Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017 Ran by stvdd (20-05-2017 01:12:57) Run:1 Running from C:\Users\stvdd\Downloads Loaded Profiles: stvdd (Available Profiles: stvdd & Admin & Ward B) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\...\Run: [AdobeBridge] => [X] HKLM\...\Providers\jkyb6cri: C:\Program Files (x86)\Zerbas Host\local64spl.dll [307200 2017-03-27] () IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe ShellExecuteHooks: No Name - {2CED3980-0D60-11E7-89DE-64006A5CFC23} - C:\Users\stvdd\AppData\Roaming\Cocussajuge\Bezdomduray.dll -> No File GroupPolicy: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms} HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F SearchScopes: HKU\S-1-5-21-3221389058-4040619027-2354313775-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms} SearchScopes: HKU\S-1-5-21-3221389058-4040619027-2354313775-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms} CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/","hxxp://www.istartsurf.com/?type=hp&ts=1434726208&z=60811b67a1c36f64155b899gfz3c3zam7o8q7odg4o&from=cor&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F","hxxp://www.youndoo.com/?z=13267bafb40d7dcf9f28271g5zet8e7w1q6bbw4m0m&from=amz&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&type=hp","hxxp://www.startpageing123.com/?type=hp&ts=1490960581&z=7df98778fb1113e0be6ca2fg7zbt1e9t1qee4w7baz&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F","hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms} CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites CHR Profile: C:\Users\stvdd\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-19] <==== ATTENTION HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Footjane\Application\chrome.exe (Google Inc.) <==== ATTENTION R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-17] (BIT) [File not signed] <==== ATTENTION S2 CWASRE; C:\Users\stvdd\AppData\Local\CWASRE\Snare.dll [828416 2017-05-17] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION S2 DoeyeSU; C:\Users\stvdd\AppData\Local\Temp\9\wfjs.exe [115616 2017-04-25] (????????????) <==== ATTENTION R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [95232 2017-05-17] () [File not signed] <==== ATTENTION R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10316368 2015-12-02] () [File not signed] R2 WinSAPSvc; C:\Users\stvdd\AppData\Roaming\WinSAPSvc\WinSAP.dll [1873920 2017-05-17] (TODO: ) [File not signed] <==== ATTENTION S2 YeshatSU; C:\Windows\TEMP\hp8263.tmp\ttff.exe [71152 2016-10-11] (Synacast) S2 DohatSU; "C:\Users\stvdd\AppData\Local\Temp\6\amp.exe" /i [X] <==== ATTENTION R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participa��es Ltda) <==== ATTENTION S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participa��es Ltda) <==== ATTENTION R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participa��es Ltda) <==== ATTENTION R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participa��es Ltda) <==== ATTENTION R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participa��es Ltda) <==== ATTENTION R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participa��es Ltda) <==== ATTENTION S3 dbx; system32\DRIVERS\dbx.sys [X] 2017-05-17 11:30 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participa��es Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys 2017-05-17 11:30 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participa��es Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys C:\Users\stvdd\AppData\Roaming\WinSAPSvc C:\Reaqapytegupy C:\Alitkojck C:\Program Files (x86)\Footjane C:\Program Files (x86)\Zerbas Host HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\...\ChromeHTML: -> C:\Program Files (x86)\Footjane\Application\chrome.exe (Google Inc.) <==== ATTENTION Task: {74617B41-2319-452B-BEDE-F9B95D2B4038} - System32\Tasks\Zerbas Host => C:\Program Files (x86)\Coepageatovry\xchercers.exe [2017-03-27] (Glarysoft Ltd) Task: {9E7F1F9F-F51A-4D10-8D34-559C35B38501} - \WPD\SqmUpload_S-1-5-21-3221389058-4040619027-2354313775-1001 -> No File <==== ATTENTION Task: {C89EB585-F412-4E54-A7AF-DE78E63D567C} - \Optimize Start Menu Cache Files-S-1-5-21-3221389058-4040619027-2354313775-1001 -> No File <==== ATTENTION Task: {D5695712-C6F7-4259-9A8F-6DB7E4A66905} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-17] () <==== ATTENTION ShortcutWithArgument: C:\Users\stvdd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F ShortcutWithArgument: C:\Users\stvdd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F ShortcutWithArgument: C:\Users\stvdd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F Hosts: Reboot: end ***************** Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\jkyb6cri => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order jkyb6cri => removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdate.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdaterService.exe => key removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{2CED3980-0D60-11E7-89DE-64006A5CFC23} => value removed successfully HKCR\CLSID\{2CED3980-0D60-11E7-89DE-64006A5CFC23} => key not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. Chrome StartupUrls => removed successfully Chrome DefaultSearchURL => removed successfully Chrome DefaultSearchKeyword => removed successfully C:\Users\stvdd\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => key removed successfully BIT => Unable to stop service. HKLM\System\CurrentControlSet\Services\BIT => key removed successfully BIT => service removed successfully CWASRE => Unable to stop service. HKLM\System\CurrentControlSet\Services\CWASRE => key removed successfully CWASRE => service removed successfully HKLM\System\CurrentControlSet\Services\DoeyeSU => key removed successfully DoeyeSU => service removed successfully FirefoxU => service not found. gramblrclient => Unable to stop service. HKLM\System\CurrentControlSet\Services\gramblrclient => key removed successfully gramblrclient => service removed successfully WinSAPSvc => Unable to stop service. HKLM\System\CurrentControlSet\Services\WinSAPSvc => key removed successfully WinSAPSvc => service removed successfully HKLM\System\CurrentControlSet\Services\YeshatSU => key removed successfully YeshatSU => service removed successfully HKLM\System\CurrentControlSet\Services\DohatSU => key removed successfully DohatSU => service removed successfully iSafeKrnl => service not found. iSafeKrnlBoot => service not found. iSafeKrnlKit => service not found. HKLM\System\CurrentControlSet\Services\iSafeKrnlMon => key removed successfully iSafeKrnlMon => service removed successfully iSafeKrnlR3 => service not found. iSafeNetFilter => service not found. HKLM\System\CurrentControlSet\Services\dbx => key removed successfully dbx => service removed successfully C:\Windows\system32\Drivers\iSafeKrnlBoot.sys => moved successfully C:\Windows\system32\Drivers\iSafeNetFilter.sys => moved successfully C:\Users\stvdd\AppData\Roaming\WinSAPSvc => moved successfully C:\Reaqapytegupy => moved successfully C:\Alitkojck => moved successfully C:\Program Files (x86)\Footjane => moved successfully C:\Program Files (x86)\Zerbas Host => moved successfully HKU\S-1-5-21-3221389058-4040619027-2354313775-1002_Classes\ChromeHTML => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74617B41-2319-452B-BEDE-F9B95D2B4038} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74617B41-2319-452B-BEDE-F9B95D2B4038} => key removed successfully C:\Windows\System32\Tasks\Zerbas Host => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Zerbas Host => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E7F1F9F-F51A-4D10-8D34-559C35B38501} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E7F1F9F-F51A-4D10-8D34-559C35B38501} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3221389058-4040619027-2354313775-1001 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C89EB585-F412-4E54-A7AF-DE78E63D567C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C89EB585-F412-4E54-A7AF-DE78E63D567C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3221389058-4040619027-2354313775-1001 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5695712-C6F7-4259-9A8F-6DB7E4A66905} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5695712-C6F7-4259-9A8F-6DB7E4A66905} => key removed successfully C:\Windows\System32\Tasks\Milimili => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => key removed successfully C:\Users\stvdd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully. C:\Users\stvdd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully. C:\Users\stvdd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. The system needed a reboot. ==== End of Fixlog 01:13:28 ====