Jump to content

g6FDD.tmp.exe disk consumption

ShashankJakhmola
 Share

Recommended Posts

Valinorum

Valinorum

Posted
Posted

  • Step #1 Run Malwarebytes' Anti-Rootkit
    Please download Malwarebytes Anti-Rootkit from here and extract the content to your Desktop.
    • Update the program if asked.
    • In the Scan System option check all the boxes and click on Scan.
    • Click on Cleanup button after the scan and wait patiently. Reboot the computer if asked.
    • After the clean-up process; locate two logs in the mbar folder namely--
      • mbar-log.txt; and
      • system-log.txt
    • Copy and paste the contents of the log in your next reply.


 

Link to post
Share on other sites
ShashankJakhmola

ShashankJakhmola

Posted
  • Author
Posted (edited)

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.07.05.05
  rootkit: v2017.05.27.01

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16384
SHANK :: PC [administrator]

05-07-2017 17:53:50
mbar-log-2017-07-05 (17-53-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 353956
Time elapsed: 19 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.Wdfload) -> Delete on reboot. [beeb342ebbee93a3a18a81a67f81a35d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.Wdfload) -> Delete on reboot. [00a9a2c0941587afbb61e73ba15f7090]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C} (Trojan.Agent.Generic) -> Delete on reboot. [d7d2a1c101a8bb7ba43fc974956c9e62]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420} (Trojan.Agent.Generic) -> Delete on reboot. [2287a3bf9712dc5a5cab81264fb205fb]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA} (Trojan.Agent.Generic) -> Delete on reboot. [387121416d3c2d09dc2b2285926ff808]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C} (Trojan.Agent.Generic) -> Delete on reboot. [8425481a4f5a999db92a0439cc35a15f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966} (Trojan.Agent.Generic) -> Delete on reboot. [5b4e1f432584ef479926af67e21f8f71]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775 (Trojan.Agent.Generic) -> Delete on reboot. [67424e14c0e964d27fb406364fb2e719]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775-dll (Trojan.Agent.Generic) -> Delete on reboot. [4069c89aa4052610d072347209f847b9]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910 (Trojan.Agent.Generic) -> Delete on reboot. [a207085abbee0630d95a380421e0669a]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910-dll (Trojan.Agent.Generic) -> Delete on reboot. [2089dc86c3e61620a79bebbba75af907]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\5L4294g9684X604 (Trojan.Agent.Generic) -> Delete on reboot. [f0b91b472188280ec6fec155bd44b050]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.Wdfload) -> Delete on reboot. [6544e1816247c274929933f48f71837d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.Wdfload) -> Delete on reboot. [b5f472f0aaff5bdb78a45bc72cd453ad]

Registry Values Detected: 5
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C}|Path (Trojan.Agent.Generic) -> Data: \51L8028a6987u910 -> Delete on reboot. [d7d2a1c101a8bb7ba43fc974956c9e62]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420}|Path (Trojan.Agent.Generic) -> Data: \39L8356g1037X775-dll -> Delete on reboot. [2287a3bf9712dc5a5cab81264fb205fb]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA}|Path (Trojan.Agent.Generic) -> Data: \51L8028a6987u910-dll -> Delete on reboot. [387121416d3c2d09dc2b2285926ff808]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C}|Path (Trojan.Agent.Generic) -> Data: \39L8356g1037X775 -> Delete on reboot. [8425481a4f5a999db92a0439cc35a15f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966}|Path (Trojan.Agent.Generic) -> Data: \5L4294g9684X604 -> Delete on reboot. [5b4e1f432584ef479926af67e21f8f71]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Program Files\Wevice a Art Home Simulator\Wevice a Art Home Simulator.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [a7027ce6525749ed21e423e947bb07f9]
C:\Program Files (x86)\Bandicam\Bandicam Universal Crack.exe (RiskWare.Tool.HCK) -> Delete on reboot. [1f8a0c565356d85e56eab7947f820000]
C:\ProgramData\39L8356g1037X775\39L8356g1037X775.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [703992d06247c76fcc91338a21e02bd5]
C:\ProgramData\51L8028a6987u910\51L8028a6987u910.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [3178570b5950d46274e9873618e9b64a]
C:\ProgramData\5L4294g9684X604\5L4294g9684X604.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [04a573ef2a7f171f65f8e9d4af5221df]
C:\Windows\System32\Tasks\5L4294G9684X604 (Trojan.Agent.Generic) -> Delete on reboot. [9f0acf933277e94d309b46d09b6616ea]
C:\Windows\System32\Tasks\39L8356G1037X775 (Trojan.Agent.Generic) -> Delete on reboot. [5d4cbfa37f2a6ec837f57cc14db4758b]
C:\Windows\System32\Tasks\51L8028A6987U910 (Trojan.Agent.Generic) -> Delete on reboot. [00a900623673fb3b89a37ebf46bb1ae6]
C:\Windows\System32\Tasks\39L8356G1037X775-DLL (Trojan.Agent.Generic) -> Delete on reboot. [cddce57dd8d152e4194b6a3c847dbe42]
C:\Windows\System32\Tasks\51L8028A6987U910-DLL (Trojan.Agent.Generic) -> Delete on reboot. [1c8d8dd524851b1bd4905155eb164cb4]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.0.10240.16384

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, S:\ DRIVE_FIXED
CPU speed: 3.100000 GHz
Memory total: 4244598784, free: 2259517440

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.0.10240.16384

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, S:\ DRIVE_FIXED
CPU speed: 3.100000 GHz
Memory total: 4244598784, free: 2325258240

Downloaded database version: v2017.07.05.05
=======================================


Downloaded database version: v2017.05.27.01
Downloaded database version: v2017.06.16.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     07/05/2017 17:53:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\xusb22.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65B6AD42-5A92-437A-B4C9-67E044A91F53}\MpKsl4bb12f56.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\usb8023x.sys
\SystemRoot\System32\drivers\RNDISMPX.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.07.05.05
  rootkit: v2017.05.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001f2bbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001f2bbd7d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001f2bbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001f259c060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7B365392

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is FAT32

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848  Numsec = 204593152
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204800001  Numsec = 1748719615
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Program Files\Wevice a Art Home Simulator\Wevice a Art Home Simulator.dll --> [Trojan.Wdfload.Generic]
Infected: C:\Program Files (x86)\Bandicam\Bandicam Universal Crack.exe --> [RiskWare.Tool.HCK]
File "C:\Users\SHANK\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: C:\ProgramData\39L8356g1037X775\39L8356g1037X775.dll --> [Trojan.Wdfload.Generic]
Infected: C:\ProgramData\51L8028a6987u910\51L8028a6987u910.dll --> [Trojan.Wdfload.Generic]
Infected: C:\ProgramData\5L4294g9684X604\5L4294g9684X604.dll --> [Trojan.Wdfload.Generic]
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23CD51F3B93912CFF307FF5B56DB1BF80F438E70.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23CD51F3B93912CFF307FF5B56DB1BF80F438E70.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23CD51F3B93912CFF307FF5B56DB1BF80F438E70.bin.83" is compressed (flags = 1)
Infected: C:\Windows\System32\Tasks\5L4294G9684X604 --> [Trojan.Agent.Generic]
Infected: C:\Windows\System32\Tasks\39L8356G1037X775 --> [Trojan.Agent.Generic]
Infected: C:\Windows\System32\Tasks\51L8028A6987U910 --> [Trojan.Agent.Generic]
Infected: C:\Windows\System32\Tasks\39L8356G1037X775-DLL --> [Trojan.Agent.Generic]
Infected: C:\Windows\System32\Tasks\51L8028A6987U910-DLL --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.Wdfload]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.Wdfload]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C}|Path --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C} --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420}|Path --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420} --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA}|Path --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA} --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C}|Path --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C} --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966}|Path --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966} --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775 --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775-dll --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910 --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910-dll --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\5L4294g9684X604 --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.Wdfload]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.Wdfload]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

 

 

Edited by ShashankJakhmola
Link to post
Share on other sites
Aura

Aura

Posted
Posted

Hi ShashankJakhmola :)

Vali is currently away and asked me to take over his threads so you don't get stalled there. I see that MBAR removed the main infection (CertLock), which should allow you to install and run a scan with Malwarebytes now.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

Link to post
Share on other sites
ShashankJakhmola

ShashankJakhmola

Posted
  • Author
Posted

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/10/17
Scan Time: 3:14 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2330
License: Trial

-System Information-
OS: Windows 10 (Build 10240.16384)
CPU: x64
File System: NTFS
User: PC\SHANK

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434624
Threats Detected: 115
Threats Quarantined: 115
Time Elapsed: 11 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 110
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1088], [327205],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [1088], [327206],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Quarantined, [6315], [406765],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Quarantined, [6315], [406766],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Quarantined, [6315], [406767],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Quarantined, [6315], [406768],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Quarantined, [6315], [406769],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Quarantined, [6315], [406770],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Quarantined, [6315], [406773],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Quarantined, [6315], [406774],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Quarantined, [6315], [406775],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Quarantined, [6315], [406778],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Quarantined, [6315], [406779],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Quarantined, [6315], [406781],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Quarantined, [6315], [406788],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Quarantined, [6315], [406787],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Quarantined, [6315], [406783],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Quarantined, [6315], [406784],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Quarantined, [6315], [406789],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Quarantined, [6315], [406823],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Quarantined, [6315], [406822],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Quarantined, [6315], [406790],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Quarantined, [6315], [406791],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Quarantined, [6315], [406792],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Quarantined, [6315], [406793],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Quarantined, [6315], [406821],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Quarantined, [6315], [406806],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Quarantined, [6315], [406807],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Quarantined, [6315], [406812],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Quarantined, [6315], [406811],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Quarantined, [6315], [406810],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Quarantined, [6315], [406809],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Quarantined, [6315], [406804],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Quarantined, [6315], [406805],1.0.2330
PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\Reimage, Quarantined, [1088], [357494],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Quarantined, [6315], [406803],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Quarantined, [6315], [406802],1.0.2330
PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [1088], [327203],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Quarantined, [6315], [406801],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Quarantined, [6315], [406799],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Quarantined, [6315], [406798],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Quarantined, [6315], [406797],1.0.2330
PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1088], [327204],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Quarantined, [6315], [406796],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Quarantined, [6315], [406765],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Quarantined, [6315], [406795],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Quarantined, [6315], [406766],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Quarantined, [6315], [406786],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Quarantined, [6315], [406767],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Quarantined, [6315], [406785],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Quarantined, [6315], [406768],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Quarantined, [6315], [406777],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Quarantined, [6315], [406769],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Quarantined, [6315], [406770],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Quarantined, [6315], [406773],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Quarantined, [6315], [406774],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Quarantined, [6315], [406775],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Quarantined, [6315], [406778],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Quarantined, [6315], [406779],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Quarantined, [6315], [406781],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Quarantined, [6315], [406788],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Quarantined, [6315], [406787],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Quarantined, [6315], [406783],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Quarantined, [6315], [406784],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Quarantined, [6315], [406789],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Quarantined, [6315], [406823],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Quarantined, [6315], [406822],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Quarantined, [6315], [406790],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Quarantined, [6315], [406791],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Quarantined, [6315], [406792],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Quarantined, [6315], [406793],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Quarantined, [6315], [406821],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Quarantined, [6315], [406806],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Quarantined, [6315], [406807],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Quarantined, [6315], [406812],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Quarantined, [6315], [406811],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Quarantined, [6315], [406810],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Quarantined, [6315], [406809],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Quarantined, [6315], [406804],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Quarantined, [6315], [406805],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Quarantined, [6315], [406803],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Quarantined, [6315], [406802],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Quarantined, [6315], [406801],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Quarantined, [6315], [406799],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Quarantined, [6315], [406798],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Quarantined, [6315], [406797],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Quarantined, [6315], [406796],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Quarantined, [6315], [406795],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Quarantined, [6315], [406786],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Quarantined, [6315], [406785],1.0.2330
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Quarantined, [6315], [406777],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarantined, [1088], [336077],1.0.2330
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2330

Registry Value: 1
PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1088], [327204],1.0.2330

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.6\STANDALONEPHASE1.DAT, Quarantined, [592], [393793],1.0.2330
PUP.Optional.Reimage, C:\USERS\SHANK\APPDATA\LOCAL\TEMP\REIMAGE.LOG, Quarantined, [1088], [334717],1.0.2330
PUP.Optional.Reimage, C:\USERS\SHANK\APPDATA\LOCAL\TEMP\REIMAGEPACKAGE.EXE, Quarantined, [1088], [331559],1.0.2330
PUP.Optional.Reimage, C:\WINDOWS\REIMAGE.INI, Quarantined, [1088], [412667],1.0.2330

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Good :) Now let's run a sweep with AdwCleaner and JRT.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

Link to post
Share on other sites
ShashankJakhmola

ShashankJakhmola

Posted
  • Author
Posted

# AdwCleaner v6.047 - Logfile created 11/07/2017 at 11:29:46
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-10.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : SHANK - PC
# Running from : C:\Users\SHANK\Downloads\Programs\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader


***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage


***** [ Web browsers ] *****

[-] [C:\Users\SHANK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4635 Bytes] - [26/04/2017 12:06:40]
C:\AdwCleaner\AdwCleaner[C2].txt - [1117 Bytes] - [11/07/2017 11:29:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [4456 Bytes] - [26/04/2017 12:06:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [1664 Bytes] - [11/07/2017 11:29:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1336 Bytes] ##########

 

Link to post
Share on other sites
ShashankJakhmola

ShashankJakhmola

Posted
  • Author
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by SHANK (Administrator) on 11-07-2017 at 11:34:42.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 5

Successfully deleted: C:\ai_recyclebin (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\SHANK\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job (Task)

Deleted the following from C:\Users\SHANK\AppData\Roaming\Mozilla\Firefox\Profiles\2mh0mued.default-1494169835761\prefs.js
user_pref(browser.urlbar.suggest.searches, true);

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11-07-2017 at 11:37:09.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Almost done. Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

How's your system behaving? Are there any other issues that needs to be addressed?

fixlist.txt

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.