Jump to content

Phantom

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi Kevin, Just wanted to say thanks a lot for helping me out...as soon I deleted the files from the registry the chrome issue also got solved. So I guess my PC is clean now. I owe you one & I will definitely shall square up one day. May you have a fantastic holiday season ahead Cheers, Phantom
  2. Hi Kevin, thanks for the info didn't knew that. Just wanted to know that why the PC is showing me this alert now? Also after downloading AVG should I get rid of every other anti-virus which I have installed, would AVG be sufficient? And hope those last logs were clear. Secondly I am still able to see .nobu folders in my registry...shall I delete them? And chrome is still trying to open up suspicious website whenever I search something...what to do? Lastly which software do you recommend to recover encrypted files, I tried Shadow Recovery, Recuva & Photorec but no luck. Cheers.
  3. Heyy Kevin, So I did both the above action...after running FRST the PC rebooted and I got the following message from the action center: Turn on Windows Security Service (on clicking it I got the error that the service can't be started) Windows Defender need to scan the computer (on clicking it opened but when I pressed start now it gave me the following error - the specified service does not exist as an installed service) Let me know what to do, attached are the logs as requested. Cheers. msert.log Fixlog.txt
  4. Have done scanning with the rest 02 tools, Sophos found one threat. Find the logs as follows: Sophos 2020-12-09 14:58:34.889 Sophos Virus Removal Tool version 2.8.0 2020-12-09 14:58:34.889 Copyright (c) 2009-2020 Sophos Limited. All rights reserved. 2020-12-09 14:58:34.889 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2020-12-09 14:58:34.889 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64 2020-12-09 14:58:34.890 Checking for updates... 2020-12-09 14:58:35.626 Update progress: proxy server not available 2020-12-09 14:58:43.924 Downloading updates... 2020-12-09 14:58:43.925 Update progress: [I96736] sdds.svrt_v1.20: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2020-12-09 14:58:43.925 Update progress: [I95020] sdds.svrt_v1.20: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2020-12-09 14:58:43.925 Update progress: [I22529] sdds.svrt_v1.20: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2020-12-09 14:58:43.925 Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update-B: url=SOPHOS 2020-12-09 14:58:43.925 Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file 2020-12-09 14:58:43.925 Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file 2020-12-09 14:58:43.925 Update progress: [V81533] SU::createCachedPackageSource creating cached package source 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 94 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2ce2ec3f760c3dbfc1d8e2ed416e7feex000.xml: 2522 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2ce2ec3f760c3dbfc1d8e2ed416e7feex000.xml: 15 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3bb2c2f9d31132827cd6a81fc1f7e792x000.xml: 8673 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3bb2c2f9d31132827cd6a81fc1f7e792x000.xml: 16 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE583/1c92fd00a421422e551741ebba66434ex000.xml: 590 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE583/1c92fd00a421422e551741ebba66434ex000.xml: 156 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 598 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 62 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE579/26a1a097a14b8e0bbd28be53a2aafb1ex000.xml: 601 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE579/26a1a097a14b8e0bbd28be53a2aafb1ex000.xml: 16 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE580/44559335c6f1bc63dde9d811db091136x000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE580/44559335c6f1bc63dde9d811db091136x000.xml: 31 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE577/55f0b0a4e526c2d0401e01357d48129ax000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE577/55f0b0a4e526c2d0401e01357d48129ax000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE576/7ed1ad18698b36122cfd3eb25407d6e6x000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE576/7ed1ad18698b36122cfd3eb25407d6e6x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE575/f655ae2aebfe5da4ab6db868c674ba43x000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE575/f655ae2aebfe5da4ab6db868c674ba43x000.xml: 46 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE578/fd09277a9cc316c7820beadc29555583x000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE578/fd09277a9cc316c7820beadc29555583x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE582/82c6da4417f47dbfe85579c76f31c452x000.xml: 2055 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE582/82c6da4417f47dbfe85579c76f31c452x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE581/ac27a781f955fe1f363fed7ca3ebc5ffx000.xml: 9909 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE581/ac27a781f955fe1f363fed7ca3ebc5ffx000.xml: 62 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e499540fe0102bd9a2b11010845937ebx000.xml: 615 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e499540fe0102bd9a2b11010845937ebx000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4b8b6493af61681b9359850a322b02c7x000.xml: 320 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4b8b6493af61681b9359850a322b02c7x000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 753 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 331 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 31 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f68284d0c844770e160f65625b572b5ex000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f68284d0c844770e160f65625b572b5ex000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b6237eb64a0908d40c9415a7c7ba3843x000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b6237eb64a0908d40c9415a7c7ba3843x000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 664cf44531a491f6d94d8e883ebd8013x000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 664cf44531a491f6d94d8e883ebd8013x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e633c35f2a494780bd5b5266ac06f13ax000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e633c35f2a494780bd5b5266ac06f13ax000.xml: 47 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d48b68b7041bde7c1484c5cb94897672x000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d48b68b7041bde7c1484c5cb94897672x000.xml: 46 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 28bb8eb241a254452f85129686b027e5x000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 28bb8eb241a254452f85129686b027e5x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2a074ff18c7f3222667dc2edfa46e75fx000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2a074ff18c7f3222667dc2edfa46e75fx000.xml: 31 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9bb8aeca1b234665832ec72c609610cex000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9bb8aeca1b234665832ec72c609610cex000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7009c81b29e1d232da816176e143ae49x000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7009c81b29e1d232da816176e143ae49x000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 51d6e7beb10ae1cf1b534f59c6e58e86x000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 51d6e7beb10ae1cf1b534f59c6e58e86x000.xml: 32 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ff82765819ae95b2d888a3384d7f2c2cx000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ff82765819ae95b2d888a3384d7f2c2cx000.xml: 46 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d9a77a07892e11509435eeb503ebcbafx000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d9a77a07892e11509435eeb503ebcbafx000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: edba9d025184cf9e450353e621575fd7x000.xml: 877 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: edba9d025184cf9e450353e621575fd7x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c3b05924f8bebb2144ddae058798a9e0x000.xml: 320 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c3b05924f8bebb2144ddae058798a9e0x000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 143a722a52e62e05945de47738c85c0fx000.xml: 877 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 143a722a52e62e05945de47738c85c0fx000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 15858544ab8b144fb289f49c2e7c806ax000.xml: 332 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 15858544ab8b144fb289f49c2e7c806ax000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b005f37e178c4fc45de9c57268dadc50x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b005f37e178c4fc45de9c57268dadc50x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8dd4490449ab42a73fe4df2c752a7782x000.xml: 332 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8dd4490449ab42a73fe4df2c752a7782x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7058c13cfd7f5e6039f891311ebba8aax000.xml: 1027 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7058c13cfd7f5e6039f891311ebba8aax000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ba077c5e28537dafc410507ccaf5f83bx000.xml: 332 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ba077c5e28537dafc410507ccaf5f83bx000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: bc2c5e7314423265da7857c71bf782e5x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: bc2c5e7314423265da7857c71bf782e5x000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5e7460873006b214fd68e9307c8b01cfx000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5e7460873006b214fd68e9307c8b01cfx000.xml: 32 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f222f289153e3ed05abafd3fa3e91c64x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f222f289153e3ed05abafd3fa3e91c64x000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5460d93c864bcac80628c717f3c5cad4x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5460d93c864bcac80628c717f3c5cad4x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: df3a4de52142d5fc6506775e1114924cx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: df3a4de52142d5fc6506775e1114924cx000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4c9d868240075771bc631fd70ffeb16ex000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4c9d868240075771bc631fd70ffeb16ex000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4eac5d58eaa7027016f336e941c20e03x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4eac5d58eaa7027016f336e941c20e03x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b4b5ea57a2c3ebf1d2d8b13470bee761x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b4b5ea57a2c3ebf1d2d8b13470bee761x000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5d1d99fd3f7fe3de9da46d177eb9872cx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5d1d99fd3f7fe3de9da46d177eb9872cx000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 00221b86018a1a9f486e7f8d3afc1607x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 00221b86018a1a9f486e7f8d3afc1607x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c6eb697ca554f7656b875d8975c2c204x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c6eb697ca554f7656b875d8975c2c204x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2631c86b4d54d95167e94e0af8efdd0dx000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2631c86b4d54d95167e94e0af8efdd0dx000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d419ff734350263f3ea5229d8494a763x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d419ff734350263f3ea5229d8494a763x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 303946e68b324d60ecce2eb79a1265a9x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 303946e68b324d60ecce2eb79a1265a9x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4fea943908090fea4ce54d42e6a8d63cx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4fea943908090fea4ce54d42e6a8d63cx000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 46b53c8c400ba0b5f0ba5f5af433180fx000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 46b53c8c400ba0b5f0ba5f5af433180fx000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5479e6c1fd454379a09450fdf960dd10x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5479e6c1fd454379a09450fdf960dd10x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a3a9d4c9159578b14300adbacc533e7ax000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a3a9d4c9159578b14300adbacc533e7ax000.xml: 32 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ea86ddefe491482d9d21f40d7a64d7ebx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ea86ddefe491482d9d21f40d7a64d7ebx000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6986765f6535230a3c867f1cf5e111e6x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6986765f6535230a3c867f1cf5e111e6x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5df1e15bd950f6636297a2443e91332bx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5df1e15bd950f6636297a2443e91332bx000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3ce0a7e01a1ba3f71ec640dc9b001801x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3ce0a7e01a1ba3f71ec640dc9b001801x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1bb8f856988a42b9f3675c7acbf46dc4x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1bb8f856988a42b9f3675c7acbf46dc4x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0393d948872ce4b27e290b4839b39648x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0393d948872ce4b27e290b4839b39648x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5cc8dfcd766d6ea2706a76c5e3369a3dx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5cc8dfcd766d6ea2706a76c5e3369a3dx000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 533d3759ebcb48dd1a9ba752edd164fax000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 533d3759ebcb48dd1a9ba752edd164fax000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b48888e6eaaff687109f190051608730x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b48888e6eaaff687109f190051608730x000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 282c18d102daef7b4b2b697afa6c4bb6x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 282c18d102daef7b4b2b697afa6c4bb6x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f8adfca9d000f4d972c8991333b5f710x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f8adfca9d000f4d972c8991333b5f710x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e9539119d0beec27fc3ba78a60f1c132x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e9539119d0beec27fc3ba78a60f1c132x000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a980367ca95cfb9ba11ac74057b9f833x000.xml: 877 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a980367ca95cfb9ba11ac74057b9f833x000.xml: 15 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a5f7c4b9bc9e10b2abf6d913ca0f416dx000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a5f7c4b9bc9e10b2abf6d913ca0f416dx000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d05778823a713782d5f325d6d91fbab3x000.xml: 877 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d05778823a713782d5f325d6d91fbab3x000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 269257b45b2cfa91af801b062dfb86eex000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 269257b45b2cfa91af801b062dfb86eex000.xml: 31 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7a345d0770fbe9368241a63614b6b5bdx000.xml: 877 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7a345d0770fbe9368241a63614b6b5bdx000.xml: 15 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8dd737edbb9988958cbaee7f9c1b35b1x000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8dd737edbb9988958cbaee7f9c1b35b1x000.xml: 32 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 50a8cfbf06b755aadababdeaf7061eb3x000.xml: 877 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 50a8cfbf06b755aadababdeaf7061eb3x000.xml: 15 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 60aac09c9397edecc1b3ce557394d39dx000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 60aac09c9397edecc1b3ce557394d39dx000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: da82c4321ed3a85c851dd96613257cf6x000.xml: 1027 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: da82c4321ed3a85c851dd96613257cf6x000.xml: 15 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d6f82f98826028071fb6ad3490b7ce39x000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d6f82f98826028071fb6ad3490b7ce39x000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE579 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE579 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE579 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE580 LATEST path= baseVersion= [included from product IDE579 LATEST path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE580 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE580 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE581 LATEST path= baseVersion= [included from product IDE580 LATEST path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE581 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE581 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE582 LATEST path= baseVersion= [included from product IDE581 LATEST path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE582 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE582 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE583 LATEST path= baseVersion= [included from product IDE582 LATEST path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE583 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE583 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c90fc61d20c95b97fb8f24a79b020a22x000.xml: 58196 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c90fc61d20c95b97fb8f24a79b020a22x000.xml: 202 ms 2020-12-09 14:58:43.928 Update progress: [I19463] Product download size 175118518 bytes 2020-12-09 14:58:47.531 Option all = no 2020-12-09 14:58:47.531 Option recurse = yes 2020-12-09 14:58:47.531 Option archive = no 2020-12-09 14:58:47.531 Option service = yes 2020-12-09 14:58:47.531 Option confirm = yes 2020-12-09 14:58:47.531 Option sxl = yes 2020-12-09 14:58:47.532 Option max-data-age = 35 2020-12-09 14:58:47.532 Option vdl-logging = yes 2020-12-09 14:58:47.536 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2020-12-09 14:58:47.536 Machine ID: 72e114e2c8c646ad8f75caee21ad7a2b 2020-12-09 14:58:47.552 Component SVRTcli.exe version 2.8.0 2020-12-09 14:58:47.552 Component control.dll version 2.8.0 2020-12-09 14:58:47.552 Component SVRTservice.exe version 2.8.0 2020-12-09 14:58:47.552 Component engine\osdp.dll version 1.44.1.2490 2020-12-09 14:58:47.552 Component engine\veex.dll version 3.79.0.2490 2020-12-09 14:58:47.552 Component engine\savi.dll version 9.0.20.2490 2020-12-09 14:58:47.553 Component rkdisk.dll version 1.5.33.1 2020-12-09 14:58:47.553 Version info: Product version 2.8.0 2020-12-09 14:58:47.553 Version info: Detection engine 3.79.0 2020-12-09 14:58:47.553 Version info: Detection data 5.78 2020-12-09 14:58:47.553 Version info: Build date 9/8/2020 2020-12-09 14:58:47.553 Version info: Data files added 404 2020-12-09 14:58:47.553 Version info: Last successful update (not yet updated) 2020-12-09 14:58:48.453 Update progress: [I19463] Syncing product IDE579 LATEST path= 2020-12-09 14:58:48.453 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4c2bcd4c718673e16f63e09efff1a8ex000.xml: 38198 bytes 2020-12-09 14:58:48.453 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4c2bcd4c718673e16f63e09efff1a8ex000.xml: 312 ms 2020-12-09 14:58:48.453 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 80c010739f5e4c4f864dc9c1fae69d07x000.xml: 397 bytes 2020-12-09 14:58:48.453 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 80c010739f5e4c4f864dc9c1fae69d07x000.xml: 16 ms 2020-12-09 14:58:48.453 Update progress: [I19463] Product download size 3367160 bytes 2020-12-09 14:58:48.778 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 47359be3189a166823d428918b6a3c51x000.xml: 5195 bytes 2020-12-09 14:58:48.778 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 47359be3189a166823d428918b6a3c51x000.xml: 31 ms 2020-12-09 14:58:48.852 Update progress: [I19463] Syncing product IDE580 LATEST path= 2020-12-09 14:58:48.852 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: fa14ac969204291e5569af27e2082366x000.xml: 39399 bytes 2020-12-09 14:58:48.852 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: fa14ac969204291e5569af27e2082366x000.xml: 31 ms 2020-12-09 14:58:48.852 Update progress: [I19463] Product download size 2835246 bytes 2020-12-09 14:58:50.040 Update progress: [I19463] Syncing product IDE581 LATEST path= 2020-12-09 14:58:50.040 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 17f809780a173606a6bb5e40b9ae96bcx000.xml: 22780 bytes 2020-12-09 14:58:50.040 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 17f809780a173606a6bb5e40b9ae96bcx000.xml: 31 ms 2020-12-09 14:58:50.040 Update progress: [I19463] Product download size 1593214 bytes 2020-12-09 14:58:50.202 Update progress: [I19463] Syncing product IDE582 LATEST path= 2020-12-09 14:58:50.202 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1afa1ddc28682a88313795a51cac53dcx000.xml: 881 bytes 2020-12-09 14:58:50.202 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1afa1ddc28682a88313795a51cac53dcx000.xml: 15 ms 2020-12-09 14:58:50.202 Update progress: [I19463] Product download size 49749 bytes 2020-12-09 14:58:50.339 Update progress: [I19463] Syncing product IDE583 LATEST path= 2020-12-09 14:58:50.339 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f430c089bf466bb070b959d79391e4c2x000.xml: 124 bytes 2020-12-09 14:58:50.339 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f430c089bf466bb070b959d79391e4c2x000.xml: 93 ms 2020-12-09 14:58:50.369 Installing updates... 2020-12-09 14:58:50.972 Error level 1 2020-12-09 14:59:00.507 Update successful 2020-12-09 14:59:17.020 Option all = no 2020-12-09 14:59:17.020 Option recurse = yes 2020-12-09 14:59:17.020 Option archive = no 2020-12-09 14:59:17.020 Option service = yes 2020-12-09 14:59:17.020 Option confirm = yes 2020-12-09 14:59:17.020 Option sxl = yes 2020-12-09 14:59:17.022 Option max-data-age = 35 2020-12-09 14:59:17.022 Option vdl-logging = yes 2020-12-09 14:59:17.025 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2020-12-09 14:59:17.025 Machine ID: 72e114e2c8c646ad8f75caee21ad7a2b 2020-12-09 14:59:17.026 Component SVRTcli.exe version 2.8.0 2020-12-09 14:59:17.026 Component control.dll version 2.8.0 2020-12-09 14:59:17.026 Component SVRTservice.exe version 2.8.0 2020-12-09 14:59:17.026 Component engine\osdp.dll version 1.44.1.2490 2020-12-09 14:59:17.026 Component engine\veex.dll version 3.79.0.2490 2020-12-09 14:59:17.026 Component engine\savi.dll version 9.0.20.2490 2020-12-09 14:59:17.027 Component rkdisk.dll version 1.5.33.1 2020-12-09 14:59:17.027 Version info: Product version 2.8.0 2020-12-09 14:59:17.027 Version info: Detection engine 3.79.0 2020-12-09 14:59:17.027 Version info: Detection data 5.78 2020-12-09 14:59:17.027 Version info: Build date 9/8/2020 2020-12-09 14:59:17.027 Version info: Data files added 405 2020-12-09 14:59:17.027 Version info: Last successful update 12/9/2020 8:29:00 PM 2020-12-09 15:07:10.684 Could not open C:\hiberfil.sys 2020-12-09 15:07:15.102 Could not open C:\pagefile.sys 2020-12-09 15:11:24.516 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.517 Could not open C:\System Volume Information\{70c399c9-3a25-11eb-abcb-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.517 Could not open C:\System Volume Information\{cfecb5c6-3922-11eb-ae92-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.517 Could not open C:\System Volume Information\{cfecb5ca-3922-11eb-ae92-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.518 Could not open C:\System Volume Information\{cfecb5ef-3922-11eb-ae92-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.518 Could not open C:\System Volume Information\{cfecb603-3922-11eb-ae92-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.518 Could not open C:\System Volume Information\{ebad78fa-389c-11eb-8036-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:12:53.049 Could not open C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Sessions\Session_13251995476783216 2020-12-09 15:12:53.092 Could not open C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Sessions\Tabs_13251997569990059 2020-12-09 15:13:07.721 >>> Virus 'Mal/Generic-S' found in file C:\Users\DELL-07\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RDQWLJC\file[1].exe 2020-12-09 15:13:07.721 >>> Virus 'Mal/Generic-S' found in file C:\Users\DELL-07\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RDQWLJC\file[1].exe 2020-12-09 15:33:35.096 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2020-12-09 15:33:35.098 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2020-12-09 15:33:39.316 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2020-12-09 15:33:39.317 Could not open C:\Windows\System32\config\RegBack\SAM 2020-12-09 15:33:39.319 Could not open C:\Windows\System32\config\RegBack\SECURITY 2020-12-09 15:33:39.320 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2020-12-09 15:33:39.321 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2020-12-09 16:04:46.787 Could not open LOGICAL:0003:00000000 2020-12-09 16:04:46.797 Could not open D:\ 2020-12-09 16:14:00.064 The following items will be cleaned up: 2020-12-09 16:14:00.064 Mal/Generic-S 2020-12-09 16:16:24.225 Threat 'Mal/Generic-S' has been cleaned up. 2020-12-09 16:16:24.225 File "C:\Users\DELL-07\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RDQWLJC\file[1].exe" belongs to malware 'Mal/Generic-S'. 2020-12-09 16:16:24.225 File "C:\Users\DELL-07\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RDQWLJC\file[1].exe" has been cleaned up. 2020-12-09 16:16:24.226 Removal successful 2020-12-09 16:16:25.088 Error level 0 FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2020 Ran by DELL-07 (administrator) on DELL-07-PC (Dell Inc. Latitude E6330) (09-12-2020 22:22:28) Running from C:\Users\DELL-07\Desktop\Secure Loaded Profiles: DELL-07 Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2> (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6> (TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (www.shadowexplorer.com) [File not signed] C:\Program Files (x86)\ShadowExplorer\sesvc.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7953976 2019-12-10] (Intel Corporation -> Motorola Solutions, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016568 2020-12-02] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\Run: [GoogleChromeAutoLaunch_46D14624D80CA338C7782938840B2358] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: {359a99c5-b246-11ea-99a3-f01faf403338} - F:\OnePlus_setup.exe /s HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: {359a9a96-b246-11ea-99a3-f01faf403338} - F:\Setup.exe HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: {8922ee51-6996-11ea-9081-f01faf403338} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: {cdc89385-94ca-11ea-9ee0-f01faf403338} - F:\HiSuiteDownLoader.exe HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-04-07] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Upd7Live.exe [2016-10-14] (Alexander Lomachevsky -> simplix) HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1EDC6236-2BDD-44F2-829A-7A826FAB68F3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-30] (Mozilla Corporation -> Mozilla Foundation) Task: {62740F29-214B-4A51-831B-33E5AB14AA07} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC -> Google LLC) Task: {8765A8CE-5E93-4289-9E18-88144A173270} - System32\Tasks\Firefox Default Browser Agent BE9C2D0CFAE2B446 => C:\Users\DELL-07\AppData\Roaming\waeedui.exe <==== ATTENTION Task: {9C43CC97-4AD0-4343-BC36-8D3931532DD6} - System32\Tasks\NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544} => C:\Users\DELL-07\AppData\Roaming\eveedui.exe <==== ATTENTION Task: {B65B82F8-0CC8-46F4-8029-6B3A955C8B35} - System32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} => C:\Users\DELL-07\AppData\Roaming\hieedui.exe <==== ATTENTION Task: {C68007BC-44C8-40A2-BE5C-29F79E00C68A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC -> Google LLC) Task: {EC7F5AB1-7547-4DDC-9280-9A84B0495770} - System32\Tasks\{C8A3C36B-E4E3-42A6-AE0C-B9423F0539CD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Malwarebytes\Anti-Malware\mbemsg.exe" -d "C:\Program Files\Malwarebytes\Anti-Malware" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{EE777AB5-DB11-4291-945F-D0302F3AC3ED}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF DefaultProfile: gpz3r2pa.default FF ProfilePath: C:\Users\DELL-07\AppData\Roaming\Mozilla\Firefox\Profiles\gpz3r2pa.default [2020-06-04] FF ProfilePath: C:\Users\DELL-07\AppData\Roaming\Mozilla\Firefox\Profiles\z180s208.default-release [2020-12-08] FF Extension: (Greasemonkey) - C:\Users\DELL-07\AppData\Roaming\Mozilla\Firefox\Profiles\z180s208.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 2 CHR Profile: C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-12-09] CHR DownloadDir: C:\Users\DELL-07\Desktop\Secure CHR Extension: (Slides) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-21] CHR Extension: (Docs) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-21] CHR Extension: (Google Drive) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24] CHR Extension: (YouTube) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-21] CHR Extension: (Email Tracker) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bnompdfnhdbgdaoanapncknhmckenfog [2020-12-05] CHR Extension: (WebRTC Leak Shield) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bppamachkoflopbagkdoflbgfjflfnfl [2020-08-25] CHR Extension: (Facebook Pixel Helper) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-01] CHR Extension: (Sheets) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-21] CHR Extension: (Google Docs Offline) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17] CHR Extension: (SimilarWeb - Traffic Rank & Website Analysis) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp [2020-11-16] CHR Extension: (Screenshot Tool and Editor) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ialiedlpfknneamnbemcgmaboleiccdd [2020-11-18] CHR Extension: (FATRANK) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jcnfkjjanbdfabigknbedgkfjkljhbdn [2020-12-07] CHR Extension: (Formatted email subject lines by cloudHQ) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbnejjahbkciooojokighdfkmcgkpjfb [2020-11-17] CHR Extension: (Gmail™ Email Templates by cloudHQ) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\llccdnmbipddnkhmldacpcjjcnljpoij [2020-11-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-21] CHR Extension: (Data Scraper - Easy Web Scraping) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2020-11-21] CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2020-10-18] CHR Extension: (Gmail) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Extension: (Chrome Media Router) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20] CHR Profile: C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-07] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3668944 2020-08-08] (philandro Software GmbH -> philandro Software GmbH) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-08-06] (Mixbyte Inc -> Freemake) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [518712 2019-12-19] (Intel Corporation -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-07] (Malwarebytes Inc -> Malwarebytes) R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13666872 2020-11-17] (Adlice -> ) R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7031056 2016-05-02] (TeamViewer -> TeamViewer GmbH) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-07] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-07] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-12-08] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2020-12-08] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-07] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [126576 2020-12-08] (Malwarebytes Inc -> Malwarebytes) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2020-12-09] (Adlice -> ) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2020-12-09 22:21 - 2020-12-09 22:23 - 000000000 ____D C:\FRST 2020-12-09 20:28 - 2020-12-09 20:28 - 000000000 ____D C:\ProgramData\Sophos 2020-12-09 20:27 - 2020-12-09 20:27 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2020-12-09 20:27 - 2020-12-09 20:27 - 000002759 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk 2020-12-09 20:27 - 2020-12-09 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2020-12-09 20:27 - 2020-12-09 20:27 - 000000000 ____D C:\Program Files (x86)\Sophos 2020-12-09 19:20 - 2020-12-09 19:20 - 000290968 _____ C:\Windows\Minidump\120920-14445-01.dmp 2020-12-09 18:56 - 2020-12-09 18:56 - 000020053 _____ C:\Users\DELL-07\Downloads\creports 2020-12-09 (1).csv 2020-12-09 13:56 - 2020-12-09 20:17 - 000015192 _____ C:\Users\DELL-07\Desktop\Linkedin New.csv 2020-12-08 21:16 - 2020-12-08 21:16 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-12-08 21:15 - 2020-12-09 19:20 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys 2020-12-08 21:15 - 2020-12-08 21:15 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-12-08 21:15 - 2020-12-08 21:15 - 000126576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-12-08 21:01 - 2020-12-08 21:01 - 036641874 _____ C:\Users\DELL-07\Desktop\Backup.reg 2020-12-08 20:48 - 2020-12-08 20:48 - 000000000 ____D C:\Windows\pss 2020-12-08 14:49 - 2020-12-08 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataNumen Excel Repair 2020-12-08 14:48 - 2020-12-08 14:48 - 000000000 ____D C:\Users\DELL-07\AppData\Local\Downloaded Installations 2020-12-08 12:35 - 2020-12-08 12:35 - 000000000 ____D C:\Users\DELL-07\Desktop\testdisk-7.1.win 2020-12-08 12:29 - 2020-12-08 12:29 - 000290968 _____ C:\Windows\Minidump\120820-16941-01.dmp 2020-12-07 22:10 - 2020-12-08 11:27 - 000000000 ____D C:\Program Files\Recuva 2020-12-07 22:10 - 2020-12-07 22:10 - 000001658 _____ C:\Users\Public\Desktop\Recuva.lnk 2020-12-07 22:10 - 2020-12-07 22:10 - 000001658 _____ C:\ProgramData\Desktop\Recuva.lnk 2020-12-07 22:10 - 2020-12-07 22:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2020-12-07 22:04 - 2020-12-07 22:04 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\www.shadowexplorer.com 2020-12-07 22:03 - 2020-12-07 22:03 - 000001889 _____ C:\Users\DELL-07\Desktop\ShadowExplorer.lnk 2020-12-07 22:03 - 2020-12-07 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2020-12-07 22:03 - 2020-12-07 22:03 - 000000000 ____D C:\Program Files (x86)\ShadowExplorer 2020-12-07 21:46 - 2020-12-07 21:46 - 000000000 ____D C:\Windows\ERUNT 2020-12-07 21:45 - 2020-12-07 21:46 - 000000841 _____ C:\DelFix.txt 2020-12-07 21:16 - 2020-12-08 13:19 - 000000000 ____D C:\Windows\system32\appmgmt 2020-12-07 20:37 - 2020-12-07 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2020-12-07 20:37 - 2020-12-07 20:37 - 000000000 ____D C:\Program Files\RogueKiller 2020-12-07 20:36 - 2020-12-07 20:42 - 000000000 ____D C:\ProgramData\RogueKiller 2020-12-07 20:18 - 2020-12-07 20:18 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-12-07 20:18 - 2020-12-07 20:18 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-12-07 20:18 - 2020-12-07 20:18 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-12-07 20:18 - 2020-12-07 20:18 - 000000000 ____D C:\Users\DELL-07\AppData\Local\mbam 2020-12-07 20:17 - 2020-12-07 20:17 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-12-07 20:17 - 2020-12-07 20:17 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-12-07 20:16 - 2020-12-07 20:16 - 000000000 ____D C:\Program Files\Malwarebytes 2020-12-07 19:17 - 2020-12-07 19:17 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7463515B.sys 2020-12-07 19:16 - 2020-12-07 20:30 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2020-12-07 19:16 - 2020-12-07 20:18 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-12-07 18:52 - 2020-12-09 22:22 - 000000000 ____D C:\Users\DELL-07\Desktop\Secure 2020-12-07 18:43 - 2020-12-07 18:43 - 000003208 _____ C:\Windows\system32\Tasks\{C8A3C36B-E4E3-42A6-AE0C-B9423F0539CD} 2020-12-07 18:30 - 2020-12-07 20:17 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-12-07 18:11 - 2020-12-09 19:20 - 356990773 _____ C:\Windows\MEMORY.DMP 2020-12-07 18:11 - 2020-12-09 19:20 - 000000000 ____D C:\Windows\Minidump 2020-12-07 18:11 - 2020-12-07 18:11 - 000283256 _____ C:\Windows\Minidump\120720-33680-01.dmp 2020-12-07 18:09 - 2020-12-07 18:09 - 000000000 ____D C:\ProgramData\Emsisoft 2020-12-07 18:08 - 2020-12-08 17:49 - 000000000 ____D C:\EEK 2020-12-07 15:42 - 2020-12-07 15:42 - 000000000 ____D C:\Users\DELL-07\Documents\Freemake 2020-12-07 14:56 - 2020-12-07 20:10 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\wjllvez4m3p 2020-12-07 14:56 - 2020-12-07 14:56 - 000001110 _____ C:\Users\DELL-07\_readme.txt 2020-12-07 14:54 - 2020-12-07 14:56 - 000001100 _____ C:\Users\DELL-07\AppData\LocalLow\machineinfo.txt.nobu 2020-12-07 14:54 - 2020-12-07 14:52 - 002228224 _____ C:\Users\DELL-07\AppData\LocalLow\exuieaoEiI 2020-12-07 14:54 - 2020-03-03 10:45 - 000020480 _____ C:\Users\DELL-07\AppData\LocalLow\lifwZVt5ic 2020-12-07 14:53 - 2020-12-08 17:52 - 000000000 ____D C:\SystemID 2020-12-07 14:53 - 2020-12-07 20:22 - 000000000 ____D C:\Windows\SysWOW64\kbqtffm 2020-12-07 14:53 - 2020-12-07 20:08 - 000000000 ____D C:\Windows\system32\Tasks\System 2020-12-07 14:53 - 2020-12-07 20:08 - 000000000 ____D C:\Users\DELL-07\AppData\Local\78d92480-ef27-46a3-ab35-87a9d6c6c6fe 2020-12-07 14:53 - 2020-12-07 20:08 - 000000000 ____D C:\Users\DELL-07\AppData\Local\44efc42f-4e38-4a3c-a4f5-8eb3207d439b 2020-12-07 14:53 - 2020-12-07 19:41 - 000003606 _____ C:\Windows\system32\Tasks\Firefox Default Browser Agent BE9C2D0CFAE2B446 2020-12-07 14:53 - 2020-12-07 14:56 - 000000000 ____D C:\Users\DELL-07\Documents\VlcpVideoV1.0.1 2020-12-07 14:53 - 2020-12-07 14:54 - 000916735 _____ (SQLite Development Team) C:\Users\DELL-07\AppData\LocalLow\sqlite3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 005548264 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2020-12-07 14:53 - 2020-12-07 14:53 - 000634432 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe 2020-12-07 14:53 - 2020-12-07 14:53 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000003606 _____ C:\Windows\system32\Tasks\NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544} 2020-12-07 14:53 - 2020-12-07 14:53 - 000000561 _____ C:\Users\DELL-07\AppData\Local\bowsakkdestx.txt 2020-12-07 14:53 - 2020-12-07 14:53 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Doleon 2020-12-07 14:53 - 2020-12-07 14:53 - 000000000 ____D C:\ProgramData\sib 2020-12-07 14:53 - 2020-12-07 14:53 - 000000000 ____D C:\ProgramData\Riate 2020-12-07 14:53 - 2020-12-07 14:53 - 000000000 ____D C:\ProgramData\KLF36IMOB9 2020-12-07 14:52 - 2020-12-07 20:10 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\zdxxyp4dw35 2020-12-07 14:52 - 2020-12-07 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TdNativeMessage 2020-12-07 14:52 - 2020-12-07 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RearRips 2020-12-07 14:52 - 2020-12-07 14:52 - 000003606 _____ C:\Windows\system32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} 2020-12-07 14:52 - 2020-12-07 14:52 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\305f7ca580575406.60124791_888 2020-12-07 14:52 - 2006-12-07 07:39 - 001101824 _____ (NuMedia Soft, Inc.) C:\Windows\SysWOW64\NMSDVDXU.dll 2020-12-07 14:51 - 2020-12-07 20:00 - 000000000 ____D C:\Users\DELL-07\AppData\Local\CrashDumps 2020-12-07 14:51 - 2020-12-07 15:40 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Noderts 2020-12-07 14:51 - 2020-12-07 14:51 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Python 2020-12-07 14:51 - 2020-12-07 14:51 - 000000000 ____D C:\Users\DELL-07\AppData\Local\Pider 2020-12-07 14:50 - 2020-12-07 14:51 - 000000000 ____D C:\ProgramData\AllDup 2020-12-07 14:50 - 2020-12-07 14:50 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\AllDup 2020-12-07 14:49 - 2020-12-07 14:50 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Q-Dir 2020-12-07 14:41 - 2020-12-07 15:43 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Dr Email Verifier 2020-12-07 14:39 - 2020-12-07 14:56 - 001203714 _____ C:\Users\DELL-07\Downloads\dr-email-verifier.zip.nobu 2020-12-04 12:37 - 2020-12-07 14:56 - 000970402 _____ C:\Users\DELL-07\Downloads\Fat Burning Secrets.pdf.nobu 2020-12-01 11:05 - 2020-12-01 11:05 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2020-11-30 18:50 - 2020-12-02 10:18 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-11-27 21:20 - 2020-12-07 14:56 - 000010893 _____ C:\Users\DELL-07\Desktop\To Promote.xlsx.nobu 2020-11-22 12:17 - 2020-12-07 14:56 - 000310237 _____ C:\Users\DELL-07\Downloads\Video Thumbnail.png.nobu 2020-11-21 22:12 - 2020-12-07 22:16 - 000000000 ____D C:\Users\DELL-07\Downloads\Reddit 2020-11-21 22:11 - 2020-12-08 14:50 - 000000000 ____D C:\Users\DELL-07\Downloads\Email List & Swipes 2020-11-16 19:48 - 2020-12-07 14:56 - 000000000 ___SD C:\Users\DELL-07\Documents\My Data Sources ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-12-09 19:28 - 2009-07-14 10:15 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-12-09 19:28 - 2009-07-14 10:15 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-12-09 19:22 - 2020-03-16 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2020-12-09 19:20 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-12-08 19:41 - 2020-06-04 19:26 - 000000000 ____D C:\Users\DELL-07\AppData\LocalLow\Mozilla 2020-12-08 19:40 - 2020-06-04 19:26 - 000000000 ____D C:\ProgramData\Mozilla 2020-12-08 17:58 - 2020-09-24 17:58 - 000000000 ____D C:\Users\DELL-07\Desktop\Notes 2020-12-08 17:04 - 2020-10-31 20:56 - 000000000 ____D C:\Users\DELL-07\Downloads\Docs 2020-12-08 14:51 - 2020-10-31 20:47 - 000000000 ____D C:\Users\DELL-07\Downloads\Keywords 2020-12-08 11:43 - 2020-01-07 17:39 - 000000000 ____D C:\Users\DELL-07 2020-12-08 11:20 - 2016-06-20 11:23 - 000724158 _____ C:\Windows\system32\perfh019.dat 2020-12-08 11:20 - 2016-06-20 11:23 - 000150428 _____ C:\Windows\system32\perfc019.dat 2020-12-08 11:20 - 2009-07-14 10:43 - 001647438 _____ C:\Windows\system32\PerfStringBackup.INI 2020-12-08 11:20 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf 2020-12-07 15:42 - 2020-08-22 21:34 - 000000000 ____D C:\Program Files (x86)\Freemake 2020-12-07 15:41 - 2020-06-08 16:57 - 000000000 ____D C:\Users\DELL-07\AppData\Local\Bluestacks 2020-12-07 14:57 - 2020-10-31 20:48 - 000000000 ____D C:\Users\DELL-07\Downloads\Softwares 2020-12-07 14:57 - 2020-10-31 20:41 - 000000000 ____D C:\Users\DELL-07\Downloads\Ads Creative 2020-12-07 14:57 - 2020-09-23 20:28 - 000000000 ____D C:\Users\DELL-07\Downloads\Harmonica_assets 2020-12-07 14:57 - 2020-09-22 18:07 - 000000000 ____D C:\Users\DELL-07\Downloads\Stamps 2020-12-07 14:56 - 2020-09-22 18:27 - 000000000 ____D C:\Users\DELL-07\.openshot_qt 2020-12-07 14:56 - 2020-07-19 21:30 - 000000499 ____H C:\Users\DELL-07\Desktop\~$July new.xlsx.nobu 2020-12-07 14:56 - 2020-07-18 22:16 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Unicorm July 2020.xlsx.nobu 2020-12-07 14:56 - 2020-07-17 00:01 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Daily Target.xlsx.nobu 2020-12-07 14:56 - 2020-07-15 21:10 - 000000499 ____H C:\Users\DELL-07\Desktop\~$203.xlsx.nobu 2020-12-07 14:56 - 2020-07-12 20:40 - 000000499 ____H C:\Users\DELL-07\Desktop\~$12 July Unicorn Capital.xlsx.nobu 2020-12-07 14:56 - 2020-07-11 19:53 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Blocked.xlsx.nobu 2020-12-07 14:56 - 2020-07-04 21:48 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Target July.xlsx.nobu 2020-12-07 14:56 - 2020-06-22 20:23 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Treading Promise Company.xlsx.nobu 2020-12-07 14:56 - 2020-04-23 17:57 - 000000496 ____H C:\Users\DELL-07\Downloads\~$hilesh singh - Sr. php developer - 5 Yrs 6 Months.docx.nobu 2020-12-07 14:56 - 2020-04-23 17:03 - 000000496 ____H C:\Users\DELL-07\Downloads\~$hammadMeraj[4_0].docx.nobu 2020-12-07 14:56 - 2020-04-22 17:14 - 000000496 ____H C:\Users\DELL-07\Downloads\~$iyVratShukla[5_3].docx.nobu 2020-12-07 14:56 - 2020-04-22 11:17 - 000000496 ____H C:\Users\DELL-07\Desktop\~$twAssignment.docx.nobu 2020-12-07 14:56 - 2020-04-16 15:46 - 000000496 ____H C:\Users\DELL-07\Desktop\~$kash Kumar.docx.nobu 2020-12-07 14:56 - 2020-04-10 13:41 - 000000496 ____H C:\Users\DELL-07\Downloads\~$NDARPSUDAN[6_0] (2).docx.nobu 2020-12-07 14:56 - 2020-04-10 13:39 - 000000496 ____H C:\Users\DELL-07\Downloads\~$shawshekhar[5_4].doc.nobu 2020-12-07 14:56 - 2020-04-10 13:39 - 000000496 ____H C:\Users\DELL-07\Downloads\~$NDARPSUDAN[6_0] (1).docx.nobu 2020-12-07 14:56 - 2020-04-07 11:42 - 000000496 ____H C:\Users\DELL-07\Downloads\~$manshu - Manager sales & operations - 10 Yrs 0 Month (1).docx.nobu 2020-12-07 14:56 - 2020-04-03 12:47 - 000000496 ____H C:\Users\DELL-07\Desktop\~$chana_ManualTester.docx.nobu 2020-12-07 14:56 - 2020-03-24 13:01 - 000000496 ____H C:\Users\DELL-07\Downloads\~$P.Net_Amity Noida.docx.nobu 2020-12-07 14:56 - 2020-03-24 10:12 - 000000496 ____H C:\Users\DELL-07\Downloads\~$praTrikha[2_4] - Consultant Cpcareers.doc.nobu 2020-12-07 14:56 - 2020-03-21 14:45 - 000000499 ____H C:\Users\DELL-07\Desktop\~$linkdin id.xlsx.nobu 2020-12-07 14:56 - 2020-03-13 09:57 - 000000496 ____H C:\Users\DELL-07\Downloads\~$hilMehta[5_5].docx.nobu 2020-12-07 14:56 - 2020-03-13 09:57 - 000000496 ____H C:\Users\DELL-07\Downloads\~$hilMehta[5_5] (1).docx.nobu 2020-12-07 14:56 - 2020-03-04 10:18 - 000000496 ____H C:\Users\DELL-07\Desktop\~$nux Administration Linux 2.docx.nobu 2020-12-07 14:56 - 2020-03-02 13:11 - 000000496 ____H C:\Users\DELL-07\Downloads\~$molSNag[7_0] (1) - Anusmita Cp.docx.nobu 2020-12-07 14:56 - 2020-03-02 10:02 - 000000496 ____H C:\Users\DELL-07\Downloads\~$ Sheet for SA - Java Dev.docx.nobu 2020-12-07 14:56 - 2020-01-07 17:39 - 000000000 ____D C:\Users\DELL-07\AppData\Local\VirtualStore 2020-12-05 11:42 - 2020-01-07 18:17 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-12-05 11:42 - 2020-01-07 18:17 - 000003204 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2020-12-03 16:54 - 2020-01-07 18:18 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-12-03 16:54 - 2020-01-07 18:18 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-12-03 16:54 - 2020-01-07 18:18 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-12-02 10:18 - 2020-06-04 19:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-11-18 21:14 - 2020-01-07 17:58 - 000000000 ____D C:\Users\DELL-07\AppData\Local\Microsoft Help 2020-11-13 12:18 - 2009-07-14 10:38 - 000032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======== 2020-12-07 14:53 - 2020-12-07 14:53 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000000561 _____ () C:\Users\DELL-07\AppData\Local\bowsakkdestx.txt 2020-09-23 19:04 - 2020-09-23 19:04 - 000000218 _____ () C:\Users\DELL-07\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-12-03 15:05 ==================== End of FRST.txt ======================== Have attached the addition file as requested, also the nobu files from registry are still present...should I delete them manually in safe mode?? Addition.txt
  5. Find the MB history as below, so you do not have to download the file. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/9/20 Scan Time: 5:44 PM Log File: 0e20414c-3a18-11eb-a9ab-f01faf403338.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.34123 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: DELL-07-PC\DELL-07 -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233391 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 8 min, 56 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\71357C62322A3D83.VIR, No Action By User, 0, 392686, 1.0.34123, , shuriken, , A326689A279A533A1587B9032AA6AD7B, 4AA0DAAB0DEE253495078CC87D668CC4B2912B40C287C9D405F5B416683F57A3 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  6. Heyy Kevin, Thank you for your prompt response...I have Malwarebytes already installed so as you said I enabled the root kits (archived where already ticked). I ran the scan and 01 detection was found but when I checked it was a file which was already quarantined by Rogue Killer. When I re-checked Rogue Killer logs I see it has quarantined autoKMS.log & autoKMS.exe I don't think it is related with nobu...right? However attached is the log from Malwarebytes. I will do the scan with Sophos & Farbar later coz I am already running Photorec in the background & hoping to recover some files...it's already done at 50%. As you said that Sophos will take some time & do not use the PC. Will do as soon as the Photorec process is over & get back to you. Cheers. MB History.txt
  7. On 07 Dec I was infected with .nobu ransomware by downloading a software & unfortunately this is an online key so recovering my encrypted files is not possible. So once I was infected I started the cleaning process with the following software's: Malwarebytes Anti-Rootkit Beta, Malwarebytes, Adw Cleaner, Rogue Killer & FRST. After this my PC was clean but I still got some problems...like I am still able to see files in my registry saved under "nobu" are they still a threat? Should I delete them manually? And sometimes Chrome is still trying to pop up with ads & random trojan websites although Malwarebytes is blocking them but I need to know how to stop it...I have already removed all the extensions added by the virus & reset the browsers. Lastly some IMPORTANT thing for those who have been affected with this virus even after cleaning the virus you have to manually delete the IP address added by the virus in your hosts (computer / windows / system32/ drivers / etc / hosts). Looking forward for an urgent response.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.