pippolino

No questions. Just two words. Fantastic job.

# DelFix v1.013 - Logfile created 10/12/2017 at 00:06:13 # Updated 17/04/2016 by Xplode # Username : Roman - DESKTOP-TCTQ4RV # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Roman\Downloads\FRST-OlderVersion Deleted : C:\TDSSKiller.3.1.0.15_07.12.2017_00.30.54_log.txt Deleted : C:\Users\Public\Desktop\RogueKiller.lnk Deleted : C:\Users\Roman\Downloads\Addition.txt Deleted : C:\Users\Roman\Downloads\AdwCleaner.exe Deleted : C:\Users\Roman\Downloads\Fixlog (1).txt Deleted : C:\Users\Roman\Downloads\Fixlog (2).txt Deleted : C:\Users\Roman\Downloads\Fixlog.txt Deleted : C:\Users\Roman\Downloads\fixlog.txt.txt Deleted : C:\Users\Roman\Downloads\FRST.txt Deleted : C:\Users\Roman\Downloads\FRST64.exe Deleted : C:\Users\Roman\Downloads\Search.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #142 [Restore Point Created by FRST | 12/09/2017 20:49:02] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########

So far works good. last fixlog is attached Fixlog.txt

Addition.txt FRST.txt

rk_77FC.tmp.txt

AdwCleaner[C9].txt

Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 12 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1070], [327193],1.0.3449 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1070], [327193],1.0.3449 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1070], [327193],1.0.3449 Adware.Norassie, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\Norassie, Quarantined, [2658], [361347],1.0.3449 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\Reimage, Quarantined, [1070], [357494],1.0.3449 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1070], [327204],1.0.3449 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [1070], [327203],1.0.3449 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarantined, [1070], [336077],1.0.3449 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1070], [332494],1.0.3449 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1070], [332494],1.0.3449 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1070], [332494],1.0.3449 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1070], [327205],1.0.3449 Registry Value: 1 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1070], [327204],1.0.3449 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)

OK it worked now. I deleted them after reinstalling

It doer snot give me that option. During installation of malware bites I encountered this message. I clicked to ignore it. May be this has something to do with it

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/8/17 Scan Time: 7:47 PM Log File: 80202860-dc7a-11e7-9b5f-98eecb4a523d.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3448 License: Free -System Information- OS: Windows 10 (Build 14393.576) CPU: x64 File System: NTFS User: DESKTOP-TCTQ4RV\Roman -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 475458 Threats Detected: 13 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 2 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 12 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [1070], [327193],1.0.3448 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, No Action By User, [1070], [327193],1.0.3448 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [1070], [327193],1.0.3448 Adware.Norassie, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\Norassie, No Action By User, [2658], [361347],1.0.3448 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\Reimage, No Action By User, [1070], [357494],1.0.3448 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\REIMAGE\PC REPAIR, No Action By User, [1070], [327204],1.0.3448 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., No Action By User, [1070], [327203],1.0.3448 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, No Action By User, [1070], [336077],1.0.3448 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [1070], [332494],1.0.3448 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [1070], [332494],1.0.3448 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [1070], [332494],1.0.3448 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, No Action By User, [1070], [327205],1.0.3448 Registry Value: 1 PUP.Optional.Reimage, HKU\S-1-5-21-1313734922-739710134-2359033524-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, No Action By User, [1070], [327204],1.0.3448 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)

It looks that problem had been resolved. I do not see any suspicious folders and processes. So far works like a charm. Thank you very much for great job. Love Montreal.

Done. File is attached. Fixlog.txt

Fixlog.txt is attached

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2017 Ran by Roman (08-12-2017 08:04:10) Run:1 Running from C:\Users\Roman\Desktop\First Loaded Profiles: Roman (Available Profiles: Roman & Christina & BackupAdmin & hidden) Boot Mode: Normal ============================================== fixlist content: ***************** ***************** ==== End of Fixlog 08:04:10 ====

I have 16 Gb USB Flash. Waiting for your instructions. Thank you for your help

My system got infected. Malwarebytes only picks up PUP, it is not able to remove it. Malwarebites anti root cannot start, cannot install driver. All other software software failed. Norton tells that it is fifex, while it is not. File location is locked. I tried to boot from Linux boot disk and delete the directory, but after a while it reapers. Tried RegRun reanimator. Still not sure. Files from FarBar are attached. Please help. Addition.txt FRST.txt