Jump to content

ShashankJakhmola

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Posts posted by ShashankJakhmola

    g6FDD.tmp.exe disk consumption

    in Resolved Malware Removal Logs

    Posted

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.3 (04.10.2017)
    Operating System: Windows 10 Pro x64
    Ran by SHANK (Administrator) on 11-07-2017 at 11:34:42.19
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     


    File System: 5

    Successfully deleted: C:\ai_recyclebin (Folder)
    Successfully deleted: C:\ProgramData\productdata (Folder)
    Successfully deleted: C:\Users\SHANK\AppData\Roaming\productdata (Folder)
    Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator (Task)
    Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job (Task)

    Deleted the following from C:\Users\SHANK\AppData\Roaming\Mozilla\Firefox\Profiles\2mh0mued.default-1494169835761\prefs.js
    user_pref(browser.urlbar.suggest.searches, true);

     

    Registry: 0

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11-07-2017 at 11:37:09.31
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    g6FDD.tmp.exe disk consumption

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v6.047 - Logfile created 11/07/2017 at 11:29:46
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-07-10.1 [Server]
    # Operating System : Windows 10 Pro  (X64)
    # Username : SHANK - PC
    # Running from : C:\Users\SHANK\Downloads\Programs\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support

     

    ***** [ Services ] *****

     

    ***** [ Folders ] *****

    [-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader


    ***** [ Files ] *****

     

    ***** [ DLL ] *****

     

    ***** [ WMI ] *****

     

    ***** [ Shortcuts ] *****

     

    ***** [ Scheduled Tasks ] *****

     

    ***** [ Registry ] *****

    [-] Key deleted: [x64] HKLM\SOFTWARE\Reimage


    ***** [ Web browsers ] *****

    [-] [C:\Users\SHANK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [4635 Bytes] - [26/04/2017 12:06:40]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1117 Bytes] - [11/07/2017 11:29:46]
    C:\AdwCleaner\AdwCleaner[S0].txt - [4456 Bytes] - [26/04/2017 12:06:02]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1664 Bytes] - [11/07/2017 11:29:01]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1336 Bytes] ##########

     

    g6FDD.tmp.exe disk consumption

    in Resolved Malware Removal Logs

    Posted

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 7/10/17
    Scan Time: 3:14 PM
    Log File:
    Administrator: Yes

    -Software Information-
    Version: 3.1.2.1733
    Components Version: 1.0.160
    Update Package Version: 1.0.2330
    License: Trial

    -System Information-
    OS: Windows 10 (Build 10240.16384)
    CPU: x64
    File System: NTFS
    User: PC\SHANK

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 434624
    Threats Detected: 115
    Threats Quarantined: 115
    Time Elapsed: 11 min, 54 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 110
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1088], [327205],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [1088], [327206],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Quarantined, [6315], [406765],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Quarantined, [6315], [406766],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Quarantined, [6315], [406767],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Quarantined, [6315], [406768],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Quarantined, [6315], [406769],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Quarantined, [6315], [406770],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Quarantined, [6315], [406773],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Quarantined, [6315], [406774],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Quarantined, [6315], [406775],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Quarantined, [6315], [406778],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Quarantined, [6315], [406779],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Quarantined, [6315], [406781],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Quarantined, [6315], [406788],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Quarantined, [6315], [406787],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Quarantined, [6315], [406783],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Quarantined, [6315], [406784],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Quarantined, [6315], [406789],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Quarantined, [6315], [406823],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Quarantined, [6315], [406822],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Quarantined, [6315], [406790],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Quarantined, [6315], [406791],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Quarantined, [6315], [406792],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Quarantined, [6315], [406793],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Quarantined, [6315], [406821],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Quarantined, [6315], [406806],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Quarantined, [6315], [406807],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Quarantined, [6315], [406812],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Quarantined, [6315], [406811],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Quarantined, [6315], [406810],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Quarantined, [6315], [406809],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Quarantined, [6315], [406804],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Quarantined, [6315], [406805],1.0.2330
    PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\Reimage, Quarantined, [1088], [357494],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Quarantined, [6315], [406803],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Quarantined, [6315], [406802],1.0.2330
    PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [1088], [327203],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Quarantined, [6315], [406801],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Quarantined, [6315], [406799],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Quarantined, [6315], [406798],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Quarantined, [6315], [406797],1.0.2330
    PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1088], [327204],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Quarantined, [6315], [406796],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Quarantined, [6315], [406765],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Quarantined, [6315], [406795],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Quarantined, [6315], [406766],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Quarantined, [6315], [406786],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Quarantined, [6315], [406767],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Quarantined, [6315], [406785],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Quarantined, [6315], [406768],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Quarantined, [6315], [406777],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Quarantined, [6315], [406769],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Quarantined, [6315], [406770],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Quarantined, [6315], [406773],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Quarantined, [6315], [406774],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Quarantined, [6315], [406775],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Quarantined, [6315], [406778],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Quarantined, [6315], [406779],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Quarantined, [6315], [406781],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Quarantined, [6315], [406788],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Quarantined, [6315], [406787],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Quarantined, [6315], [406783],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Quarantined, [6315], [406784],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Quarantined, [6315], [406789],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Quarantined, [6315], [406823],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Quarantined, [6315], [406822],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Quarantined, [6315], [406790],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Quarantined, [6315], [406791],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Quarantined, [6315], [406792],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Quarantined, [6315], [406793],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Quarantined, [6315], [406821],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Quarantined, [6315], [406806],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Quarantined, [6315], [406807],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Quarantined, [6315], [406812],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Quarantined, [6315], [406811],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Quarantined, [6315], [406810],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Quarantined, [6315], [406809],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Quarantined, [6315], [406804],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Quarantined, [6315], [406805],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Quarantined, [6315], [406803],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Quarantined, [6315], [406802],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Quarantined, [6315], [406801],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Quarantined, [6315], [406799],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Quarantined, [6315], [406798],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Quarantined, [6315], [406797],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Quarantined, [6315], [406796],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Quarantined, [6315], [406795],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Quarantined, [6315], [406786],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Quarantined, [6315], [406785],1.0.2330
    PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Quarantined, [6315], [406777],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarantined, [1088], [336077],1.0.2330
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2330

    Registry Value: 1
    PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1088], [327204],1.0.2330

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 4
    PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.6\STANDALONEPHASE1.DAT, Quarantined, [592], [393793],1.0.2330
    PUP.Optional.Reimage, C:\USERS\SHANK\APPDATA\LOCAL\TEMP\REIMAGE.LOG, Quarantined, [1088], [334717],1.0.2330
    PUP.Optional.Reimage, C:\USERS\SHANK\APPDATA\LOCAL\TEMP\REIMAGEPACKAGE.EXE, Quarantined, [1088], [331559],1.0.2330
    PUP.Optional.Reimage, C:\WINDOWS\REIMAGE.INI, Quarantined, [1088], [412667],1.0.2330

    Physical Sector: 0
    (No malicious items detected)


    (end)

    g6FDD.tmp.exe disk consumption

    in Resolved Malware Removal Logs

    Posted · Edited by ShashankJakhmola

    Malwarebytes Anti-Rootkit BETA 1.9.3.1001
    www.malwarebytes.org

    Database version:
      main:    v2017.07.05.05
      rootkit: v2017.05.27.01

    Windows 10 x64 NTFS
    Internet Explorer 11.0.10240.16384
    SHANK :: PC [administrator]

    05-07-2017 17:53:50
    mbar-log-2017-07-05 (17-53-50).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 353956
    Time elapsed: 19 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 14
    HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.Wdfload) -> Delete on reboot. [beeb342ebbee93a3a18a81a67f81a35d]
    HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.Wdfload) -> Delete on reboot. [00a9a2c0941587afbb61e73ba15f7090]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C} (Trojan.Agent.Generic) -> Delete on reboot. [d7d2a1c101a8bb7ba43fc974956c9e62]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420} (Trojan.Agent.Generic) -> Delete on reboot. [2287a3bf9712dc5a5cab81264fb205fb]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA} (Trojan.Agent.Generic) -> Delete on reboot. [387121416d3c2d09dc2b2285926ff808]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C} (Trojan.Agent.Generic) -> Delete on reboot. [8425481a4f5a999db92a0439cc35a15f]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966} (Trojan.Agent.Generic) -> Delete on reboot. [5b4e1f432584ef479926af67e21f8f71]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775 (Trojan.Agent.Generic) -> Delete on reboot. [67424e14c0e964d27fb406364fb2e719]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775-dll (Trojan.Agent.Generic) -> Delete on reboot. [4069c89aa4052610d072347209f847b9]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910 (Trojan.Agent.Generic) -> Delete on reboot. [a207085abbee0630d95a380421e0669a]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910-dll (Trojan.Agent.Generic) -> Delete on reboot. [2089dc86c3e61620a79bebbba75af907]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\5L4294g9684X604 (Trojan.Agent.Generic) -> Delete on reboot. [f0b91b472188280ec6fec155bd44b050]
    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.Wdfload) -> Delete on reboot. [6544e1816247c274929933f48f71837d]
    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.Wdfload) -> Delete on reboot. [b5f472f0aaff5bdb78a45bc72cd453ad]

    Registry Values Detected: 5
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C}|Path (Trojan.Agent.Generic) -> Data: \51L8028a6987u910 -> Delete on reboot. [d7d2a1c101a8bb7ba43fc974956c9e62]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420}|Path (Trojan.Agent.Generic) -> Data: \39L8356g1037X775-dll -> Delete on reboot. [2287a3bf9712dc5a5cab81264fb205fb]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA}|Path (Trojan.Agent.Generic) -> Data: \51L8028a6987u910-dll -> Delete on reboot. [387121416d3c2d09dc2b2285926ff808]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C}|Path (Trojan.Agent.Generic) -> Data: \39L8356g1037X775 -> Delete on reboot. [8425481a4f5a999db92a0439cc35a15f]
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966}|Path (Trojan.Agent.Generic) -> Data: \5L4294g9684X604 -> Delete on reboot. [5b4e1f432584ef479926af67e21f8f71]

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 10
    C:\Program Files\Wevice a Art Home Simulator\Wevice a Art Home Simulator.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [a7027ce6525749ed21e423e947bb07f9]
    C:\Program Files (x86)\Bandicam\Bandicam Universal Crack.exe (RiskWare.Tool.HCK) -> Delete on reboot. [1f8a0c565356d85e56eab7947f820000]
    C:\ProgramData\39L8356g1037X775\39L8356g1037X775.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [703992d06247c76fcc91338a21e02bd5]
    C:\ProgramData\51L8028a6987u910\51L8028a6987u910.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [3178570b5950d46274e9873618e9b64a]
    C:\ProgramData\5L4294g9684X604\5L4294g9684X604.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [04a573ef2a7f171f65f8e9d4af5221df]
    C:\Windows\System32\Tasks\5L4294G9684X604 (Trojan.Agent.Generic) -> Delete on reboot. [9f0acf933277e94d309b46d09b6616ea]
    C:\Windows\System32\Tasks\39L8356G1037X775 (Trojan.Agent.Generic) -> Delete on reboot. [5d4cbfa37f2a6ec837f57cc14db4758b]
    C:\Windows\System32\Tasks\51L8028A6987U910 (Trojan.Agent.Generic) -> Delete on reboot. [00a900623673fb3b89a37ebf46bb1ae6]
    C:\Windows\System32\Tasks\39L8356G1037X775-DLL (Trojan.Agent.Generic) -> Delete on reboot. [cddce57dd8d152e4194b6a3c847dbe42]
    C:\Windows\System32\Tasks\51L8028A6987U910-DLL (Trojan.Agent.Generic) -> Delete on reboot. [1c8d8dd524851b1bd4905155eb164cb4]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.3.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 10.0.9200 Windows 10 x64

    Account is Administrative

    Internet Explorer version: 11.0.10240.16384

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, S:\ DRIVE_FIXED
    CPU speed: 3.100000 GHz
    Memory total: 4244598784, free: 2259517440

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.3.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 10.0.9200 Windows 10 x64

    Account is Administrative

    Internet Explorer version: 11.0.10240.16384

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, S:\ DRIVE_FIXED
    CPU speed: 3.100000 GHz
    Memory total: 4244598784, free: 2325258240

    Downloaded database version: v2017.07.05.05
    =======================================


    Downloaded database version: v2017.05.27.01
    Downloaded database version: v2017.06.16.01
    =======================================
    Initializing...
    Driver version: 0.3.0.4
    ------------ Kernel report ------------
         07/05/2017 17:53:40
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\werkernel.sys
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\System32\drivers\cmimcext.sys
    \SystemRoot\System32\drivers\ntosext.sys
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\System32\drivers\FLTMGR.SYS
    \SystemRoot\System32\drivers\ksecdd.sys
    \SystemRoot\System32\drivers\clipsp.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\WindowsTrustedRT.sys
    \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\system32\drivers\CEA.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\pciide.sys
    \SystemRoot\System32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\atapi.sys
    \SystemRoot\System32\drivers\ataport.SYS
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Wof.sys
    \SystemRoot\system32\drivers\WdFilter.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\NTFS.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\drivers\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\system32\drivers\filecrypt.sys
    \SystemRoot\system32\drivers\tbs.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\drivers\vwififlt.sys
    \SystemRoot\System32\drivers\pacer.sys
    \SystemRoot\system32\drivers\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\SCDEmu.SYS
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\gpuenergydrv.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ahcache.sys
    \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
    \SystemRoot\System32\drivers\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\System32\drivers\portcls.sys
    \SystemRoot\System32\drivers\drmk.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\TeeDriverW8x64.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\drivers\nvvhci.sys
    \SystemRoot\System32\drivers\NdisVirtualBus.sys
    \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\USBD.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\viahduaa.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\drivers\xusb22.sys
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\drivers\kbdhid.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\win32kfull.sys
    \SystemRoot\System32\win32kbase.sys
    \SystemRoot\System32\drivers\dxgmms2.sys
    \SystemRoot\System32\drivers\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\storqosflt.sys
    \SystemRoot\system32\drivers\mslldp.sys
    \SystemRoot\system32\drivers\rspndr.sys
    \SystemRoot\system32\drivers\lltdio.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\system32\drivers\mmcss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\idmwfp.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\System32\drivers\rdpvideominiport.sys
    \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65B6AD42-5A92-437A-B4C9-67E044A91F53}\MpKsl4bb12f56.sys
    \SystemRoot\System32\drivers\mouhid.sys
    \SystemRoot\system32\Drivers\WdNisDrv.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\drivers\usb8023x.sys
    \SystemRoot\System32\drivers\RNDISMPX.SYS
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    ----------- End -----------
    Done!

    Scan started
    Database versions:
      main:    v2017.07.05.05
      rootkit: v2017.05.27.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffe001f2bbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe001f2bbd7d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe001f2bbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe001f259c060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-6\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 7B365392

    Partition information:

        Partition 0 type is Other (0xb)
        Partition is NOT ACTIVE.
        Partition starts at LBA: 2048  Numsec = 204800
        Partition is bootable
        Partition file system is FAT32

        Partition 1 type is Primary (0x7)
        Partition is ACTIVE.
        Partition starts at LBA: 206848  Numsec = 204593152
        Partition is bootable
        Partition file system is NTFS

        Partition 2 type is Extended with LBA (0xf)
        Partition is NOT ACTIVE.
        Partition starts at LBA: 204800001  Numsec = 1748719615
        Partition is not bootable

        Partition 3 type is Empty (0x0)
        Partition is NOT ACTIVE.
        Partition starts at LBA: 0  Numsec = 0
        Partition is not bootable

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Infected: C:\Program Files\Wevice a Art Home Simulator\Wevice a Art Home Simulator.dll --> [Trojan.Wdfload.Generic]
    Infected: C:\Program Files (x86)\Bandicam\Bandicam Universal Crack.exe --> [RiskWare.Tool.HCK]
    File "C:\Users\SHANK\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
    File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
    Infected: C:\ProgramData\39L8356g1037X775\39L8356g1037X775.dll --> [Trojan.Wdfload.Generic]
    Infected: C:\ProgramData\51L8028a6987u910\51L8028a6987u910.dll --> [Trojan.Wdfload.Generic]
    Infected: C:\ProgramData\5L4294g9684X604\5L4294g9684X604.dll --> [Trojan.Wdfload.Generic]
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23CD51F3B93912CFF307FF5B56DB1BF80F438E70.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23CD51F3B93912CFF307FF5B56DB1BF80F438E70.bin.7C" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23CD51F3B93912CFF307FF5B56DB1BF80F438E70.bin.83" is compressed (flags = 1)
    Infected: C:\Windows\System32\Tasks\5L4294G9684X604 --> [Trojan.Agent.Generic]
    Infected: C:\Windows\System32\Tasks\39L8356G1037X775 --> [Trojan.Agent.Generic]
    Infected: C:\Windows\System32\Tasks\51L8028A6987U910 --> [Trojan.Agent.Generic]
    Infected: C:\Windows\System32\Tasks\39L8356G1037X775-DLL --> [Trojan.Agent.Generic]
    Infected: C:\Windows\System32\Tasks\51L8028A6987U910-DLL --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.Wdfload]
    Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.Wdfload]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C}|Path --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C} --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420}|Path --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420} --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA}|Path --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA} --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C}|Path --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C} --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966}|Path --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966} --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775 --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775-dll --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910 --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910-dll --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\5L4294g9684X604 --> [Trojan.Agent.Generic]
    Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.Wdfload]
    Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.Wdfload]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================

     

     

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.