Fix result of Farbar Recovery Scan Tool (x64) Version: 09.09.2018
Ran by admin (12-09-2018 16:24:50) Run:2
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Virustotal: C:\Program Files\Microtask\Microtask.exe
VirusTotal: C:\ProgramData\ethrfvdggbvd.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [electron.app.Microtask] => C:\Program Files\Microtask\Microtask.exe
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File]
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [No File]
2018-09-11 18:34 - 2018-09-11 18:42 - 000000000 ____D C:\Program Files (x86)\Sheep
2018-09-11 18:34 - 2018-09-11 18:41 - 000000000 ____D C:\Users\admin\AppData\Roaming\Windows RTL Handler
2018-09-11 18:34 - 2018-09-11 18:34 - 000000000 ____D C:\Users\admin\AppData\Local\AdvinstAnalytics
2018-09-11 18:33 - 2018-09-11 19:24 - 000000000 ____D C:\Windows\SysWOW64\jkuaqtmc
2018-09-11 18:33 - 2018-09-11 18:35 - 000000000 ____D C:\Users\admin\AppData\Local\SharePal
2018-09-11 18:33 - 2018-09-11 18:35 - 000000000 ____D C:\Users\admin\AppData\Local\IIIQF
2018-09-11 18:33 - 2018-09-11 18:33 - 000000116 _____ C:\ProgramData\ythdg.exe
2018-09-11 18:29 - 2018-09-11 18:29 - 000000205 _____ C:\ProgramData\ethrfvdggbvd.exe
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microtask
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Roaming\Cache
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Local\Turbo.net
2018-09-11 18:27 - 2018-09-11 18:35 - 000000000 ____D C:\Program Files\Microtask
2018-08-27 13:38 - 2018-08-27 13:39 - 000000000 ____D C:\Users\admin\Downloads\Adobe Acrobat Pro DC 2018.009.20050 + Pre-Cracked - [CrackzSoft]
2018-09-11 18:29 - 2018-09-11 18:29 - 000000205 _____ () C:\ProgramData\ethrfvdggbvd.exe
2018-09-11 18:33 - 2018-09-11 18:33 - 000000116 _____ () C:\ProgramData\ythdg.exe
2018-07-31 02:02 - 2018-07-31 02:02 - 000008720 _____ () C:\Users\admin\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2018-08-03 11:19 - 2018-08-03 11:19 - 000031096 _____ (Tencent) C:\Users\admin\AppData\Local\Temp\qqsafeud.exe
2018-08-01 19:09 - 2018-08-01 19:09 - 003720312 _____ (Qustodio Technologies) C:\Users\admin\AppData\Local\Temp\qseac.dll
2015-11-10 20:30 - 2015-11-10 20:30 - 000030208 _____ () C:\Users\admin\AppData\Local\Temp\R2RTOOL.dll
ContextMenuHandlers5: [Run] -> {2559A1F3−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
ContextMenuHandlers5: [Search] -> {2559A1F0−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [163]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [376]
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:













*****************

"VirusTotal: C:\Program Files\Microtask\Microtask.exe" => not found
VirusTotal: C:\ProgramData\ethrfvdggbvd.exe => https://www.virustotal.com/file/e4adfd07bed5a85e2b07310201350b9a6d36d14480fc312031d8838bdadfbdf3/analysis/1536749695/
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Microsoft\Windows\CurrentVersion\Run\\electron.app.Microtask" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npchrome" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npqscall" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/TXSSO" => removed successfully
C:\Program Files (x86)\Sheep => moved successfully
C:\Users\admin\AppData\Roaming\Windows RTL Handler => moved successfully
C:\Users\admin\AppData\Local\AdvinstAnalytics => moved successfully
C:\Windows\SysWOW64\jkuaqtmc => moved successfully
C:\Users\admin\AppData\Local\SharePal => moved successfully
C:\Users\admin\AppData\Local\IIIQF => moved successfully
C:\ProgramData\ythdg.exe => moved successfully
C:\ProgramData\ethrfvdggbvd.exe => moved successfully
C:\Users\admin\AppData\Roaming\Microtask => moved successfully
C:\Users\admin\AppData\Roaming\Cache => moved successfully
C:\Users\admin\AppData\Local\Turbo.net => moved successfully
C:\Program Files\Microtask => moved successfully
C:\Users\admin\Downloads\Adobe Acrobat Pro DC 2018.009.20050 + Pre-Cracked - [CrackzSoft] => moved successfully
"C:\ProgramData\ethrfvdggbvd.exe" => not found
"C:\ProgramData\ythdg.exe" => not found
"C:\Users\admin\AppData\Local\Temp\BullseyeCoverage-2-x86.dll" => not found
"C:\Users\admin\AppData\Local\Temp\qqsafeud.exe" => not found
"C:\Users\admin\AppData\Local\Temp\qseac.dll" => not found
"C:\Users\admin\AppData\Local\Temp\R2RTOOL.dll" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Run => not found
HKLM\Software\Classes\CLSID\{2559A1F3−21D7−11D4−BDAF−00C04F60B9F0} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Search => not found
HKLM\Software\Classes\CLSID\{2559A1F0−21D7−11D4−BDAF−00C04F60B9F0} => not found
C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully
C:\ProgramData\TEMP => ":58A5270D" ADS removed successfully
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Classes\regfile => not found

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-RMS-MSIPC/Debug. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 16:25:06 ====