API tools faq
paste
Advertisement
BleepingComputer

Untitled

BleepingComputer
Jun 29th, 2018
330
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.81 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
  2. Ran by SYSTEM on MININT-FB0DPQU (29-06-2018 12:57:57)
  3. Running from C:\
  4. Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
  5. Internet Explorer Version 11
  6. Boot Mode: Recovery
  7. Default: ControlSet001
  8. [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]
  9.  
  10. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  11.  
  12. ==================== Registry (Whitelisted) ===========================
  13.  
  14. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  15.  
  16. HKLM\...\Run: [VBoxTray] => C:\Windows\system32\vbtray.exe [1537608 2015-03-02] (Oracle Corporation)
  17. HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
  18. HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
  19. HKU\User\...\Run: [agwpyjho] => "C:\Users\User\gidulfmf.exe"
  20. HKU\User\...\Run: [DirectX 11] => rundll32 C:\Users\User\AppData\Local\Temp\d3dx11_31.dll,includes_func_runnded <==== ATTENTION
  21. IFEO\notepad.exe: [Debugger] "C:\Notepad2\Notepad2.exe" /z
  22. Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SATA Monitor.lnk [2018-06-28]
  23. ShortcutTarget: SATA Monitor.lnk -> (No File)
  24.  
  25. ==================== Services (Whitelisted) ====================
  26.  
  27. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  28.  
  29. S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [9388936 2018-05-31] (Emsisoft Ltd)
  30. S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
  31. S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
  32. S3 tor; C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe [3614720 1999-12-31] ()
  33. S2 VBoxService; C:\Windows\System32\vbservice.exe [1778616 2015-03-02] (Oracle Corporation)
  34. S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
  35. S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
  36. S2 kqgzitry; C:\Windows\SysWOW64\kqgzitry\oekdemcl.exe [X]
  37.  
  38. ===================== Drivers (Whitelisted) ======================
  39.  
  40. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  41.  
  42. S3 35C795BD; C:\Windows\system32\drivers\35C795BD.sys [255928 2018-06-28] (Malwarebytes)
  43. S1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [142952 2018-05-31] (Emsisoft Ltd)
  44. S0 eppdisk; C:\Windows\System32\drivers\eppdisk.sys [37064 2018-03-26] (Emsisoft Ltd)
  45. S4 KProcessHacker2; C:\Users\User\Desktop\D\processhacker-2.33-bin\x64\kprocesshacker.sys [39576 2013-11-13] (wj32)
  46. S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
  47. S0 VBoxGuest; C:\Windows\System32\DRIVERS\VBoxGuest.sys [150240 2015-03-02] (Oracle Corporation)
  48. S3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [120840 2015-03-02] (Oracle Corporation)
  49. S1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [294440 2015-03-02] (Oracle Corporation)
  50. S3 VBoxVideo; C:\Windows\System32\DRIVERS\VBoxVideo.sys [145584 2015-03-02] (Oracle Corporation)
  51. S1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-15] (Zemana Ltd.)
  52. S1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-15] (Zemana Ltd.)
  53. S4 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
  54. S4 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
  55. S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  56.  
  57. ==================== NetSvcs (Whitelisted) ===================
  58.  
  59. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  60.  
  61.  
  62. ==================== One Month Created files and folders ========
  63.  
  64. (If an entry is included in the fixlist, the file/folder will be moved.)
  65.  
  66. 2018-06-29 12:57 - 2018-06-29 12:58 - 000004166 _____ C:\FRST.txt
  67. 2018-06-29 12:57 - 2018-06-29 12:57 - 000000000 ____D C:\FRST
  68. 2018-06-29 08:54 - 2018-06-29 08:54 - 002412544 _____ (Farbar) C:\FRST64.exe
  69. 2018-06-29 07:13 - 2018-06-29 07:16 - 000000719 _____ C:\Users\User\Desktop\test.html
  70. 2018-06-28 12:54 - 2018-06-28 12:54 - 084264929 _____ C:\Users\User\Desktop\Data_2.bin.txt
  71. 2018-06-28 12:54 - 2018-06-28 12:54 - 000000622 _____ C:\Users\User\Desktop\test.txt
  72. 2018-06-28 12:54 - 2018-06-28 12:54 - 000000381 _____ C:\Users\User\Desktop\Data_1.bin.txt
  73. 2018-06-28 12:06 - 2018-06-28 12:06 - 003866984 _____ (@ByELDI ) C:\Users\User\KMSpico_setup.exe
  74. 2018-06-28 12:06 - 2018-06-28 12:06 - 001994752 _____ C:\Users\User\Jurassic World Evolution Downloader.exe
  75. 2018-06-28 12:06 - 2018-06-28 12:06 - 001560662 _____ (AdworldInternet ) C:\Users\User\KMSpico_11_Activator_For_Windows_7_8_10_Plus_Office_2018__2426347842.exe
  76. 2018-06-28 10:59 - 2018-06-28 10:59 - 000000000 ____D C:\Users\User\Documents\TagsRevisited
  77. 2018-06-28 10:41 - 2018-06-28 10:41 - 000000088 _____ C:\Users\User\Desktop\ownfolder.bat
  78. 2018-06-28 09:36 - 2018-06-28 09:46 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
  79. 2018-06-28 09:36 - 2018-06-28 09:36 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\35C795BD.sys
  80. 2018-06-28 09:36 - 2018-06-28 09:36 - 000000000 ____D C:\Users\User\Desktop\mbar
  81. 2018-06-28 09:35 - 2018-06-28 09:35 - 014178840 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.10.3.1001.exe
  82. 2018-06-28 09:35 - 2018-06-28 09:35 - 014178840 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.10.3.1001 (1).exe
  83. 2018-06-28 07:55 - 2018-06-28 07:55 - 000013598 _____ C:\Users\User\Desktop\out.txt
  84. 2018-06-28 07:54 - 2018-06-28 07:54 - 000086016 _____ C:\Users\User\Desktop\injected.exe
  85. 2018-06-28 07:42 - 2018-06-28 07:51 - 000000000 ____D C:\Users\User\AppData\Roaming\1337
  86. 2018-06-28 07:42 - 2018-06-28 07:42 - 000133346 _____ C:\Users\User\1A26.tmp.exe
  87. 2018-06-28 07:42 - 2018-06-28 07:42 - 000112804 _____ C:\Users\User\1A26.tmp.bin.zip
  88. 2018-06-28 07:41 - 2018-06-29 07:10 - 000000000 ____D C:\Users\User\AppData\Roaming\SATA Monitor
  89. 2018-06-28 07:38 - 2018-06-28 07:38 - 011654650 _____ C:\Users\User\wwvbmahk.bin.zip
  90. 2018-06-28 07:27 - 2018-06-28 10:35 - 000000000 ____D C:\Windows\SysWOW64\kqgzitry
  91.  
  92. ==================== One Month Modified files and folders ========
  93.  
  94. (If an entry is included in the fixlist, the file/folder will be moved.)
  95.  
  96. 2018-06-29 08:56 - 2016-12-15 07:05 - 000072494 _____ C:\Windows\ZAM.krnl.trace
  97. 2018-06-29 08:56 - 2016-12-15 07:05 - 000045125 _____ C:\Windows\ZAM_Guard.krnl.trace
  98. 2018-06-29 08:56 - 2015-05-29 06:09 - 000000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
  99. 2018-06-29 07:01 - 2015-03-11 06:30 - 000000000 ____D C:\Users\User\Desktop\SystemExplorerPortable_632
  100. 2018-06-28 12:54 - 2015-03-10 16:03 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
  101. 2018-06-28 10:57 - 2009-07-13 20:45 - 000023088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  102. 2018-06-28 10:57 - 2009-07-13 20:45 - 000023088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  103. 2018-06-28 10:53 - 2009-07-13 21:13 - 000781298 _____ C:\Windows\System32\PerfStringBackup.INI
  104. 2018-06-28 10:53 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
  105. 2018-06-28 10:49 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
  106. 2018-06-28 10:37 - 2018-01-25 08:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
  107. 2018-06-28 10:37 - 2018-01-25 08:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
  108. 2018-06-28 09:36 - 2015-03-11 08:48 - 000000000 ____D C:\ProgramData\Malwarebytes
  109. 2018-06-28 08:06 - 2017-03-09 06:00 - 000152184 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
  110. 2018-06-28 07:54 - 2015-03-11 08:56 - 000000000 ____D C:\Users\User\Documents\Fiddler2
  111. 2018-06-28 07:41 - 2015-03-11 05:51 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
  112. 2018-06-28 07:30 - 2015-03-25 14:13 - 000003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427321617
  113. 2018-06-28 07:30 - 2015-03-25 13:57 - 000000000 ____D C:\Program Files (x86)\Opera
  114. 2018-05-31 09:32 - 2015-03-11 05:50 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
  115. 2018-05-31 09:32 - 2015-03-11 05:50 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
  116.  
  117. Some files in TEMP:
  118. ====================
  119. 2018-06-28 07:42 - 2018-06-28 07:42 - 000133346 _____ () C:\Users\User\AppData\Local\Temp\1A26.tmp.exe
  120. 2018-06-28 07:26 - 2018-06-28 07:26 - 000101888 _____ () C:\Users\User\AppData\Local\Temp\A159.tmp.exe
  121. 2018-06-28 07:48 - 2018-06-28 07:48 - 010522026 _____ () C:\Users\User\AppData\Local\Temp\allradio_4.27_portable.exe
  122. 2018-06-28 07:51 - 2018-01-29 13:25 - 084355072 _____ (Microsoft Inc.) C:\Users\User\AppData\Local\Temp\d3dx11_31.dll
  123. 2018-06-28 07:41 - 2018-06-28 07:32 - 000087552 _____ () C:\Users\User\AppData\Local\Temp\F1BD.tmp.exe
  124. 2018-06-28 07:48 - 2018-06-28 07:48 - 000484352 _____ () C:\Users\User\AppData\Local\Temp\lame_enc.dll
  125. 2012-11-10 10:20 - 2012-11-10 10:20 - 000150600 ____R (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\ose00000.exe
  126. 2018-06-28 10:46 - 2018-06-28 10:46 - 001334128 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\AppData\Local\Temp\procexp64.exe
  127. 2018-06-28 07:51 - 2018-06-28 07:51 - 057954715 _____ () C:\Users\User\AppData\Local\Temp\taskm.exe
  128.  
  129. ==================== Known DLLs (Whitelisted) =========================
  130.  
  131.  
  132. ==================== Bamital & volsnap ======================
  133.  
  134. (There is no automatic fix for files that do not pass verification.)
  135.  
  136. C:\Windows\System32\winlogon.exe => MD5 is legit
  137. C:\Windows\System32\wininit.exe => MD5 is legit
  138. C:\Windows\SysWOW64\wininit.exe => MD5 is legit
  139. C:\Windows\explorer.exe => MD5 is legit
  140. C:\Windows\SysWOW64\explorer.exe => MD5 is legit
  141. C:\Windows\System32\svchost.exe => MD5 is legit
  142. C:\Windows\SysWOW64\svchost.exe => MD5 is legit
  143. C:\Windows\System32\services.exe => MD5 is legit
  144. C:\Windows\System32\User32.dll => MD5 is legit
  145. C:\Windows\SysWOW64\User32.dll => MD5 is legit
  146. C:\Windows\System32\userinit.exe => MD5 is legit
  147. C:\Windows\SysWOW64\userinit.exe => MD5 is legit
  148. C:\Windows\System32\rpcss.dll => MD5 is legit
  149. C:\Windows\System32\dnsapi.dll => MD5 is legit
  150. C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
  151. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
  152.  
  153. ==================== Association (Whitelisted) =============
  154.  
  155.  
  156. ==================== Restore Points =========================
  157.  
  158. Restore point date: 2018-06-28 10:59
  159.  
  160. ==================== Memory info ===========================
  161.  
  162. Percentage of memory in use: 14%
  163. Total physical RAM: 4095.55 MB
  164. Available physical RAM: 3495.61 MB
  165. Total Virtual: 4093.75 MB
  166. Available Virtual: 3486.57 MB
  167.  
  168. ==================== Drives ================================
  169.  
  170. Drive c: () (Fixed) (Total:44.9 GB) (Free:15.54 GB) NTFS
  171. Drive e: (GSP1RMCPRXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
  172. Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
  173. Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
  174.  
  175.  
  176. ==================== MBR & Partition Table ==================
  177.  
  178. ========================================================
  179. Disk: 0 (MBR Code: Windows 7/8/10) (Size: 45 GB) (Disk ID: 53B0A5BB)
  180. Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
  181. Partition 2: (Not Active) - (Size=44.9 GB) - (Type=07 NTFS)
  182.  
  183. LastRegBack: 2018-06-28 08:55
  184.  
  185. ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!