DeskAt
Members-
Posts
14 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by DeskAt
-
Nope, no signs of infection. In fact, it runs even faster than before! Thanks for everything!
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
Here is the new Threat Scan log: Second Malwarebytes Fixlog.txt
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
Here are my logs: Malwarebytes: Malwarebytes Fixlog.txt FRST: FRST.txt Addition.txt AdwCleaner: # AdwCleaner 7.0.2.1 - Logfile created on Fri Sep 01 22:52:33 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: scan ***** [ Folders ] ***** Deleted: C:\Users\minek\AppData\LocalLow\IObit\Advanced SystemCare Deleted: C:\ProgramData\BSD\DriverHive Deleted: C:\ProgramData\Application Data\BSD\DriverHive Deleted: C:\Users\All Users\BSD\DriverHive Deleted: C:\Users\minek\AppData\Local\regtool Deleted: C:\ProgramData\DriverUpdatePlus Deleted: C:\ProgramData\Application Data\DriverUpdatePlus Deleted: C:\Users\All Users\DriverUpdatePlus Deleted: C:\ProgramData\BSD\DriverHiveEngine Deleted: C:\ProgramData\Application Data\BSD\DriverHiveEngine Deleted: C:\Users\All Users\BSD\DriverHiveEngine Deleted: C:\Users\minek\AppData\Roaming\TotalAV Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdaterPlus Deleted: C:\Program Files (x86)\DriverUpdaterPlus Deleted: C:\ProgramData\My Web Shield Deleted: C:\ProgramData\Application Data\My Web Shield Deleted: C:\Users\All Users\My Web Shield Deleted: C:\Program Files (x86)\Common Files\PARETOLOGIC Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector Deleted: C:\Program Files (x86)\WinZip Malware Protector Deleted: C:\ProgramData\Nico Mak Computing\WinZip Malware Protector Deleted: C:\ProgramData\Application Data\Nico Mak Computing\WinZip Malware Protector Deleted: C:\Users\All Users\Nico Mak Computing\WinZip Malware Protector Deleted: C:\Users\minek\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector Deleted: C:\ProgramData\bd4c45be ***** [ Files ] ***** Deleted: C:\Windows\\rsrcs.dll Deleted: C:\Windows\SysNative\wsusnative64.exe Deleted: C:\TOSTACK Deleted: C:\Users\minek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanGuard.lnk Deleted: C:\Users\minek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: paretologic registration3 Deleted: Driver Booster Scheduler Deleted: ParetoLogic Registration3 Deleted: WinZip Malware Protector_startup Deleted: WinZip Malware Protector_ipm Deleted: WinZip Malware Protector_startup ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\ParetoLogic Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\ParetoLogic Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\ParetoLogic Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\ParetoLogic Deleted: [Key] - HKCU\Software\ParetoLogic Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{94915A56-4D71-4F85-B59C-CC040F5AC6F0} Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\87BC562E4C903254282D9225FA1226A0 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\87BC562E4C903254282D9225FA1226A0 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Interstat Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Interstat Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Interstat Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BestCleaner Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Spoutly.exe Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Spoutly.exe Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Spoutly.exe Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CacheBoost Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Deleted: [Key] - HKLM\SOFTWARE\SrcAAAesom Browser Enhancer Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKLM\SOFTWARE\Reimage Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted: [Key] - HKLM\SOFTWARE\BSD Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\BSD Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\BSD Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\BSD Deleted: [Key] - HKCU\Software\BSD Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1 Deleted: [Key] - HKLM\SOFTWARE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKCU\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Speedbit Technology Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Speedbit Technology Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Speedbit Technology Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Speedbit Technology Deleted: [Key] - HKCU\Software\Speedbit Technology Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Malware Protector_ipm Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Malware Protector_startup ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [11523 B] - [2017/9/1 22:51:2] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
Here is my fix log. By the way, the fix list solved my keyboard issue. Fixlog.txt Thanks
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
Here is my fix log, and I'll get to uninstalling all my extra antivirus software. Fixlog.txt
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
Sorry for that. Here: FRST.txt Addition.txt
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
Unfortunately I could not run neither Malwarebytes nor AdwCleaner. However, I do have my Farber Recovery Scan Tool logs. Thanks, FRST.txt Addition.txt
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
I successfully ran the file in Normal Mode.
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
Quick question: Is Recovery Mode the same as Safe Mode or do I run FRST in the Recovery Environment Command Prompt? Thanks
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
Thank you for such a speedy reply! Unfortunately this did not work. When I got to the scan section, I clicked scan and a popup opened saying the "DDA Driver is not active.Scan can't continue."
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with:
-
I can't open most anti-virus software, and those that open either require money cleanup or don't solve the rootkit issue. The worst part of the infection is that I can't use my physical keyboard. I am willing to try any method. I installed FRST at the start of the infection. Here is my scan log: FRST.txt EDIT: Additional scan information. Addition.txt
- 28 replies
-
- trojan
- smartservice
-
(and 1 more)
Tagged with: