Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
- Ran by SYSTEM on MININT-FB0DPQU (29-06-2018 12:57:57)
- Running from C:\
- Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
- Internet Explorer Version 11
- Boot Mode: Recovery
- Default: ControlSet001
- [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Registry (Whitelisted) ===========================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [VBoxTray] => C:\Windows\system32\vbtray.exe [1537608 2015-03-02] (Oracle Corporation)
- HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
- HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
- HKU\User\...\Run: [agwpyjho] => "C:\Users\User\gidulfmf.exe"
- HKU\User\...\Run: [DirectX 11] => rundll32 C:\Users\User\AppData\Local\Temp\d3dx11_31.dll,includes_func_runnded <==== ATTENTION
- IFEO\notepad.exe: [Debugger] "C:\Notepad2\Notepad2.exe" /z
- Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SATA Monitor.lnk [2018-06-28]
- ShortcutTarget: SATA Monitor.lnk -> (No File)
- ==================== Services (Whitelisted) ====================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [9388936 2018-05-31] (Emsisoft Ltd)
- S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
- S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
- S3 tor; C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe [3614720 1999-12-31] ()
- S2 VBoxService; C:\Windows\System32\vbservice.exe [1778616 2015-03-02] (Oracle Corporation)
- S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
- S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
- S2 kqgzitry; C:\Windows\SysWOW64\kqgzitry\oekdemcl.exe [X]
- ===================== Drivers (Whitelisted) ======================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S3 35C795BD; C:\Windows\system32\drivers\35C795BD.sys [255928 2018-06-28] (Malwarebytes)
- S1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [142952 2018-05-31] (Emsisoft Ltd)
- S0 eppdisk; C:\Windows\System32\drivers\eppdisk.sys [37064 2018-03-26] (Emsisoft Ltd)
- S4 KProcessHacker2; C:\Users\User\Desktop\D\processhacker-2.33-bin\x64\kprocesshacker.sys [39576 2013-11-13] (wj32)
- S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
- S0 VBoxGuest; C:\Windows\System32\DRIVERS\VBoxGuest.sys [150240 2015-03-02] (Oracle Corporation)
- S3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [120840 2015-03-02] (Oracle Corporation)
- S1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [294440 2015-03-02] (Oracle Corporation)
- S3 VBoxVideo; C:\Windows\System32\DRIVERS\VBoxVideo.sys [145584 2015-03-02] (Oracle Corporation)
- S1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-15] (Zemana Ltd.)
- S1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-15] (Zemana Ltd.)
- S4 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
- S4 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
- S3 VGPU; System32\drivers\rdvgkmd.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2018-06-29 12:57 - 2018-06-29 12:58 - 000004166 _____ C:\FRST.txt
- 2018-06-29 12:57 - 2018-06-29 12:57 - 000000000 ____D C:\FRST
- 2018-06-29 08:54 - 2018-06-29 08:54 - 002412544 _____ (Farbar) C:\FRST64.exe
- 2018-06-29 07:13 - 2018-06-29 07:16 - 000000719 _____ C:\Users\User\Desktop\test.html
- 2018-06-28 12:54 - 2018-06-28 12:54 - 084264929 _____ C:\Users\User\Desktop\Data_2.bin.txt
- 2018-06-28 12:54 - 2018-06-28 12:54 - 000000622 _____ C:\Users\User\Desktop\test.txt
- 2018-06-28 12:54 - 2018-06-28 12:54 - 000000381 _____ C:\Users\User\Desktop\Data_1.bin.txt
- 2018-06-28 12:06 - 2018-06-28 12:06 - 003866984 _____ (@ByELDI ) C:\Users\User\KMSpico_setup.exe
- 2018-06-28 12:06 - 2018-06-28 12:06 - 001994752 _____ C:\Users\User\Jurassic World Evolution Downloader.exe
- 2018-06-28 12:06 - 2018-06-28 12:06 - 001560662 _____ (AdworldInternet ) C:\Users\User\KMSpico_11_Activator_For_Windows_7_8_10_Plus_Office_2018__2426347842.exe
- 2018-06-28 10:59 - 2018-06-28 10:59 - 000000000 ____D C:\Users\User\Documents\TagsRevisited
- 2018-06-28 10:41 - 2018-06-28 10:41 - 000000088 _____ C:\Users\User\Desktop\ownfolder.bat
- 2018-06-28 09:36 - 2018-06-28 09:46 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
- 2018-06-28 09:36 - 2018-06-28 09:36 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\35C795BD.sys
- 2018-06-28 09:36 - 2018-06-28 09:36 - 000000000 ____D C:\Users\User\Desktop\mbar
- 2018-06-28 09:35 - 2018-06-28 09:35 - 014178840 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.10.3.1001.exe
- 2018-06-28 09:35 - 2018-06-28 09:35 - 014178840 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.10.3.1001 (1).exe
- 2018-06-28 07:55 - 2018-06-28 07:55 - 000013598 _____ C:\Users\User\Desktop\out.txt
- 2018-06-28 07:54 - 2018-06-28 07:54 - 000086016 _____ C:\Users\User\Desktop\injected.exe
- 2018-06-28 07:42 - 2018-06-28 07:51 - 000000000 ____D C:\Users\User\AppData\Roaming\1337
- 2018-06-28 07:42 - 2018-06-28 07:42 - 000133346 _____ C:\Users\User\1A26.tmp.exe
- 2018-06-28 07:42 - 2018-06-28 07:42 - 000112804 _____ C:\Users\User\1A26.tmp.bin.zip
- 2018-06-28 07:41 - 2018-06-29 07:10 - 000000000 ____D C:\Users\User\AppData\Roaming\SATA Monitor
- 2018-06-28 07:38 - 2018-06-28 07:38 - 011654650 _____ C:\Users\User\wwvbmahk.bin.zip
- 2018-06-28 07:27 - 2018-06-28 10:35 - 000000000 ____D C:\Windows\SysWOW64\kqgzitry
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2018-06-29 08:56 - 2016-12-15 07:05 - 000072494 _____ C:\Windows\ZAM.krnl.trace
- 2018-06-29 08:56 - 2016-12-15 07:05 - 000045125 _____ C:\Windows\ZAM_Guard.krnl.trace
- 2018-06-29 08:56 - 2015-05-29 06:09 - 000000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
- 2018-06-29 07:01 - 2015-03-11 06:30 - 000000000 ____D C:\Users\User\Desktop\SystemExplorerPortable_632
- 2018-06-28 12:54 - 2015-03-10 16:03 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
- 2018-06-28 10:57 - 2009-07-13 20:45 - 000023088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2018-06-28 10:57 - 2009-07-13 20:45 - 000023088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2018-06-28 10:53 - 2009-07-13 21:13 - 000781298 _____ C:\Windows\System32\PerfStringBackup.INI
- 2018-06-28 10:53 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
- 2018-06-28 10:49 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
- 2018-06-28 10:37 - 2018-01-25 08:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
- 2018-06-28 10:37 - 2018-01-25 08:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
- 2018-06-28 09:36 - 2015-03-11 08:48 - 000000000 ____D C:\ProgramData\Malwarebytes
- 2018-06-28 08:06 - 2017-03-09 06:00 - 000152184 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
- 2018-06-28 07:54 - 2015-03-11 08:56 - 000000000 ____D C:\Users\User\Documents\Fiddler2
- 2018-06-28 07:41 - 2015-03-11 05:51 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
- 2018-06-28 07:30 - 2015-03-25 14:13 - 000003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427321617
- 2018-06-28 07:30 - 2015-03-25 13:57 - 000000000 ____D C:\Program Files (x86)\Opera
- 2018-05-31 09:32 - 2015-03-11 05:50 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
- 2018-05-31 09:32 - 2015-03-11 05:50 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
- Some files in TEMP:
- ====================
- 2018-06-28 07:42 - 2018-06-28 07:42 - 000133346 _____ () C:\Users\User\AppData\Local\Temp\1A26.tmp.exe
- 2018-06-28 07:26 - 2018-06-28 07:26 - 000101888 _____ () C:\Users\User\AppData\Local\Temp\A159.tmp.exe
- 2018-06-28 07:48 - 2018-06-28 07:48 - 010522026 _____ () C:\Users\User\AppData\Local\Temp\allradio_4.27_portable.exe
- 2018-06-28 07:51 - 2018-01-29 13:25 - 084355072 _____ (Microsoft Inc.) C:\Users\User\AppData\Local\Temp\d3dx11_31.dll
- 2018-06-28 07:41 - 2018-06-28 07:32 - 000087552 _____ () C:\Users\User\AppData\Local\Temp\F1BD.tmp.exe
- 2018-06-28 07:48 - 2018-06-28 07:48 - 000484352 _____ () C:\Users\User\AppData\Local\Temp\lame_enc.dll
- 2012-11-10 10:20 - 2012-11-10 10:20 - 000150600 ____R (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\ose00000.exe
- 2018-06-28 10:46 - 2018-06-28 10:46 - 001334128 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\AppData\Local\Temp\procexp64.exe
- 2018-06-28 07:51 - 2018-06-28 07:51 - 057954715 _____ () C:\Users\User\AppData\Local\Temp\taskm.exe
- ==================== Known DLLs (Whitelisted) =========================
- ==================== Bamital & volsnap ======================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\System32\winlogon.exe => MD5 is legit
- C:\Windows\System32\wininit.exe => MD5 is legit
- C:\Windows\SysWOW64\wininit.exe => MD5 is legit
- C:\Windows\explorer.exe => MD5 is legit
- C:\Windows\SysWOW64\explorer.exe => MD5 is legit
- C:\Windows\System32\svchost.exe => MD5 is legit
- C:\Windows\SysWOW64\svchost.exe => MD5 is legit
- C:\Windows\System32\services.exe => MD5 is legit
- C:\Windows\System32\User32.dll => MD5 is legit
- C:\Windows\SysWOW64\User32.dll => MD5 is legit
- C:\Windows\System32\userinit.exe => MD5 is legit
- C:\Windows\SysWOW64\userinit.exe => MD5 is legit
- C:\Windows\System32\rpcss.dll => MD5 is legit
- C:\Windows\System32\dnsapi.dll => MD5 is legit
- C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
- C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
- ==================== Association (Whitelisted) =============
- ==================== Restore Points =========================
- Restore point date: 2018-06-28 10:59
- ==================== Memory info ===========================
- Percentage of memory in use: 14%
- Total physical RAM: 4095.55 MB
- Available physical RAM: 3495.61 MB
- Total Virtual: 4093.75 MB
- Available Virtual: 3486.57 MB
- ==================== Drives ================================
- Drive c: () (Fixed) (Total:44.9 GB) (Free:15.54 GB) NTFS
- Drive e: (GSP1RMCPRXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
- Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
- Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
- ==================== MBR & Partition Table ==================
- ========================================================
- Disk: 0 (MBR Code: Windows 7/8/10) (Size: 45 GB) (Disk ID: 53B0A5BB)
- Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
- Partition 2: (Not Active) - (Size=44.9 GB) - (Type=07 NTFS)
- LastRegBack: 2018-06-28 08:55
- ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement