Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02 Ran by Alec at 2015-05-18 20:38:24 Run:1 Running from C:\Users\Alec\Desktop Loaded Profiles: Alec (Available profiles: Alec) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: CreateRestorePoint: HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 C:\Program Files\BubbleSound HKU\S-1-5-21-88998690-3935351832-2280324733-1001\...\Winlogon: [Shell] explorer.exe <==== ATTENTION Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-16] ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{b8665b58-716b-4f37-b866-65b587166d61}\hqghumeaylnlf.exe (No File) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-88998690-3935351832-2280324733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-88998690-3935351832-2280324733-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...SP22330TB R3 Neltyjcoa; C:\ProgramData\boostwebapp\1.1.0.31\Neltyjcoa.exe [0 ] () <==== ATTENTION (zero size file/folder) Locked "tammgF119" service could not be unlocked. <===== ATTENTION Locked "tammgR119" service could not be unlocked. <===== ATTENTION R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [37512 2015-05-16] () [File not signed] R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [37000 2015-05-16] () [File not signed] C:\Windows\System32\Drivers\tammgF119.sys C:\Windows\System32\Drivers\tammgR119.sys C:\Program Files (x86)\SuperClick_1.10.0.16 c:\programdata\{151ce7d2-4fd6-63bb-151c-ce7d24fd9f49} C:\ProgramData\boostwebapp C:\ProgramData\NetEngine R2 pikeiisy; "C:\ProgramData\boostwebapp\1.1.0.31\xelajuf.exe" /ts2=1 [X] R2 TordukTiud; "C:\ProgramData\boostwebapp\1.1.0.31\OthkoDaeht.exe" -cmd [X] R2 volbukirog; "C:\ProgramData\boostwebapp\1.1.0.31\xelwjuf.exe" -cms [X] S3 cpuz138; No ImagePath S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X] S3 WinRing0_1_2_0; \??\C:\Users\Alec\AppData\Local\Temp\tmpDA40.tmp [X] 2015-05-17 22:32 - 2015-05-17 22:32 - 00000000 ____D () C:\Users\Alec\Downloads\AVG PC TuneUp 2015 15.0.1001.238 Final Incl. Crack & Key [ATOM] 2015-05-17 16:37 - 2015-05-17 16:37 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\ygovifrb 2015-05-17 16:35 - 2015-05-17 16:35 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\fjyqlzdg 2015-05-17 15:16 - 2015-05-17 15:16 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\uwxznexb 2015-05-17 15:12 - 2015-05-17 15:12 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\hhwfqbyu 2015-05-17 10:04 - 2015-05-17 10:04 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\cpixyfuu 2015-05-16 17:43 - 2015-05-17 10:28 - 00004768 _____ () C:\Windows\SysWOW64\Neltyjcoa.ini 2015-05-16 17:43 - 2015-05-17 10:28 - 00002672 _____ () C:\Windows\SysWOW64\NeltyjcoaOff.ini 2015-05-16 17:43 - 2015-05-17 10:28 - 00002672 _____ () C:\Windows\system32\NeltyjcoaOff.ini 2015-04-17 15:04 - 2015-04-17 15:04 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2015-05-17 14:09 - 2015-05-17 14:09 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\livgvhqf 2015-05-16 17:43 - 2015-05-16 15:19 - 00360448 _____ () C:\Windows\system32\Neltyjcoa64.dll 2015-05-16 17:43 - 2015-05-16 15:18 - 00286720 _____ () C:\Windows\SysWOW64\Neltyjcoa.dll 2015-05-17 10:28 - 2015-05-16 17:43 - 00037512 _____ () C:\Windows\system32\Drivers\tammgF119.sys 2015-05-17 10:28 - 2015-05-16 17:43 - 00037000 _____ () C:\Windows\system32\Drivers\tammgR119.sys 2015-05-16 17:53 - 2015-05-16 17:53 - 00004180 _____ () C:\Windows\System32\Tasks\SuperClick Auto Updater 1.10.0.16 Pending Update 2015-05-16 17:53 - 2015-05-16 17:53 - 00004168 _____ () C:\Windows\System32\Tasks\SuperClick Auto Updater 1.10.0.16 Core 2015-05-16 17:49 - 2015-05-17 17:49 - 00000346 _____ () C:\Windows\Tasks\Bidaily Synchronize Task[pr].job 2015-05-16 17:49 - 2015-05-16 17:49 - 00003256 _____ () C:\Windows\System32\Tasks\Bidaily Synchronize Task[pr] 2015-05-16 21:36 - 2015-05-16 21:36 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\vtpgyygt 2015-05-16 20:09 - 2015-05-16 20:09 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\ltbedhlm 2015-05-16 20:06 - 2015-05-16 20:06 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\petstcug 2015-05-16 20:06 - 2015-05-16 20:06 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\esrtlplj 2015-05-16 19:50 - 2015-05-16 19:50 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\vxsfcnla 2015-05-16 19:48 - 2015-05-16 19:48 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\wirpaume 2015-05-16 18:40 - 2015-05-16 18:40 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\ommqsksp 2015-05-16 18:38 - 2015-05-16 18:38 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\xrmctdcb 2015-05-16 18:10 - 2015-05-16 18:10 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\udneujhi Task: {122E3285-3F15-4566-AB0A-07262B3CBE10} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D10\netengine.exe [2015-05-17] () <==== ATTENTION Task: {A1224D2D-C68A-41EC-9E0F-24A20CECCF04} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{151ce7d2-4fd6-63bb-151c-ce7d24fd9f49}\sevenzip-setup-rx.exe <==== ATTENTION Task: {F5454A50-1237-41AA-86F8-2181AA6747CD} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => %LOCALAPPDATA%\57FD78B7-4A4B-5A45-90A8-F886376DE47C\Runner.exe <==== ATTENTION Task: C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{151ce7d2-4fd6-63bb-151c-ce7d24fd9f49}\sevenzip-setup-rx.exe <==== ATTENTION Task: {9A9EB1B3-65AC-48BE-933C-EBF4B3A89623} - System32\Tasks\SuperClick Auto Updater 1.10.0.16 Pending Update => C:\Program Files (x86)\SuperClick_1.10.0.16\Update\SuperClickAutoUpdateClient.exe AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Neltyjcoa => ""="service" CMD: ipconfig /flushdns hosts: Emptytemp: reboot: end ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallCleanUp => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. C:\Program Files\BubbleSound => Moved successfully. HKU\S-1-5-21-88998690-3935351832-2280324733-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully. C:\ProgramData\{b8665b58-716b-4f37-b866-65b587166d61}\hqghumeaylnlf.exe not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-88998690-3935351832-2280324733-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-88998690-3935351832-2280324733-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. Neltyjcoa => Service stopped successfully. Neltyjcoa => Service deleted successfully. Locked "tammgF119" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry. Locked "tammgR119" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry. tammgF119 => Unable to stop service tammgF119 => Error deleting Service tammgR119 => Unable to stop service tammgR119 => Error deleting Service Could not move "C:\Windows\System32\Drivers\tammgF119.sys" => Scheduled to move on reboot. Could not move "C:\Windows\System32\Drivers\tammgR119.sys" => Scheduled to move on reboot. "C:\Program Files (x86)\SuperClick_1.10.0.16" => File/Directory not found. "c:\programdata\{151ce7d2-4fd6-63bb-151c-ce7d24fd9f49}" => File/Directory not found. "C:\ProgramData\boostwebapp" directory move: Could not move "C:\ProgramData\boostwebapp" directory. => Scheduled to move on reboot. C:\ProgramData\NetEngine => Moved successfully. pikeiisy => Unable to stop service pikeiisy => Service deleted successfully. TordukTiud => Unable to stop service TordukTiud => Service deleted successfully. volbukirog => Unable to stop service volbukirog => Service deleted successfully. cpuz138 => Service deleted successfully. scfd_1_10_0_16 => Service deleted successfully. WinRing0_1_2_0 => Service deleted successfully. C:\Users\Alec\Downloads\AVG PC TuneUp 2015 15.0.1001.238 Final Incl. Crack & Key [ATOM] => Moved successfully. C:\Users\Alec\AppData\Roaming\ygovifrb => Moved successfully. C:\Users\Alec\AppData\Roaming\fjyqlzdg => Moved successfully. C:\Users\Alec\AppData\Roaming\uwxznexb => Moved successfully. C:\Users\Alec\AppData\Roaming\hhwfqbyu => Moved successfully. C:\Users\Alec\AppData\Roaming\cpixyfuu => Moved successfully. C:\Windows\SysWOW64\Neltyjcoa.ini => Moved successfully. C:\Windows\SysWOW64\NeltyjcoaOff.ini => Moved successfully. C:\Windows\system32\NeltyjcoaOff.ini => Moved successfully. C:\Windows\SysWOW64\AI_RecycleBin => Moved successfully. C:\Users\Alec\AppData\Roaming\livgvhqf => Moved successfully. C:\Windows\system32\Neltyjcoa64.dll => Moved successfully. C:\Windows\SysWOW64\Neltyjcoa.dll => Moved successfully. Could not move "C:\Windows\system32\Drivers\tammgF119.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\tammgR119.sys" => Scheduled to move on reboot. C:\Windows\System32\Tasks\SuperClick Auto Updater 1.10.0.16 Pending Update => Moved successfully. C:\Windows\System32\Tasks\SuperClick Auto Updater 1.10.0.16 Core => Moved successfully. C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => Moved successfully. C:\Windows\System32\Tasks\Bidaily Synchronize Task[pr] => Moved successfully. C:\Users\Alec\AppData\Roaming\vtpgyygt => Moved successfully. C:\Users\Alec\AppData\Roaming\ltbedhlm => Moved successfully. C:\Users\Alec\AppData\Roaming\petstcug => Moved successfully. C:\Users\Alec\AppData\Roaming\esrtlplj => Moved successfully. C:\Users\Alec\AppData\Roaming\vxsfcnla => Moved successfully. C:\Users\Alec\AppData\Roaming\wirpaume => Moved successfully. C:\Users\Alec\AppData\Roaming\ommqsksp => Moved successfully. C:\Users\Alec\AppData\Roaming\xrmctdcb => Moved successfully. C:\Users\Alec\AppData\Roaming\udneujhi => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{122E3285-3F15-4566-AB0A-07262B3CBE10}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{122E3285-3F15-4566-AB0A-07262B3CBE10}" => Key deleted successfully. C:\Windows\System32\Tasks\NetEngine => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetEngine" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1224D2D-C68A-41EC-9E0F-24A20CECCF04}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1224D2D-C68A-41EC-9E0F-24A20CECCF04}" => Key deleted successfully. C:\Windows\System32\Tasks\Bidaily Synchronize Task[pr] not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[pr]" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5454A50-1237-41AA-86F8-2181AA6747CD} => Key not found. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Updater for IC => Key not found. C:\Windows\Tasks\Bidaily Synchronize Task[pr].job not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A9EB1B3-65AC-48BE-933C-EBF4B3A89623}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A9EB1B3-65AC-48BE-933C-EBF4B3A89623}" => Key deleted successfully. C:\Windows\System32\Tasks\SuperClick Auto Updater 1.10.0.16 Pending Update not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperClick Auto Updater 1.10.0.16 Pending Update" => Key deleted successfully. C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefire" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Neltyjcoa" => Key deleted successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 621.8 MB temporary data. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-18 20:41:57)<= C:\Windows\System32\Drivers\tammgF119.sys => Is moved successfully. C:\Windows\System32\Drivers\tammgR119.sys => Is moved successfully. C:\ProgramData\boostwebapp => Is moved successfully. C:\Windows\system32\Drivers\tammgF119.sys => Is moved successfully. C:\Windows\system32\Drivers\tammgR119.sys => Is moved successfully. ==== End of Fixlog 20:41:57 ====