19 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 10 2017-09-03 15:45 - 2017-03-20 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2017-09-03 15:45 - 2017-03-16 08:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-09-03 15:45 - 2016-09-29 08:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit 2017-09-03 15:45 - 2016-07-20 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit 2017-09-03 15:45 - 2016-07-04 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 5 2017-09-03 15:45 - 2016-05-16 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2017-09-03 15:45 - 2016-03-23 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx 2017-09-03 15:45 - 2016-03-06 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAMEUIFX32 2017-09-03 15:45 - 2016-02-27 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2017-09-03 15:45 - 2015-09-21 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2017-09-03 15:45 - 2015-09-07 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comical 2017-09-03 15:45 - 2015-07-02 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-09-03 15:45 - 2015-06-02 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8 2017-09-03 15:45 - 2015-01-13 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2017-09-03 15:45 - 2014-12-21 08:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-09-03 15:45 - 2014-09-23 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-09-03 15:45 - 2014-09-23 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security 2017-09-03 15:45 - 2014-09-23 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN 2017-09-03 15:45 - 2014-09-22 23:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2017-09-03 15:45 - 2009-07-13 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-09-03 13:25 - 2010-11-20 13:01 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-03 13:25 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf 2017-09-03 12:50 - 2014-10-05 11:43 - 000000000 ____D C:\ProgramData\YTD Video Downloader 2017-09-02 16:06 - 2014-09-22 23:22 - 000001042 _____ C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-08-28 18:00 - 2017-04-24 22:36 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\HearthstoneDeckTracker 2017-08-28 17:59 - 2017-04-13 16:39 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\SquirrelTemp 2017-08-26 15:59 - 2014-09-23 00:11 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-23 00:35 - 2009-07-13 20:53 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-08-20 09:29 - 2017-07-26 18:35 - 000000000 ____D C:\Users\matrix reborn\Desktop\SCHOOL 2017-08-18 18:32 - 2014-10-03 17:37 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\ElevatedDiagnostics 2017-08-18 18:32 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\system32\NDF 2017-08-15 18:48 - 2016-02-06 19:17 - 000000000 ____D C:\Users\matrix reborn\Downloads\Shareit ==================== Files in the root of some directories ======= 2015-08-30 15:46 - 2015-08-30 15:46 - 000000132 _____ () C:\Users\matrix reborn\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-02-25 17:18 - 2016-02-25 17:18 - 000005120 _____ () C:\Users\matrix reborn\AppData\Roaming\GiftBag.db 2015-09-14 18:30 - 2015-09-14 18:30 - 000000000 _____ () C:\Users\matrix reborn\AppData\Local\{0DE6D1E7-863E-413C-88AE-7D35CD2C0D93} 2017-07-15 19:25 - 2017-07-15 19:25 - 000000000 _____ () C:\Users\matrix reborn\AppData\Local\{0FE673DA-E990-4900-BAFF-EE478684410A} 2016-10-25 18:50 - 2016-10-25 18:51 - 000000000 _____ () C:\Users\matrix reborn\AppData\Local\{27C171DC-93CF-4C44-A094-C37F6E0C3F40} 2016-12-19 14:35 - 2016-12-19 14:38 - 000000219 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2015-09-02 18:53 - 2015-09-03 19:48 - 000000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Files to move or delete: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-03 21:29 ==================== End of FRST.txt ============================
  10. Hello, I already read a thread about this problem posted by jigsawpuzzle500. I tried downloading Farbar Security Scan Tool from the given site but I can't install it. The window of installing Farbar just appear for millisecond and it disappears. I also can't open Malwarebytes. I'm a student and I really need to clean my USBs. I'm hoping that someone could help me. Thanks in advance!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.