Jump to content

Ebaez12

Honorary Members
 View Profile  See their activity

  • Posts

    60

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ebaez12
    Awesome, Kevin I cant thank you Enough from the bottom of my heart for all of your patience and help. Lookout for a little token of my appreciation in your PP account in the Next few days. You Rock!
  2. Ebaez12
    Awesome one question, as a precaution, should I use My Norton AV or just stick with Windows Defender?
  3. Ebaez12
    check it out FRST.txt
  4. Ebaez12
    Oh ok np gimme a sec
  5. Ebaez12
    I did and posted the logs above in post 91
  6. Ebaez12
    No erratic behavior yet. My norton did protect me from a threat and removed it. That Sophos virus removal found one also as u may have seen on the log. Malwarebytes doesn’t show anything. I will run Malwarebytes one more time to ensure cleanliness and run my norton AV.
  7. Ebaez12
    No erratic behavior yet. My norton did protect me from a threat and removed it. That Sophos virus removal found one also as u may have seen on the log. Malwarebytes doesn’t show anything. I will run Malwarebytes one more time to ensure cleanliness and run my norton AV.
  8. Ebaez12
    Here are the logs: Fix result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017 Ran by Erick L Jefe (08-12-2017 12:08:49) Run:6 Running from C:\Users\Erick L Jefe\Desktop\New folder Loaded Profiles: Erick L Jefe (Available Profiles: Erick L Jefe) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\muzwg S4 dkspqk; C:\Windows\System32\drivers\xjbxhm.sys [79064 2017-12-07] (Malwarebytes) C:\Windows\System32\drivers\xjbxhm.sys S4 fhlvrqs; C:\Windows\System32\drivers\ejed.sys [79064 2017-12-06] (Malwarebytes) C:\Windows\System32\drivers\ejed.sys S4 tqswgmlv; C:\Windows\System32\drivers\qogpht.sys C:\Windows\System32\drivers\qogpht.sys U0 muzwg; C:\Wi\ndowssystem32\drivers\exbdhknr.sys [X] 2017-12-06 16:26 - 2017-09-29 08:42 - 000040448 _____ (Microsoft Corporation) C:\Users\Erick L Jefe\AppData\Local\Temp\19611.exe 2017-12-06 16:32 - 2017-09-29 08:42 - 000040448 _____ (Microsoft Corporation) C:\Users\Erick L Jefe\AppData\Local\Temp\20868.exe 2017-12-06 16:41 - 2017-09-29 08:42 - 000040448 _____ (Microsoft Corporation) C:\Users\Erick L Jefe\AppData\Local\Temp\22648.exe 2017-12-06 20:41 - 2017-09-29 08:42 - 000040448 _____ (Microsoft Corporation) C:\Users\Erick L Jefe\AppData\Local\Temp\4149.exe Task: {CD63B593-E363-4D76-BE12-BC0B8ACEA07C} - \DefenderUpdate -> No File <==== ATTENTION Shortcut: C:\Users\Erick L Jefe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Еxрlorer.lnk -> C:\Users\Erick L Jefe\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic Shortcut: C:\Users\Erick L Jefe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Chrоme.lnk -> C:\Users\Erick L Jefe\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Chrоme.lnk -> C:\Users\Erick L Jefe\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic Shortcut: C:\Users\Public\Desktop\Gооglе Chrоme.lnk -> C:\Users\Erick L Jefe\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic Shortcut: C:\Users\Public\Desktop\Аеrоsоft Lаuncher.lnk -> C:\Users\Erick L Jefe\AppData\Roaming\Browsers\exe.rehcnualtfosorea.bat (No File) <==== Cyrillic HKLM\...\StartupApproved\Run32: => "Optimizer.exe" HKU\S-1-5-21-3728291697-3449938618-998988-1001\...\StartupApproved\StartupFolder: => "Browge.vbs" HKU\S-1-5-21-3728291697-3449938618-998988-1001\...\StartupApproved\Run: => "6OF5FTH8RGXJBYJ" HKU\S-1-5-21-3728291697-3449938618-998988-1001\...\StartupApproved\Run: => "8KKM8W4BXAZ6L65" HKU\S-1-5-21-3728291697-3449938618-998988-1001\...\StartupApproved\Run: => "72BG8KY2Z7K0YT3" HKU\S-1-5-21-3728291697-3449938618-998988-1001\...\StartupApproved\Run: => "CP4FAFOFLLPEEX2" HKU\S-1-5-21-3728291697-3449938618-998988-1001\...\StartupApproved\Run: => "KY16P3BLNNUVFX1" FirewallRules: [{1D3A8365-B4AA-4B98-ADBA-B12794E96351}] => (Allow) LPort=445 FirewallRules: [{0358029B-9F5A-4D8E-BA02-E1A135E74B24}] => (Allow) LPort=19284 FirewallRules: [{49D7B3E1-1650-4143-803D-E3B6F83CCF35}] => (Allow) LPort=19285 FirewallRules: [{927CE115-F775-4A9C-B5E3-E12EED2AD124}] => (Allow) LPort=8888 FirewallRules: [{A830914A-F5A3-47B4-9399-7860DC7BEAC8}] => (Allow) LPort=8888 FirewallRules: [{F2C495F1-B0A5-4150-BDCC-8872BD0467A1}] => (Allow) LPort=26789 FirewallRules: [{608061AC-FEBA-4344-8075-6C671456C1CC}] => (Allow) LPort=26820 FirewallRules: [{E7C5E413-4712-42E1-9801-243B5C2E8055}] => (Allow) LPort=26822 EmptyTemp: Hosts: CMD: ipconfig /flushDNS end ***************** Processes closed successfully. Restore point was successfully created. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\muzwg => key not found dkspqk => service not found. "C:\Windows\System32\drivers\xjbxhm.sys" => not found. fhlvrqs => service not found. "C:\Windows\System32\drivers\ejed.sys" => not found. tqswgmlv => service not found. "C:\Windows\System32\drivers\qogpht.sys" => not found. muzwg => service not found. "C:\Users\Erick L Jefe\AppData\Local\Temp\19611.exe" => not found. "C:\Users\Erick L Jefe\AppData\Local\Temp\20868.exe" => not found. "C:\Users\Erick L Jefe\AppData\Local\Temp\22648.exe" => not found. "C:\Users\Erick L Jefe\AppData\Local\Temp\4149.exe" => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD63B593-E363-4D76-BE12-BC0B8ACEA07C} => key not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefenderUpdate => key not found C:\Users\Erick L Jefe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Еxрlorer.lnk => not found. C:\Users\Erick L Jefe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Chrоme.lnk => not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Chrоme.lnk => not found. C:\Users\Public\Desktop\Gооglе Chrоme.lnk => not found. C:\Users\Public\Desktop\Аеrоsоft Lаuncher.lnk => not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Optimizer.exe => value not found. HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Optimizer.exe => value not found. C:\Users\Erick L Jefe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browge.vbs => not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Browge.vbs => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\6OF5FTH8RGXJBYJ => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\6OF5FTH8RGXJBYJ => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\8KKM8W4BXAZ6L65 => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\8KKM8W4BXAZ6L65 => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\72BG8KY2Z7K0YT3 => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\72BG8KY2Z7K0YT3 => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CP4FAFOFLLPEEX2 => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CP4FAFOFLLPEEX2 => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\KY16P3BLNNUVFX1 => value not found. HKU\S-1-5-21-3728291697-3449938618-998988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KY16P3BLNNUVFX1 => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D3A8365-B4AA-4B98-ADBA-B12794E96351} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0358029B-9F5A-4D8E-BA02-E1A135E74B24} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49D7B3E1-1650-4143-803D-E3B6F83CCF35} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{927CE115-F775-4A9C-B5E3-E12EED2AD124} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A830914A-F5A3-47B4-9399-7860DC7BEAC8} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2C495F1-B0A5-4150-BDCC-8872BD0467A1} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{608061AC-FEBA-4344-8075-6C671456C1CC} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7C5E413-4712-42E1-9801-243B5C2E8055} => value not found. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= ipconfig /flushDNS ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 7364608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 197136985 B Java, Flash, Steam htmlcache => 26377907 B Windows/system/drivers => 21527209 B Edge => 454307659 B Chrome => 16185565 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 174741 B systemprofile32 => 247813858 B LocalService => 120540 B NetworkService => 229458 B Erick L Jefe => 538595538 B RecycleBin => 0 B EmptyTemp: => 1.4 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:09:47 ==== SophosVirusRemovalTool_cloud4.log SophosVirusRemovalTool.log Fixlog.txt
  9. Ebaez12
    Ok got it running now. In progress standby
  10. Ebaez12
    Did that and now frst64 doesn’t want to run
  11. Ebaez12
    This comes up when I run frst64
  12. Ebaez12
    # AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 08 00:39:39 2017 # Updated on 2017/29/11 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d169bbxks24g2u.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d1af033869koo7.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\plarium.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d169bbxks24g2u.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d1af033869koo7.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\plarium.com Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|gplyra Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\windows-10.en.softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\windows-10.en.softonic.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: search.conduit.com - search.conduit.com Startpage deleted: http://www.google.com/ Startpage deleted: http://search.conduit.com/?ctid=CT3301020&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP57AFB4C0-255B-4923-BF80-8524349D436B Startpage deleted: http://www.google.com/ Startpage deleted: http://search.conduit.com/?ctid=CT3301020&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP57AFB4C0-255B-4923-BF80-8524349D436B ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [1159 B] - [2017/12/6 8:42:10] C:/AdwCleaner/AdwCleaner[C1].txt - [1638 B] - [2017/12/6 8:50:42] C:/AdwCleaner/AdwCleaner[S0].txt - [4430 B] - [2017/12/6 8:40:10] C:/AdwCleaner/AdwCleaner[S1].txt - [4505 B] - [2017/12/6 8:48:49] C:/AdwCleaner/AdwCleaner[S2].txt - [5578 B] - [2017/12/8 0:39:3] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ########## mrt.log FRST.txt Addition.txt
  13. Ebaez12
    Finally!!! I don’t know how to thank you enough Kevin. After 3 days of jumping burbles and hoops it worked.
  14. Ebaez12
    Malwarebytes is currently running normal, let me see the results standby
  15. Ebaez12
    it worked check the log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.