Jump to content
HALOL17

Need help for removing Drive virus and can't run Malwarebytes

Recommended Posts

Hello, I already read a thread about this problem posted by jigsawpuzzle500. I tried downloading Farbar Security Scan Tool from the given site but I can't install it. The window of installing Farbar just appear for millisecond and it disappears. I also can't open Malwarebytes. I'm a student and I really need to clean my USBs. I'm hoping that someone could help me. Thanks in advance!

Share this post


Link to post
Share on other sites

Thanks Valinorum for replying! I did what you suggested and finished a while ago. This was the result of the scan: 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-08-2017 01
Ran by matrix reborn (administrator) on MATRIXREBORN-PC (11-09-2017 19:28:01)
Running from C:\Users\matrix reborn\Desktop
Loaded Profiles: matrix reborn (Available Profiles: matrix reborn)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4514304 2014-08-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [Browser Extensions] => C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] ()
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\RunOnce: [Uninstall C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\MountPoints2: {e056e920-42e7-11e4-84db-806e6f6e6963} - E:\ASRSetup.exe
AppInit_DLLs: C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitLord.lnk [2016-11-04]
ShortcutTarget: BitLord.lnk -> C:\Program Files\BitLord\BitLord.exe (House of Life)
Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{6CCE46BF-10C5-4650-A884-94CBD96A5E12}: [DhcpNameServer] 192.168.254.254 192.168.254.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131488707757778894&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130864100478045633&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130864100478035632&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131488707759058967&GUID=00000000-0000-0000-0000-000000000000
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-09-10] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-15] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-09-10] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-10] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-10] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-10] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-10] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: t63oiqr5.default
FF ProfilePath: C:\Users\matrix reborn\AppData\Roaming\Mozilla\Firefox\Profiles\t63oiqr5.default [2017-07-17]
FF NewTab: Mozilla\Firefox\Profiles\t63oiqr5.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\t63oiqr5.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
hxxps://www.malwarebytes.org/restorebrowser/
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t63oiqr5.default -> Google
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\t63oiqr5.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\t63oiqr5.default -> hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\t63oiqr5.default -> Google
FF Keyword.URL: Mozilla\Firefox\Profiles\t63oiqr5.default -> hxxps://www.google.com/search?bcutc=sp-006
FF Homepage: Mozilla\Firefox\Profiles\t63oiqr5.default -> hxxps://www.google.com/?bcutc=sp-006
FF Extension: (Ebay Shopping Assistant) - C:\Users\matrix reborn\AppData\Roaming\Mozilla\Firefox\Profiles\t63oiqr5.default\Extensions\{1b80ae74-4912-44fc-9f27-30f9252a5ad7} [2016-11-26]
FF SearchPlugin: C:\Users\matrix reborn\AppData\Roaming\Mozilla\Firefox\Profiles\t63oiqr5.default\searchplugins\google-avast.xml [2017-07-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-15]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2398139705-1666454652-2960514220-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\matrix reborn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://ph.search.yahoo.com/?type=715483&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default [2017-09-11]
CHR Extension: (Adblock Plus) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Adobe Acrobat) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-15]
CHR Extension: (AdBlock) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-12]
CHR Extension: (Avast Online Security) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\matrix reborn\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-09-23]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
CHR HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-15] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [550240 2013-05-31] (cFos Software GmbH)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2840768 2017-08-28] (Microsoft Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes)
S2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-14] ()
S2 RzKLService; C:\Program Files\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-21] (Razer Inc.)
S3 ShareItSvc; C:\Program Files\Lenovo\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2016-09-23] (SHAREit Technologies Co.Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70464 2013-06-27] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34624 2013-06-27] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50432 2013-09-19] (Advanced Micro Devices)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [21000 2011-01-26] (ASRock Inc.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [67392 2017-01-03] (AVAST Software)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-15] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-15] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-15] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-06-15] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-15] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-15] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-06-15] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
S1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1284960 2013-05-31] (cFos Software GmbH)
S3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-17] (Creative Technology Ltd.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2016-11-24] ()
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20288 2015-06-12] (Razer, Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 TSSK; C:\Windows\System32\tssk.sys [74040 2016-02-25] (电脑管家)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-11 19:28 - 2017-09-11 19:29 - 000016970 _____ C:\Users\matrix reborn\Desktop\FRST.txt
2017-09-11 19:27 - 2017-09-11 19:28 - 000000000 ____D C:\FRST
2017-09-11 19:26 - 2017-09-11 19:27 - 000133080 _____ C:\Windows\ntbtlog.txt
2017-09-08 21:20 - 2017-09-08 21:20 - 000592707 _____ C:\Users\matrix reborn\Desktop\crView.pdf
2017-09-07 17:21 - 2017-09-07 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-07 13:23 - 2017-09-07 13:24 - 000000000 ____D C:\eme_utils
2017-09-06 15:28 - 2017-09-06 15:28 - 000026809 _____ C:\Users\matrix reborn\Desktop\Verbs-List-for-Literary-Analysis-17wbq04 (1).pdf
2017-09-06 15:23 - 2017-09-06 15:23 - 000000000 ____D C:\Program Files\Common Files\Skype
2017-09-04 21:40 - 2017-09-04 21:40 - 002661718 _____ C:\Users\matrix reborn\Desktop\Dark-reactions.pptx
2017-09-03 16:57 - 2017-09-03 16:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-09-03 14:22 - 2017-09-03 15:51 - 000408113 _____ C:\Windows\system32\test.txt
2017-09-03 14:18 - 2017-09-03 15:46 - 000000000 ____D C:\Program Files\Shortcut Virus Remover
2017-09-02 09:32 - 2017-09-07 17:21 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-02 09:32 - 2017-09-02 09:32 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-02 09:32 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-09-02 09:15 - 2017-09-02 09:19 - 066347240 _____ (Malwarebytes ) C:\Users\matrix reborn\Desktop\winlogon.exe.exe
2017-09-01 19:54 - 2017-09-01 19:54 - 001792512 _____ (Farbar) C:\Users\matrix reborn\Desktop\FRST.exe
2017-08-22 16:41 - 2017-08-22 16:41 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\OfficeBSCache-MyComputer
2017-08-21 18:33 - 2017-09-11 19:17 - 000000000 ___HD C:\Users\matrix reborn\AppData\Roaming\cyelvmh
2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 __SHD C:\found.000
2017-08-18 18:56 - 2017-08-18 18:56 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\TempOfficeC2RA199A313-C76B-4E44-8EC6-9DFBF3C0606B
2017-08-18 18:41 - 2017-08-18 18:41 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\TempOfficeC2R9371C81D-60F8-4DB7-AE43-FE35EA0A78E9
2017-08-12 23:24 - 2017-08-12 23:25 - 000400211 _____ C:\Users\matrix reborn\Desktop\2018UndergradAppForm.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-11 19:27 - 2017-07-30 20:33 - 000996352 ___SH C:\Users\matrix reborn\Desktop\Thumbs.db
2017-09-11 19:24 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-11 19:23 - 2009-07-13 20:34 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-11 19:23 - 2009-07-13 20:34 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-11 19:14 - 2016-08-03 17:58 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\Battle.net
2017-09-11 18:59 - 2016-08-03 17:49 - 000000000 ____D C:\Program Files\Battle.net
2017-09-11 06:05 - 2016-05-16 21:01 - 000007887 _____ C:\Windows\BRRBCOM.INI
2017-09-10 19:55 - 2014-09-23 00:33 - 000000000 ____D C:\Program Files\Microsoft Office
2017-09-09 21:23 - 2014-09-23 05:20 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-07 17:21 - 2015-07-05 16:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-06 15:24 - 2014-09-23 01:17 - 000000000 ____D C:\ProgramData\Skype
2017-09-06 15:23 - 2017-03-16 08:35 - 000000000 ____D C:\Program Files\Skype
2017-09-03 16:58 - 2017-07-24 21:54 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-03 16:57 - 2009-07-13 18:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-03 15:45 - 2017-07-24 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-09-03 15:45 - 2017-06-17 07:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2017-09-03 15:45 - 2017-06-01 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBIRForms
2017-09-03 15:45 - 2017-04-19 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 10
2017-09-03 15:45 - 2017-03-20 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-09-03 15:45 - 2017-03-16 08:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-09-03 15:45 - 2016-09-29 08:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit
2017-09-03 15:45 - 2016-07-20 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2017-09-03 15:45 - 2016-07-04 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 5
2017-09-03 15:45 - 2016-05-16 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2017-09-03 15:45 - 2016-03-23 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2017-09-03 15:45 - 2016-03-06 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAMEUIFX32
2017-09-03 15:45 - 2016-02-27 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-09-03 15:45 - 2015-09-21 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-09-03 15:45 - 2015-09-07 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comical
2017-09-03 15:45 - 2015-07-02 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-09-03 15:45 - 2015-06-02 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8
2017-09-03 15:45 - 2015-01-13 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2017-09-03 15:45 - 2014-12-21 08:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-09-03 15:45 - 2014-09-23 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-09-03 15:45 - 2014-09-23 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
2017-09-03 15:45 - 2014-09-23 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN
2017-09-03 15:45 - 2014-09-22 23:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-09-03 15:45 - 2009-07-13 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-03 13:25 - 2010-11-20 13:01 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-03 13:25 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2017-09-03 12:50 - 2014-10-05 11:43 - 000000000 ____D C:\ProgramData\YTD Video Downloader
2017-09-02 16:06 - 2014-09-22 23:22 - 000001042 _____ C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-28 18:00 - 2017-04-24 22:36 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\HearthstoneDeckTracker
2017-08-28 17:59 - 2017-04-13 16:39 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\SquirrelTemp
2017-08-26 15:59 - 2014-09-23 00:11 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 00:35 - 2009-07-13 20:53 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-20 09:29 - 2017-07-26 18:35 - 000000000 ____D C:\Users\matrix reborn\Desktop\SCHOOL
2017-08-18 18:32 - 2014-10-03 17:37 - 000000000 ____D C:\Users\matrix reborn\AppData\Local\ElevatedDiagnostics
2017-08-18 18:32 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\system32\NDF
2017-08-15 18:48 - 2016-02-06 19:17 - 000000000 ____D C:\Users\matrix reborn\Downloads\Shareit

==================== Files in the root of some directories =======

2015-08-30 15:46 - 2015-08-30 15:46 - 000000132 _____ () C:\Users\matrix reborn\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-02-25 17:18 - 2016-02-25 17:18 - 000005120 _____ () C:\Users\matrix reborn\AppData\Roaming\GiftBag.db
2015-09-14 18:30 - 2015-09-14 18:30 - 000000000 _____ () C:\Users\matrix reborn\AppData\Local\{0DE6D1E7-863E-413C-88AE-7D35CD2C0D93}
2017-07-15 19:25 - 2017-07-15 19:25 - 000000000 _____ () C:\Users\matrix reborn\AppData\Local\{0FE673DA-E990-4900-BAFF-EE478684410A}
2016-10-25 18:50 - 2016-10-25 18:51 - 000000000 _____ () C:\Users\matrix reborn\AppData\Local\{27C171DC-93CF-4C44-A094-C37F6E0C3F40}
2016-12-19 14:35 - 2016-12-19 14:38 - 000000219 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-09-02 18:53 - 2015-09-03 19:48 - 000000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-03 21:29

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-08-2017 01
Ran by matrix reborn (11-09-2017 19:29:51)
Running from C:\Users\matrix reborn\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-09-23 07:22:06)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2398139705-1666454652-2960514220-500 - Administrator - Disabled)
Guest (S-1-5-21-2398139705-1666454652-2960514220-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2398139705-1666454652-2960514220-1003 - Limited - Enabled)
matrix reborn (S-1-5-21-2398139705-1666454652-2960514220-1000 - Administrator - Enabled) => C:\Users\matrix reborn

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (HKLM\...\{23170F69-40C1-2701-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
7-Zip 9.10 beta (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{44537D5C-4CB8-CFCD-2D95-9205FF380CCC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ASRock 3TB+ Unlocker v1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version:  - ASRock Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BitLord 2.5 (HKLM\...\BitLord) (Version: 2.4.5-316 - House of Life)
Brother MFL-Pro Suite DCP-T300 (HKLM\...\{BA07A125-6AC7-4293-89D6-391676FFD041}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Browser Extensions (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.9.9.5 - Spigot, Inc.) <==== ATTENTION
calibre (HKLM\...\{B76A3B8A-CD1E-4260-BA4A-6A6EAA05715D}) (Version: 2.82.0 - Kovid Goyal)
Comical 0.8 (HKLM\...\Comical_is1) (Version:  - James Athey)
EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version:  - EaseUS)
Firefox Packages (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Firefox Packages) (Version:  - ) <==== ATTENTION
GeoGebra 5 (HKLM\...\GeoGebra 5) (Version: 5.0.255.0 - International GeoGebra Institute)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\HearthstoneDeckTracker) (Version: 1.4.1 - HearthSim)
HydraVision (HKLM\...\{6A888ADA-BD9F-9B95-B692-21B2E53A0F29}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
K-Lite Codec Pack 10.0.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MAMEUIFX32 (HKLM\...\MAMEUIFX32) (Version: 0.145 - Mamesick)
Metric Collection SDK 35 (HKLM\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Razer Cortex (HKLM\...\Razer Cortex_is1) (Version: 6.1.10.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (HKLM\...\SafeZone 1.48.2066.101) (Version: 1.48.2066.101 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
SHAREit (HKLM\...\www.ushareit.com_is1) (Version: 4.0.4.152 - SHAREit Technologies Co.Ltd)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Unity Web Player (HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XFast LAN v9.05 (HKLM\...\XFast LAN) (Version: 9.05 - cFos Software GmbH, Bonn)
YTD Video Downloader 5.8.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.3 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuthLib.dll ()
CustomCLSID: HKU\S-1-5-21-2398139705-1666454652-2960514220-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\matrix reborn\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-15] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-15] (AVAST Software)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files\Lenovo\SHAREit\ShellEx\ShellExt32.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-15] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files\Lenovo\SHAREit\ShellEx\ShellExt32.dll -> No File
ContextMenuHandlers4: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-11-01] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-15] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {025E2E0F-394F-4CE1-B2CA-C8BCA6B0B1DE} - System32\Tasks\{1FFEC184-881C-4FA3-A411-CFD0A7F32027} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [2017-08-21] (Malwarebytes)
Task: {02DAE0A8-1F99-4094-A463-33FDCE99F4ED} - System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {08D46366-7F49-4AC0-AB74-F8291AAE1039} - System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => C:\Windows\system32\pcalua.exe -a "D:\TORRENT\Bluestacks Offline Installer [Latest]\NetFx20SP2_x86.exe" -d "D:\TORRENT\Bluestacks Offline Installer [Latest]"
Task: {0A1F6931-6585-4FF1-9CA8-ADCA541F3392} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-10] (Microsoft Corporation)
Task: {0B532717-43F8-4EE1-BFCC-322F661BD795} - System32\Tasks\{66E0D1B6-F987-45B8-B6DE-3ABA9709272B} => C:\Windows\system32\pcalua.exe -a "C:\Users\matrix reborn\Downloads\Detective_Conan_Icon_Pack_01.exe" -d "C:\Users\matrix reborn\Downloads"
Task: {182CF878-B076-4F19-BD8E-D965AB5A4E76} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {198AB23A-8541-4BB8-9349-EA75BAECA88A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {415E96C6-EDF8-49CB-80D0-6838D74B6EA9} - System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} - System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {5F7E2671-B635-41BA-92B6-201DAB0361C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {68D588D2-3B38-465F-B822-8C07D9E5DAA4} - System32\Tasks\{C0A1A171-69F5-4337-9487-0F95471A52E0} => C:\Program Files\BitLord\BitLord.exe [2017-02-10] (House of Life)
Task: {792DB78C-AD4D-4BBB-97E7-490B1A97CEE6} - System32\Tasks\{D7DC832B-F62F-4D4E-89E5-9F196F7277DE} => C:\Program Files\BitLord\BitLord.exe [2017-02-10] (House of Life)
Task: {7F4CE1BA-E309-4B30-A078-5BA0B22E6100} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {7F577CE7-A2AE-4190-BD1F-C6075F49EDE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {902CD296-6705-4CE7-8B39-5B142C3B28BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {90EB5205-9752-413F-8489-500385EB08DA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files\Google\Chrome\Application\chrome.exe 
Task: {AFE1A19F-60D8-43EC-B10E-0E1FFF827832} - \Internet Update -> No File <==== ATTENTION
Task: {B555B76D-EB4C-4413-ACF5-2D4C60D7F5F9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {BFD6FE00-CCFF-414D-A40C-6878C4E24389} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-15] (AVAST Software)
Task: {D6881F1C-9D15-4556-AF1C-0AF251E9A3E4} - System32\Tasks\{996FBF27-F55D-401E-B347-EB0F052888F4} => C:\Program Files\BitLord\BitLord.exe [2017-02-10] (House of Life)
Task: {E6C8C6E2-4371-4087-884F-BC52839294EA} - System32\Tasks\SafeZone scheduled Autoupdate 1466046912 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {E92B6024-335A-40C0-ADD1-6C22CA6E8B14} - System32\Tasks\{598D76F4-12DC-4D85-B693-E051E5B47DB3} => C:\Windows\system32\pcalua.exe -a "F:\FILES\INSTALLERS\NET 3.5 OFLINE INSTALLER\dotnetfx35.exe" -d "F:\FILES\INSTALLERS\NET 3.5 OFLINE INSTALLER"
Task: {EC363DBE-E050-482F-9F5C-9B283397E5D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {F80A3052-974C-4E43-8742-062A3DBF9266} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-08-01 17:16 - 2016-08-01 17:16 - 000679624 _____ () C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2017-08-23 01:10 - 2017-09-10 19:49 - 008903232 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2017-02-13 20:14 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^matrix reborn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Browser Extensions => "C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe"
MSCONFIG\startupreg: gpuminer => C:\Users\matrix reborn\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: USB Security => C:\Program Files\USB Disk Security\USBGuard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\matrix reborn\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: XFast LAN => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{233DDACA-A58C-4F3E-A696-EE37B216CAA1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8A850B5B-4830-40EB-9AC0-310CCF9853EC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C5313B11-C0E6-418F-A6D5-8886D87AB8F2}D:\gamesz\left 4 dead 2\left4dead2.exe] => (Allow) D:\gamesz\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{3206512F-C319-412C-80A3-43CC7536F774}D:\gamesz\left 4 dead 2\left4dead2.exe] => (Allow) D:\gamesz\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{4440FA01-F0AA-4710-AED5-39950AA9947B}C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B0B42EAA-3947-4C9D-B60F-86D74AC20E5A}C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{78957154-07CB-4DC2-B09C-4961975A262D}] => (Allow) C:\Program Files\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe
FirewallRules: [{1EF5F4EA-39B2-4E95-A0F2-D196312D64A9}] => (Allow) C:\Program Files\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe
FirewallRules: [{40108765-E6F5-4F7D-B66C-C281E4B42FEF}] => (Allow) C:\Program Files\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe
FirewallRules: [{09869BB0-25B2-4FD6-916A-3BA8389858B2}] => (Allow) C:\Program Files\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe
FirewallRules: [TCP Query User{A4551FEF-2B6B-4EDD-9D51-838A93F59892}C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DF7CCD9E-7C75-4A06-8461-99605EE82C32}C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matrix reborn\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{620F6CE9-E5E2-41F1-BA46-A95F6E1DE569}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B75A9347-D1B0-480E-BCB4-531BA8FA5E3E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{91603311-D0B5-4094-886B-E3213BD9E75D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{938DD7F7-0FA2-4F61-BE12-A71FA431BFA8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A4CCFAD4-FDFB-4C27-940F-AA1133E85609}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6A5A5957-D469-485B-9515-B0132420487C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F848171F-5D22-43F9-9D9D-61AE9F7D172E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0787B4A3-C5C0-480F-8F11-7C180988B5B5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E322C4CA-4E9C-44DE-85BD-37090ACC426C}] => (Allow) %ProgramFiles%\Google\Chrome\Application\chrome.exe
FirewallRules: [{651B5F56-1344-4579-B688-FFBDB388B1EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E5D57EE3-B6ED-4077-9139-7281AED16B17}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CA032DFF-D9AB-448D-8CB1-BDA25352B4F4}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{54A3AEFC-1115-4CA3-9336-424E09283B40}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [TCP Query User{48D806CF-7AD5-48DB-AD79-D6D992B29A0F}C:\users\matrix reborn\desktop\utorrent plus v3.4.2 build 33023 stable\utorrent.exe] => (Allow) C:\users\matrix reborn\desktop\utorrent plus v3.4.2 build 33023 stable\utorrent.exe
FirewallRules: [UDP Query User{65C69DA1-5F98-4A7C-8A9A-FE45AEF24A99}C:\users\matrix reborn\desktop\utorrent plus v3.4.2 build 33023 stable\utorrent.exe] => (Allow) C:\users\matrix reborn\desktop\utorrent plus v3.4.2 build 33023 stable\utorrent.exe
FirewallRules: [{6A16C393-EF4F-4084-A93B-2D79B0E1B14D}] => (Allow) C:\Users\matrix reborn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{963F13DB-8A96-420D-939C-A7BEF072F344}] => (Allow) C:\Users\matrix reborn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9ACFC474-17FF-4391-8E4F-D1CB0BC97087}] => (Allow) C:\Program Files\fdFFHBX\fdFFHBX\chrome.exe
FirewallRules: [{705D4F07-E345-4D80-93B7-4B5FDD8D23D1}] => (Allow) C:\ProgramData\Chrome\Application\GoogleUpdateSetup.exe
FirewallRules: [{F4427A5E-FEAC-43BE-9BD6-C438617C0F39}] => (Allow) C:\ProgramData\Google\update\GoogleUpdate.exe
FirewallRules: [{4787BBE9-C9B2-424A-9F18-F2C4FE017287}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9611078F-709A-4C02-B90A-212FA60570DC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DAD3BD36-7528-44AA-A632-39040EC49669}] => (Allow) C:\Users\matrix reborn\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{2054AD48-E898-4B7E-91C1-1CD53DA5F58B}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{C5B4DDBF-934F-4230-9B11-9B85E46662E0}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{04F0B885-F1DB-4871-9BCA-CE980B756F3E}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{25EB1E48-3D8A-4B3D-A2A7-E7CAF8C7404B}F:\hearthstone\hearthstone.exe] => (Allow) F:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A62A4FEB-69D0-4520-BCA4-59F3971F61E0}F:\hearthstone\hearthstone.exe] => (Allow) F:\hearthstone\hearthstone.exe
FirewallRules: [{5EB03AB2-2EB1-45BE-84A7-219E9606D83E}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{1B413D9E-518C-4C50-99B6-79BD4FF08069}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{2F20B65B-58C6-4D63-9F22-A6D6E5415389}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{1665CBD1-8C50-46E2-A0AE-A985E7D2465E}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [TCP Query User{DD0DCD65-1D02-4C75-B220-4B377386E3B6}C:\program files\bitlord\bitlord.exe] => (Block) C:\program files\bitlord\bitlord.exe
FirewallRules: [UDP Query User{F5B05340-8563-425F-A9B3-9AD86CF16807}C:\program files\bitlord\bitlord.exe] => (Block) C:\program files\bitlord\bitlord.exe
FirewallRules: [TCP Query User{5B1CB0A2-0B35-405F-BC64-0B74BAB1BD07}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{DBF0D48C-F7D0-486F-A825-47FFC415D783}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{C8527AD2-BE5D-495A-B9A1-A271DD7B0D9C}C:\program files\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{57B78672-73B3-4EB6-A008-DF347894A2F8}C:\program files\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [{425ACF0B-EFAF-4B88-9164-29EE4E5D8300}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{9716FEEE-D673-40F5-91C0-17E03AEA773E}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [TCP Query User{E995851B-7C15-4180-8A78-B162E88AE933}C:\program files\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{BC2D28A6-F3B2-4E39-BC16-F698D3252911}C:\program files\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [{7A2093F5-53ED-4E27-8629-A20CB7AAFF1A}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{6CB68009-A42A-4AF0-8ECD-83F945BF1C9A}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{2FC2BE1D-4314-43C8-ACE7-EDD4F9F3C0EE}] => (Allow) C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{F34AC6B9-BF91-46AB-A297-5EB4E6B73E74}] => (Allow) C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{27221BAA-614B-4815-8322-D9A38AA4AEBF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{D70CE897-8EC5-458E-9108-3EDDB965F3D1}] => (Allow) C:\Users\matrix reborn\Desktop\mbam-setup-FileHippo.19901-2.2.1.1043.exe
FirewallRules: [{ADC4EF9C-AE77-4E7B-9026-A3903F8080F0}] => (Allow) C:\Users\matrix reborn\Desktop\mbam-setup-FileHippo.19901-2.2.1.1043.exe
FirewallRules: [{4B991D40-A5AD-4DD6-9677-5FF27DA763B4}] => (Allow) C:\Users\matrix reborn\Desktop\mbam-setup-FileHippo.19901-2.2.1.1043.exe
FirewallRules: [{DE798CB2-A39A-4B61-9CC9-FBC8BDD68A0D}] => (Allow) C:\Users\matrix reborn\Desktop\mbam-setup-FileHippo.19901-2.2.1.1043.exe
FirewallRules: [{CBE26BFC-3528-4123-B4B4-A2415C65631D}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{3D62F600-0F82-4EB6-80B2-8B54605395B2}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{A86F1212-FA15-493E-8A9B-3878BDF52C6A}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{E9A21344-DB4A-4437-9BEA-F50956701735}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{590BAB68-B2D3-44F7-9B21-C79073DD610C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{89B0201E-BD03-465A-BF67-713A66997064}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4D2369AA-D172-4987-A0B4-C7E256E54453}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe

==================== Restore Points =========================

26-08-2017 16:52:28 WASD
27-08-2017 13:24:47 Windows Defender Checkpoint
01-09-2017 19:13:39 Windows Defender Checkpoint

==================== Faulty Device Manager Devices =============

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2017 07:30:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x594d4411
Exception code: 0xc0000005
Fault offset: 0x001a9fd6
Faulting process id: 0x308
Faulting application start time: 0x01d32b777b03d65f
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: c1abd286-976a-11e7-a600-b1a24033b809

Error: (09/11/2017 07:29:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x594d4411
Exception code: 0xc0000005
Fault offset: 0x001a9fd6
Faulting process id: 0x7e4
Faulting application start time: 0x01d32b775aef8af5
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: a464054e-976a-11e7-a600-b1a24033b809

Error: (09/11/2017 07:28:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/11/2017 07:17:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/11/2017 06:56:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/11/2017 05:56:44 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/09/11 05:56:44.689]: [00002828]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/11/2017 05:56:44 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/09/11 05:56:44.494]: [00002828]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/11/2017 05:56:44 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/09/11 05:56:44.379]: [00002828]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/11/2017 05:55:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/10/2017 07:04:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).


System errors:
=============
Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/11/2017 07:27:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/11/2017 07:27:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/11/2017 07:27:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


==================== Memory info =========================== 

Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 38%
Total physical RAM: 2500.86 MB
Available physical RAM: 1527.45 MB
Total Virtual: 5000.02 MB
Available Virtual: 4083.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:67 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:28.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 935AFE7C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

Uninstall the followings: 
Browser Extensions
Firefox Packages
YTD Video Downloader 5.8.3

  • Step # Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    •  
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      Task: {02DAE0A8-1F99-4094-A463-33FDCE99F4ED} - System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
      Task: {08D46366-7F49-4AC0-AB74-F8291AAE1039} - System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => C:\Windows\system32\pcalua.exe -a "D:\TORRENT\Bluestacks Offline Installer [Latest]\NetFx20SP2_x86.exe" -d "D:\TORRENT\Bluestacks Offline Installer [Latest]"
      Task: {415E96C6-EDF8-49CB-80D0-6838D74B6EA9} - System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
      Task: {4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} - System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
      Task: {991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files\Google\Chrome\Application\chrome.exe 
      Task: {AFE1A19F-60D8-43EC-B10E-0E1FFF827832} - \Internet Update -> No File <==== ATTENTION
      HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [Browser Extensions] => C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] ()
      File: C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe
      C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe
      HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\MountPoints2: {e056e920-42e7-11e4-84db-806e6f6e6963} - E:\ASRSetup.exe
      AppInit_DLLs: C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File
      File: C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
      ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
      Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
      ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
      GroupPolicy: Restriction ? <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      S3 TSSK; C:\Windows\System32\tssk.sys [74040 2016-02-25] (电脑管家)
      2017-09-03 14:18 - 2017-09-03 15:46 - 000000000 ____D C:\Program Files\Shortcut Virus Remover
      File: C:\Users\matrix reborn\Desktop\winlogon.exe.exe
      2017-08-21 18:33 - 2017-09-11 19:17 - 000000000 ___HD C:\Users\matrix reborn\AppData\Roaming\cyelvmh
      2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 __SHD C:\found.000
      C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
      CMD: bitsadmin /reset /allusers
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.



 

try running Malwarebytes Anti-Malware now. 

Share this post


Link to post
Share on other sites

Thanks Valinorum! I did what you said and the log named Fixlog contains these:

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02
Ran by matrix reborn (14-09-2017 17:43:03) Run:1
Running from C:\Users\matrix reborn\Desktop
Loaded Profiles: matrix reborn (Available Profiles: matrix reborn)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Task: {02DAE0A8-1F99-4094-A463-33FDCE99F4ED} - System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {08D46366-7F49-4AC0-AB74-F8291AAE1039} - System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => C:\Windows\system32\pcalua.exe -a "D:\TORRENT\Bluestacks Offline Installer [Latest]\NetFx20SP2_x86.exe" -d "D:\TORRENT\Bluestacks Offline Installer [Latest]"
Task: {415E96C6-EDF8-49CB-80D0-6838D74B6EA9} - System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} - System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files\Google\Chrome\Application\chrome.exe 
Task: {AFE1A19F-60D8-43EC-B10E-0E1FFF827832} - \Internet Update -> No File <==== ATTENTION
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [Browser Extensions] => C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] ()
File: C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe
C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\MountPoints2: {e056e920-42e7-11e4-84db-806e6f6e6963} - E:\ASRSetup.exe
AppInit_DLLs: C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File
File: C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S3 TSSK; C:\Windows\System32\tssk.sys [74040 2016-02-25] (电脑管家)
2017-09-03 14:18 - 2017-09-03 15:46 - 000000000 ____D C:\Program Files\Shortcut Virus Remover
File: C:\Users\matrix reborn\Desktop\winlogon.exe.exe
2017-08-21 18:33 - 2017-09-11 19:17 - 000000000 ___HD C:\Users\matrix reborn\AppData\Roaming\cyelvmh
2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 __SHD C:\found.000
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
CMD: bitsadmin /reset /allusers
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestart_chrome.exe => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Update => key could not remove. Access Denied.
 

Share this post


Link to post
Share on other sites

I tried running it yesterday and last Thursday and this was the virus showed, both in quarantine:

21848913_361257720961860_1690361148_n.thumb.png.6e3911c0f12a8dfe6e1a9f04e9f4ea50.png

Edited by HALOL17

Share this post


Link to post
Share on other sites

When i open the FRST, it showed that a fixlog was created:

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02
Ran by matrix reborn (14-09-2017 17:43:03) Run:1
Running from C:\Users\matrix reborn\Desktop
Loaded Profiles: matrix reborn (Available Profiles: matrix reborn)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Task: {02DAE0A8-1F99-4094-A463-33FDCE99F4ED} - System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {08D46366-7F49-4AC0-AB74-F8291AAE1039} - System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => C:\Windows\system32\pcalua.exe -a "D:\TORRENT\Bluestacks Offline Installer [Latest]\NetFx20SP2_x86.exe" -d "D:\TORRENT\Bluestacks Offline Installer [Latest]"
Task: {415E96C6-EDF8-49CB-80D0-6838D74B6EA9} - System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} - System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files\Google\Chrome\Application\chrome.exe 
Task: {AFE1A19F-60D8-43EC-B10E-0E1FFF827832} - \Internet Update -> No File <==== ATTENTION
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [Browser Extensions] => C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] ()
File: C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe
C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\MountPoints2: {e056e920-42e7-11e4-84db-806e6f6e6963} - E:\ASRSetup.exe
AppInit_DLLs: C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File
File: C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S3 TSSK; C:\Windows\System32\tssk.sys [74040 2016-02-25] (电脑管家)
2017-09-03 14:18 - 2017-09-03 15:46 - 000000000 ____D C:\Program Files\Shortcut Virus Remover
File: C:\Users\matrix reborn\Desktop\winlogon.exe.exe
2017-08-21 18:33 - 2017-09-11 19:17 - 000000000 ___HD C:\Users\matrix reborn\AppData\Roaming\cyelvmh
2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 __SHD C:\found.000
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
CMD: bitsadmin /reset /allusers
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestart_chrome.exe => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Update => key could not remove. Access Denied.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-09-2017 19:45:49)

==> ATTENTION: System is not rebooted.

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestart_chrome.exe => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Update => key could not remove. Access Denied.

==== End of Fixlog 19:45:51 ====

Share this post


Link to post
Share on other sites

Sorry Sir Valinorum for the late reply:

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02
Ran by matrix reborn (25-09-2017 21:07:02) Run:2
Running from C:\Users\matrix reborn\Desktop
Loaded Profiles: matrix reborn (Available Profiles: matrix reborn)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Task: {02DAE0A8-1F99-4094-A463-33FDCE99F4ED} - System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {08D46366-7F49-4AC0-AB74-F8291AAE1039} - System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => C:\Windows\system32\pcalua.exe -a "D:\TORRENT\Bluestacks Offline Installer [Latest]\NetFx20SP2_x86.exe" -d "D:\TORRENT\Bluestacks Offline Installer [Latest]"
Task: {415E96C6-EDF8-49CB-80D0-6838D74B6EA9} - System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} - System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => C:\Users\matrix reborn\Desktop\FRST.exe [2017-09-01] (Farbar)
Task: {991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files\Google\Chrome\Application\chrome.exe 
Task: {AFE1A19F-60D8-43EC-B10E-0E1FFF827832} - \Internet Update -> No File <==== ATTENTION
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\Run: [Browser Extensions] => C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] ()
File: C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe
C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\...\MountPoints2: {e056e920-42e7-11e4-84db-806e6f6e6963} - E:\ASRSetup.exe
AppInit_DLLs: C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File
File: C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
Startup: C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-09-11]
ShortcutTarget: Start.lnk -> C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S3 TSSK; C:\Windows\System32\tssk.sys [74040 2016-02-25] (电脑管家)
2017-09-03 14:18 - 2017-09-03 15:46 - 000000000 ____D C:\Program Files\Shortcut Virus Remover
File: C:\Users\matrix reborn\Desktop\winlogon.exe.exe
2017-08-21 18:33 - 2017-09-11 19:17 - 000000000 ___HD C:\Users\matrix reborn\AppData\Roaming\cyelvmh
2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 __SHD C:\found.000
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
CMD: bitsadmin /reset /allusers
End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02DAE0A8-1F99-4094-A463-33FDCE99F4ED} => key removed successfully.
C:\Windows\System32\Tasks\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{999B4812-0CED-427A-8B1B-F4E7F7197D9A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D46366-7F49-4AC0-AB74-F8291AAE1039} => key removed successfully.
C:\Windows\System32\Tasks\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35DACF9-8B44-4BCB-A17D-43E66401EE48} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{415E96C6-EDF8-49CB-80D0-6838D74B6EA9} => key removed successfully.
C:\Windows\System32\Tasks\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A4E61BB-068E-4F55-8BA4-F3658D33A589} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C61A1-C416-4F5F-9B47-1BB41A9D96F2} => key removed successfully.
C:\Windows\System32\Tasks\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9B2AE0C-6449-4D09-9E17-34365296F11D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991EBDF5-0DA6-4CA2-ADCC-94E6DA430CEB} => key removed successfully.
C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestart_chrome.exe => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE1A19F-60D8-43EC-B10E-0E1FFF827832} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Update => key not found. 
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Extensions => value not found.

========================= File: C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe ========================

"C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe" => not found.
====== End of File: ======

"C:\Users\matrix reborn\AppData\Roaming\BrowserExtensions\BEHelper.exe" => not found.
HKU\S-1-5-21-2398139705-1666454652-2960514220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e056e920-42e7-11e4-84db-806e6f6e6963} => key removed successfully.
HKLM\Software\Classes\CLSID\{e056e920-42e7-11e4-84db-806e6f6e6963} => key not found. 
"C:\Users\MATRIX~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll" => Value data removed successfully..

========================= File: C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe ========================

File is digitally signed
MD5: 979D74799EA6C8B8167869A68DF5204A
Creation and modification date: 2017-09-11 19:17 - 2013-10-11 17:15
Size: 000141824
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: wscript.exe
Original Name: wscript.exe
Product: Microsoft ® Windows Script Host
Description: Microsoft ® Windows Based Script Host
File Version: 5.8.7601.18283
Product Version: 5.8.7601.18283
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0

====== End of File: ======

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk => not found.
C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe => moved successfully
C:\Users\matrix reborn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk => not found.
C:\Users\matrix reborn\AppData\Roaming\cyelvmh\smpynvoih64.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully.
HKLM\System\CurrentControlSet\Services\TSSK => key removed successfully.
TSSK => service removed successfully.
C:\Program Files\Shortcut Virus Remover => moved successfully

========================= File: C:\Users\matrix reborn\Desktop\winlogon.exe.exe ========================

File is digitally signed
MD5: 07B52D258F94D12BE40E25AEFEBF3444
Creation and modification date: 2017-09-02 09:15 - 2017-09-02 09:19
Size: 066347240
Attributes: ----A
Company Name: Malwarebytes                                                
Internal Name: 
Original Name: 
Product: Malwarebytes                                                
Description: Malwarebytes                                                
File Version: 3.2.2.2018          
Product Version: 3.2.2.2018                                        
Copyright: © 2016 Malwarebytes. All Rights Reserved.                                                           
VirusTotal: 0

====== End of File: ======

C:\Users\matrix reborn\AppData\Roaming\cyelvmh => moved successfully
C:\found.000 => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49249333 B
Java, Flash, Steam htmlcache => 67988 B
Windows/system/drivers => 216306228 B
Edge => 0 B
Chrome => 380658409 B
Firefox => 237698676 B
Opera => 1274120 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 30330155 B
LocalService => 66356 B
NetworkService => 1609096 B
matrix reborn => 176429820 B

RecycleBin => 11468385611 B
EmptyTemp: => 11.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:11:16 ====

Share this post


Link to post
Share on other sites

The only problem visible in my PC before is that it gives drive.bat in my USBs even if i clean my USB over and over again. For now, it is normally working but I'm afraid to plug my USB because: 1) my PC may infect my USBs or 2) my USBs may infect my PC. Other than that, there is no visible change in my PC. The system is normally functioning as usual. Do you think I could plug my USB now? Thank you so much Sir!

Share this post


Link to post
Share on other sites

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean / working computer.
 

  • Insert your USB flash drive into the clean / working computer
  • Double-click on USBVaccineSetup.exe to install the program
  • Select your language, read and accept the agreement to continue
  • Choose if you would like the program to run at all times, and for all newly inserted USB drives
  • Click Next then Finish to complete the installation, the program will launch
  • Select your USB drive from the list, then click Vaccinate USB
    note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely
  • A message should appear that your USB drive was vaccinated. If not please report the error in your next post
Edited by Valinorum
Fixed download link.

Share this post


Link to post
Share on other sites

Is the drive.bat file located in your USB drive? If so, you can delete it. USB vaccine disables autorun feature ergo the malware cannot spread automatically. If the data inside the USB drive is not important, I would counsel you to format it. Right-click on the USB drive and choose Format > Quick Format OK

Edited by Valinorum

Share this post


Link to post
Share on other sites

I did it! I tried ejecting it and plugging it and it has no drive.bat file. Is my computer and USB safe now?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.