Jump to content

KenShibeXD

Members
  • Content Count

    6
  • Joined

  • Last visited

About KenShibeXD

  • Rank
    New Member
  1. No not anymore, but is there any other way I can scan to double check because its better to be safe than sorry.
  2. nasty3.txt contains all the things that I deleted to run FRST. nasty3.txt Quarantine.rar
  3. I had to delete a lot of malware to run FRST again, so this is the fix log after the deletion of those said malware. Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018 Ran by user (19-04-2018 14:29:22) Run:1 Running from C:\Users\user\Desktop\frst Loaded Profiles: user (Available Profiles: user) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: S3 mracsvc; C:\Windows\System32\mracsvc.exe [8010968 2018-01-21] (LLC Mail.Ru) S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [7238880 2018-01-21] (LLC Mail.Ru) HKU\S-1-5-21-1989261308-2432104630-3682543161-1000\...\ChromeHTML: -> <==== ATTENTION ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Task: {2C549B10-379D-424A-9C8A-76A3075D2CB7} - System32\Tasks\{8F105DBC-DE9C-BF2E-3006-D289A2073482} => C:\Program Files (x86)\Common Files\ovAOyUIYeY.exe [30598-05-30] (Microsoft Corporation) Task: {71DB0C9E-CADC-45BA-830F-FCC8700A1117} - System32\Tasks\{455C5117-D565-028B-E2F7-27783C5D314D} => C:\Windows\SysWOW64\aUTOEef.exe [30598-05-30] (Microsoft Corporation) C:\d3a18d3a8bbc11aa0c3933c0 C:\Program Files (x86)\Common Files\ovAOyUIYeY.exe C:\USERS\USER\APPDATA\LOCAL\SAMSUNG C:\Users\user\AppData\Local\TeamViewer C:\Users\user\AppData\Local\Hewlett-Packard C:\Users\user\AppData\Local\wbem.ini C:\Users\user\AppData\Local\Temp\345oott0vqs.exe C:\Users\user\AppData\Roaming\b282b57f1f7a640a4f6ba4035529e7702 C:\Users\user\AppData\Roaming\hui.exe C:\Windows\System32\mracsvc.exe C:\Windows\System32\drivers\mracdrv.sys C:\Windows\SysWOW64\aUTOEef.exe EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\System\CurrentControlSet\Services\mracsvc" => removed successfully mracsvc => service removed successfully "HKLM\System\CurrentControlSet\Services\mracdrv" => removed successfully mracdrv => service removed successfully "HKU\S-1-5-21-1989261308-2432104630-3682543161-1000_Classes\ChromeHTML" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C549B10-379D-424A-9C8A-76A3075D2CB7} => could not remove. Access Denied. "C:\Windows\System32\Tasks\{8F105DBC-DE9C-BF2E-3006-D289A2073482}" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F105DBC-DE9C-BF2E-3006-D289A2073482} => could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71DB0C9E-CADC-45BA-830F-FCC8700A1117} => could not remove. Access Denied. "C:\Windows\System32\Tasks\{455C5117-D565-028B-E2F7-27783C5D314D}" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{455C5117-D565-028B-E2F7-27783C5D314D} => could not remove. Access Denied. C:\d3a18d3a8bbc11aa0c3933c0 => moved successfully C:\Program Files (x86)\Common Files\ovAOyUIYeY.exe => moved successfully C:\USERS\USER\APPDATA\LOCAL\SAMSUNG => moved successfully C:\Users\user\AppData\Local\TeamViewer => moved successfully C:\Users\user\AppData\Local\Hewlett-Packard => moved successfully C:\Users\user\AppData\Local\wbem.ini => moved successfully C:\Users\user\AppData\Local\Temp\345oott0vqs.exe => moved successfully C:\Users\user\AppData\Roaming\b282b57f1f7a640a4f6ba4035529e7702 => moved successfully C:\Users\user\AppData\Roaming\hui.exe => moved successfully C:\Windows\System32\mracsvc.exe => moved successfully C:\Windows\System32\drivers\mracdrv.sys => moved successfully C:\Windows\SysWOW64\aUTOEef.exe => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18575648 B Java, Flash, Steam htmlcache => 5852963 B Windows/system/drivers => 197980711 B Edge => 0 B Chrome => 365612486 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 58558406 B systemprofile32 => 66788 B LocalService => 66228 B NetworkService => 12462 B user => 150691203 B RecycleBin => 0 B EmptyTemp: => 760.5 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-04-2018 14:32:57) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C549B10-379D-424A-9C8A-76A3075D2CB7} => could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F105DBC-DE9C-BF2E-3006-D289A2073482} => could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71DB0C9E-CADC-45BA-830F-FCC8700A1117} => could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{455C5117-D565-028B-E2F7-27783C5D314D} => could not remove. Access Denied. ==== End of Fixlog 14:32:57 ====
  4. When I turn FRST64 on then it closes immediately, I ran it as administrator but it just closes as soon as I turn it on. I tried it multiple times but have failed to do so.
  5. Hello, I am in need of dire assistance, a virus has infected my computer and I have been trying for the last 6 days to kill it; my exams are close so I need this computer to do my bidding but this irritating little demon keeps me from doing anything with it it is also crashing my computer, nasty little thing. Just like the title says the bugger's name is RiskWare.bitcoinminer, I have tried many steps to eliminate this virus but have failed so far, I have used marwarebytes, hitmanpro and roguekiller.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.