Jump to content

CrimsonNyte

Members
  • Content Count

    9
  • Joined

  • Last visited

About CrimsonNyte

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Sorry for the late reply. Here ya go: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/5/18 Scan Time: 12:35 PM Log File: cfbfd7b0-f23e-11e7-9649-d8cb8a506eab.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3631 License: Trial -System Information- OS: Windows 10 (Build 16299.192) CPU: x64 File System: NTFS User: GODMACHINE1\Ant -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 335505 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 21 min, 11 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) # AdwCleaner 7.0.6.0 - Logfile created on Fri Jan 05 18:01:05 2018 # Updated on 2017/21/12 by Malwarebytes # Database: 01-03-2018.1 # Running on Windows 10 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy, SearchProvider found: AIM Search - slirsredirect.search.aol.com PUP.Optional.Legacy, SearchProvider found: Ask.com - supertoolbar.ask.com PUP.Optional.Legacy, SearchProvider found: Ask Search - tbsearch.ask.com PUP.Optional.Legacy, SearchProvider found: Search the Web - search.freecause.com /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [1619 B] - [2017/12/26 6:26:43] C:/AdwCleaner/AdwCleaner[S0].txt - [1743 B] - [2017/12/26 6:24:58] C:/AdwCleaner/AdwCleaner[S1].txt - [1504 B] - [2018/1/5 17:5:26] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ########## Microsoft Windows Malicious Software Removal Tool v5.55, December 2017 (build 5.55.14421.1) Started On Fri Jan 05 13:02:05 2018 Engine: 1.1.14405.2 Signatures: 1.257.1160.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 05 13:29:20 2018 Return code: 0 (0x0) Fixlog.txt
  2. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/26/17 Scan Time: 12:59 AM Log File: edeb449e-ea01-11e7-9b77-d8cb8a506eab.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3562 License: Trial -System Information- OS: Windows 10 (Build 16299.125) CPU: x64 File System: NTFS User: GODMACHINE1\Ant -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 334523 Threats Detected: 33 Threats Quarantined: 33 Time Elapsed: 16 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 15 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [5111], [425124],1.0.3562 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\TASKENG.EXE, Quarantined, [5111], [425125],1.0.3562 PUP.Optional.NeoBar.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\E3605470-291B-44EB-8648-745EE356599A, Quarantined, [1294], [396225],1.0.3562 PUP.Optional.AdLoad, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1CB6613E-B1FA-4C76-AFCD-03E611DEBB02}, Quarantined, [568], [313434],1.0.3562 PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B3A2F4F3-76BC-44F9-AE58-FE658023109C}, Quarantined, [931], [459339],1.0.3562 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [21], [260247],1.0.3562 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [21], [260247],1.0.3562 PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{B3A2F4F3-76BC-44F9-AE58-FE658023109C}, Quarantined, [931], [459338],1.0.3562 PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\space(title, t_monitor), Quarantined, [931], [459338],1.0.3562 PUP.Optional.AdLoad, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{1CB6613E-B1FA-4C76-AFCD-03E611DEBB02}, Quarantined, [568], [313436],1.0.3562 PUP.Optional.AdLoad, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WindowsUpdater, Quarantined, [568], [313436],1.0.3562 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [75], [170024],1.0.3562 PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [75], [-1],0.0.0 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [75], [170024],1.0.3562 PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [75], [170024],1.0.3562 Registry Value: 9 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [5111], [425124],1.0.3562 PUP.Optional.PQwick, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PQWICK, Quarantined, [7323], [451754],1.0.3562 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [5111], [425126],1.0.3562 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [5111], [425125],1.0.3562 PUP.Optional.AdLoad, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1CB6613E-B1FA-4C76-AFCD-03E611DEBB02}|PATH, Quarantined, [568], [313434],1.0.3562 PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B3A2F4F3-76BC-44F9-AE58-FE658023109C}|PATH, Quarantined, [931], [459339],1.0.3562 PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [75], [-1],0.0.0 PUP.Optional.Wajam, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [75], [-1],0.0.0 PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [75], [-1],0.0.0 Registry Data: 5 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, [21], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [21], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{4081e67c-5b99-4d92-923a-d17e3ca37d82}|NameServer, Replaced, [21], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6115c17c-e88d-419f-aeb6-897f2bd99ff3}|DhcpNameServer, Replaced, [21], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{900d202d-9f31-4a7c-a023-7cecd4bd9112}|NameServer, Replaced, [21], [-1],0.0.0 Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE, Quarantined, [8489], [443706],1.0.3562 File: 3 PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE\CONF.DB, Quarantined, [8489], [443706],1.0.3562 Adware.Elex.ShrtCln, C:\USERS\ANT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [2154], [454731],1.0.3562 Adware.Elex.ShrtCln, C:\USERS\ANT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [2154], [454731],1.0.3562 Physical Sector: 0 (No malicious items detected) (end) Adwcleaner: # AdwCleaner 7.0.6.0 - Logfile created on Tue Dec 26 06:26:43 2017 # Updated on 2017/21/12 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Program Files (x86)\DriverToolkit Deleted: C:\Users\Ant\AppData\Local\DriverToolkit ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Driver Booster Scheduler Deleted: DQXMIZcMVgHaIkOHb Deleted: AMpcLJhOMOGkdg Deleted: DQXMIZcMVgHaIkOHb2 Deleted: lJBQppWImNhefKN2 ***** [ Registry ] ***** Deleted: [Key] - HKU\S-1-5-21-1722359170-470532309-3725313330-1000\Software\DriverToolkit Deleted: [Key] - HKCU\Software\DriverToolkit ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: AIM Search - slirsredirect.search.aol.com SearchProvider deleted: Ask.com - supertoolbar.ask.com SearchProvider deleted: Ask Search - tbsearch.ask.com SearchProvider deleted: Search the Web - search.freecause.com ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1743 B] - [2017/12/26 6:24:58] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.55, December 2017 (build 5.55.14421.1) Started On Tue Dec 26 01:02:58 2017 Engine: 1.1.14405.2 Signatures: 1.257.1160.0 Run Mode: Interactive Graphical Mode Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 26 01:03:32 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.55, December 2017 (build 5.55.14421.1) Started On Tue Dec 26 01:33:49 2017 Engine: 1.1.14405.2 Signatures: 1.257.1160.0 Run Mode: Interactive Graphical Mode Fixlog.txt Addition.txt FRST.txt
  3. I can't seem to be able to get my computer into Recovery Environment.. Edit: I managed to get it into RE but I got this error when trying to open FRST
  4. Hi Kevin, Thank you for responding. I do have an external harddrive that' well over 4gb and my spare pc runs windows 7 but the infected pc runs on Windows 10
  5. Hi there, I'm new here but this virus has been irritating me for the last few days. I've downloaded HitmanPro, Emsisoft, and MalwareBytes and none have managed to remove this damn thing. It adds Windows Resource Manager and is taking up way too many resources. I also get redirected to bing despite my default search engine being google with some times clicking pages im already on leads me to something called Reimage. There's 2 process that are random letters that I've seen before when I've gotten viruses before. The iaetcvlsvc.exe is an interesting one as I can't seem to find any record of it online but igfxmtc.exe seems to be a common one. Can someone please help me? I've also included all the logs I've gotten so far on mbar. mbar-log-2017-12-22 (00-31-02).txt mbar-log-2017-12-22 (11-42-54).txt mbar-log-2017-12-22 (12-56-42).txt mbar-log-2017-12-22 (13-00-48).txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.