Jump to content

DeskAt

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by DeskAt

  1. Nope, no signs of infection. In fact, it runs even faster than before! Thanks for everything!
  2. Here is the new Threat Scan log: Second Malwarebytes Fixlog.txt
  3. Here are my logs: Malwarebytes: Malwarebytes Fixlog.txt FRST: FRST.txt Addition.txt AdwCleaner: # AdwCleaner 7.0.2.1 - Logfile created on Fri Sep 01 22:52:33 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: scan ***** [ Folders ] ***** Deleted: C:\Users\minek\AppData\LocalLow\IObit\Advanced SystemCare Deleted: C:\ProgramData\BSD\DriverHive Deleted: C:\ProgramData\Application Data\BSD\DriverHive Deleted: C:\Users\All Users\BSD\DriverHive Deleted: C:\Users\minek\AppData\Local\regtool Deleted: C:\ProgramData\DriverUpdatePlus Deleted: C:\ProgramData\Application Data\DriverUpdatePlus Deleted: C:\Users\All Users\DriverUpdatePlus Deleted: C:\ProgramData\BSD\DriverHiveEngine Deleted: C:\ProgramData\Application Data\BSD\DriverHiveEngine Deleted: C:\Users\All Users\BSD\DriverHiveEngine Deleted: C:\Users\minek\AppData\Roaming\TotalAV Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdaterPlus Deleted: C:\Program Files (x86)\DriverUpdaterPlus Deleted: C:\ProgramData\My Web Shield Deleted: C:\ProgramData\Application Data\My Web Shield Deleted: C:\Users\All Users\My Web Shield Deleted: C:\Program Files (x86)\Common Files\PARETOLOGIC Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector Deleted: C:\Program Files (x86)\WinZip Malware Protector Deleted: C:\ProgramData\Nico Mak Computing\WinZip Malware Protector Deleted: C:\ProgramData\Application Data\Nico Mak Computing\WinZip Malware Protector Deleted: C:\Users\All Users\Nico Mak Computing\WinZip Malware Protector Deleted: C:\Users\minek\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector Deleted: C:\ProgramData\bd4c45be ***** [ Files ] ***** Deleted: C:\Windows\\rsrcs.dll Deleted: C:\Windows\SysNative\wsusnative64.exe Deleted: C:\TOSTACK Deleted: C:\Users\minek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanGuard.lnk Deleted: C:\Users\minek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: paretologic registration3 Deleted: Driver Booster Scheduler Deleted: ParetoLogic Registration3 Deleted: WinZip Malware Protector_startup Deleted: WinZip Malware Protector_ipm Deleted: WinZip Malware Protector_startup ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\ParetoLogic Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\ParetoLogic Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\ParetoLogic Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\ParetoLogic Deleted: [Key] - HKCU\Software\ParetoLogic Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{94915A56-4D71-4F85-B59C-CC040F5AC6F0} Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\87BC562E4C903254282D9225FA1226A0 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\87BC562E4C903254282D9225FA1226A0 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Interstat Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Interstat Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Interstat Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BestCleaner Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Spoutly.exe Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Spoutly.exe Deleted: [Value] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Spoutly.exe Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CacheBoost Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Deleted: [Key] - HKLM\SOFTWARE\SrcAAAesom Browser Enhancer Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKLM\SOFTWARE\Reimage Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted: [Key] - HKLM\SOFTWARE\BSD Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\BSD Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\BSD Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\BSD Deleted: [Key] - HKCU\Software\BSD Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1 Deleted: [Key] - HKLM\SOFTWARE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKCU\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Speedbit Technology Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Speedbit Technology Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Speedbit Technology Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Speedbit Technology Deleted: [Key] - HKCU\Software\Speedbit Technology Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154513611\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKU\S-1-5-21-1372847718-213422670-1931791714-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017154530305\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Malware Protector_ipm Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Malware Protector_startup ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [11523 B] - [2017/9/1 22:51:2] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
  4. Here is my fix log. By the way, the fix list solved my keyboard issue. Fixlog.txt Thanks
  5. Here is my fix log, and I'll get to uninstalling all my extra antivirus software. Fixlog.txt
  6. Unfortunately I could not run neither Malwarebytes nor AdwCleaner. However, I do have my Farber Recovery Scan Tool logs. Thanks, FRST.txt Addition.txt
  7. Quick question: Is Recovery Mode the same as Safe Mode or do I run FRST in the Recovery Environment Command Prompt? Thanks
  8. Thank you for such a speedy reply! Unfortunately this did not work. When I got to the scan section, I clicked scan and a popup opened saying the "DDA Driver is not active.Scan can't continue."
  9. I can't open most anti-virus software, and those that open either require money cleanup or don't solve the rootkit issue. The worst part of the infection is that I can't use my physical keyboard. I am willing to try any method. I installed FRST at the start of the infection. Here is my scan log: FRST.txt EDIT: Additional scan information. Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.