Jump to content

MSIDNTFS causing issues

blackmagik3

By blackmagik3
in Resolved Malware Removal Logs

 Share

Recommended Posts

Aura

Aura

Posted
Posted

Hi blackmagik3 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Good :) Do you have a USB Flash Drive? If so, how big is it?

Also, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites
blackmagik3

blackmagik3

Posted
  • Author
Posted

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017 02
Ran by admin (12-09-2017 11:09:32) Run:4
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows
CMD: dir C:\Windows\system32\drivers
*****************


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= dir C:\Windows =========

 Volume in drive C has no label.
 Volume Serial Number is C0FC-D9C2

 Directory of C:\Windows

09/12/2017  10:13 AM    <DIR>          .
09/12/2017  10:13 AM    <DIR>          ..
03/18/2017  02:03 PM    <DIR>          addins
09/08/2017  10:38 AM    <DIR>          appcompat
09/07/2017  11:15 AM    <DIR>          AppPatch
09/12/2017  09:42 AM    <DIR>          AppReadiness
09/07/2017  11:16 AM    <DIR>          assembly
03/18/2017  02:03 PM    <DIR>          bcastdvr
06/03/2017  01:51 AM            64,512 bfsvc.exe
03/18/2017  02:03 PM    <DIR>          Boot
03/18/2017  02:03 PM    <DIR>          Branding
09/12/2017  09:34 AM    <DIR>          CbsTemp
09/07/2017  01:38 PM    <DIR>          CSC
09/11/2017  12:23 PM    <DIR>          Cursors
09/07/2017  06:15 AM    <DIR>          debug
03/18/2017  02:03 PM    <DIR>          diagnostics
03/18/2017  07:28 PM    <DIR>          DigitalLocker
09/07/2017  03:56 AM            10,452 DPINST.LOG
09/07/2017  01:35 PM             1,947 DtcInstall.log
03/18/2017  07:28 PM    <DIR>          en-US
06/19/2017  11:04 PM         4,847,424 explorer.exe
03/18/2017  02:03 PM    <DIR>          GameBarPresenceWriter
03/18/2017  02:03 PM    <DIR>          Globalization
09/07/2017  05:21 PM    <DIR>          Help
06/03/2017  01:59 AM           975,360 HelpPane.exe
03/18/2017  01:57 PM            18,432 hh.exe
09/07/2017  01:34 PM    <DIR>          HoloShell
03/18/2017  07:28 PM    <DIR>          IME
09/07/2017  11:15 AM    <DIR>          ImmersiveControlPanel
09/11/2017  10:52 PM    <DIR>          INF
03/18/2017  02:03 PM    <DIR>          InfusedApps
03/18/2017  02:03 PM    <DIR>          InputMethod
03/18/2017  02:03 PM    <DIR>          L2Schemas
09/07/2017  01:04 PM    <DIR>          LastGood.Tmp
09/07/2017  05:23 PM    <DIR>          LiveKernelReports
09/07/2017  01:46 PM    <DIR>          Logs
09/07/2017  01:34 PM             1,342 lsasetup.log
09/11/2017  09:14 PM     1,987,515,983 MEMORY.DMP
03/18/2017  01:57 PM            43,131 mib.bin
09/11/2017  09:51 PM    <DIR>          Microsoft.NET
03/18/2017  02:03 PM    <DIR>          Migration
09/11/2017  09:15 PM    <DIR>          Minidump
09/07/2017  01:34 PM    <DIR>          MiracastView
03/18/2017  02:03 PM    <DIR>          ModemLogs
09/02/2016  02:38 AM                 0 MSUTIL.INI
03/18/2017  01:58 PM           246,784 notepad.exe
08/21/2017  06:01 PM             1,951 NvContainerRecovery.bat
08/21/2017  06:01 PM             1,951 NvTelemetryContainerRecovery.bat
03/18/2017  07:30 PM    <DIR>          OCR
03/18/2017  02:03 PM    <DIR>          Offline Web Pages
09/07/2017  01:35 PM    <DIR>          Panther
03/18/2017  02:03 PM    <DIR>          Performance
09/11/2017  10:52 PM            19,436 PFRO.log
03/18/2017  02:03 PM    <DIR>          PLA
09/07/2017  11:15 AM    <DIR>          PolicyDefinitions
09/12/2017  10:59 AM    <DIR>          Prefetch
09/07/2017  01:34 PM    <DIR>          PrintDialog
03/18/2017  01:59 PM            34,774 Professional.xml
09/07/2017  11:15 AM    <DIR>          Provisioning
09/11/2017  11:54 PM    <DIR>          pss
03/18/2017  01:57 PM           321,024 regedit.exe
03/18/2017  02:03 PM    <DIR>          Registration
03/18/2017  07:31 PM    <DIR>          RemotePackages
09/10/2017  04:12 PM    <DIR>          rescache
03/18/2017  02:03 PM    <DIR>          Resources
03/18/2017  02:03 PM    <DIR>          SchCache
03/18/2017  07:31 PM    <DIR>          schemas
03/18/2017  07:31 PM    <DIR>          security
09/07/2017  01:34 PM    <DIR>          ServiceProfiles
03/18/2017  07:28 PM    <DIR>          servicing
03/18/2017  02:06 PM    <DIR>          Setup
09/11/2017  09:15 PM            30,244 setupact.log
09/07/2017  05:31 PM               103 setuperr.log
09/07/2017  11:15 AM    <DIR>          ShellExperiences
03/18/2017  07:29 PM    <DIR>          SKB
09/07/2017  05:12 PM    <DIR>          SoftwareDistribution
03/18/2017  02:03 PM    <DIR>          Speech
03/18/2017  02:03 PM    <DIR>          Speech_OneCore
03/18/2017  01:58 PM           130,560 splwow64.exe
03/18/2017  02:03 PM    <DIR>          System
03/18/2017  02:01 PM               219 system.ini
09/12/2017  10:55 AM    <DIR>          System32
03/18/2017  07:31 PM    <DIR>          SystemApps
03/18/2017  07:31 PM    <DIR>          SystemResources
09/09/2017  09:58 PM    <DIR>          SysWOW64
03/18/2017  02:03 PM    <DIR>          TAPI
09/12/2017  10:43 AM    <DIR>          Tasks
09/12/2017  10:58 AM    <DIR>          Temp
03/18/2017  02:03 PM    <DIR>          tracing
03/18/2017  02:03 PM    <DIR>          twain_32
03/18/2017  01:58 PM            65,536 twain_32.dll
01/30/2008  06:36 PM            90,112 unvise32.exe
03/18/2017  02:03 PM    <DIR>          Vss
03/18/2017  02:03 PM    <DIR>          Web
03/18/2017  02:01 PM                92 win.ini
09/12/2017  10:52 AM               275 WindowsUpdate.log
03/18/2017  01:58 PM            10,240 winhlp32.exe
09/12/2017  02:42 AM    <DIR>          WinSxS
03/18/2017  01:56 PM           316,640 WMSysPr9.prx
03/18/2017  01:58 PM            11,264 write.exe
              27 File(s)  1,994,759,788 bytes
              73 Dir(s)  241,079,439,360 bytes free

========= End of CMD: =========


========= dir C:\Windows\system32\drivers =========

 Volume in drive C has no label.
 Volume Serial Number is C0FC-D9C2

 Directory of C:\Windows\system32\drivers

09/12/2017  10:49 AM    <DIR>          .
09/12/2017  10:49 AM    <DIR>          ..
09/12/2017  09:45 AM           253,888 050F0493.sys
09/12/2017  09:51 AM           253,888 120C0921.sys
09/12/2017  12:12 AM           253,888 13874E25.sys
03/18/2017  01:56 PM           238,080 1394ohci.sys
09/12/2017  12:16 AM           253,888 2045511B.sys
09/12/2017  12:16 AM           253,888 245B5107.sys
09/12/2017  09:45 AM           253,888 33210483.sys
03/18/2017  01:56 PM           107,424 3ware.sys
09/12/2017  10:46 AM           253,888 602532D8.sys
09/11/2017  10:52 PM           253,888 632910B0.sys
09/12/2017  12:31 AM           253,888 75F65C4B.sys
07/27/2017  10:23 PM           723,360 acpi.sys
03/18/2017  01:56 PM            20,480 AcpiDev.sys
03/18/2017  01:56 PM           127,392 acpiex.sys
03/18/2017  01:56 PM            12,800 acpipagr.sys
03/18/2017  01:56 PM            14,848 acpipmi.sys
03/18/2017  01:56 PM            14,336 acpitime.sys
03/18/2017  01:56 PM         1,135,512 adp80xx.sys
03/18/2017  01:57 PM           610,712 afd.sys
09/11/2017  12:23 PM            79,064 aflssev.sys
03/18/2017  01:58 PM           108,544 agilevpn.sys
03/18/2017  01:57 PM           239,616 ahcache.sys
03/18/2017  01:56 PM           176,640 amdk8.sys
03/18/2017  01:56 PM           172,544 amdppm.sys
03/18/2017  01:56 PM            83,352 amdsata.sys
03/18/2017  01:56 PM           259,488 amdsbs.sys
03/18/2017  01:56 PM            27,040 amdxata.sys
03/18/2017  01:58 PM           184,736 appid.sys
03/18/2017  01:58 PM            17,920 applockerfltr.sys
03/18/2017  07:30 PM           127,904 AppVStrm.sys
03/18/2017  07:30 PM           161,696 AppvVemgr.sys
03/18/2017  07:30 PM           143,776 AppvVfs.sys
03/18/2017  01:56 PM           132,000 arcsas.sys
03/18/2017  01:57 PM            28,672 asyncmac.sys
03/18/2017  01:56 PM            29,088 atapi.sys
03/18/2017  01:56 PM           194,464 ataport.sys
03/18/2017  01:56 PM            57,344 BasicDisplay.sys
06/03/2017  02:11 AM            35,840 BasicRender.sys
03/18/2017  01:56 PM            36,256 battc.sys
07/28/2015  01:49 PM           199,472 bcbtums.sys
07/28/2015  01:38 PM            70,006 BCM20702A1_001.002.014.1443.1714.hex
03/18/2017  01:56 PM             9,728 bcmfn2.sys
03/18/2017  01:57 PM            10,240 beep.sys
09/11/2017  09:51 PM            79,064 bkddf.sys
03/18/2017  01:56 PM           101,888 bowser.sys
07/27/2017  09:25 PM           115,712 bridge.sys
03/18/2017  01:56 PM            23,552 BtaMPM.sys
03/18/2017  01:56 PM            43,520 BthAvrcpTg.sys
07/27/2017  09:25 PM           105,472 bthenum.sys
07/27/2017  09:08 PM            97,792 bthhfenum.sys
03/18/2017  01:56 PM            32,256 BthhfHid.sys
03/18/2017  01:56 PM            66,560 bthmodem.sys
07/06/2017  11:22 PM           130,048 bthpan.sys
07/27/2017  09:20 PM           982,016 bthport.sys
03/18/2017  01:56 PM            85,504 BTHUSB.SYS
07/28/2015  01:49 PM           214,328 btwampfl.sys
03/18/2017  01:56 PM            39,424 buttonconverter.sys
03/18/2017  01:56 PM           533,920 bxvbda.sys
03/18/2017  01:56 PM            53,664 CAD.sys
03/18/2017  01:56 PM           122,880 capimg.sys
03/18/2017  01:57 PM            93,184 cdfs.sys
03/18/2017  01:56 PM           160,256 cdrom.sys
03/18/2017  01:57 PM            77,216 CEA.sys
03/18/2017  01:56 PM           102,816 cht4dx64.sys
03/18/2017  01:56 PM           347,032 cht4sx64.sys
03/18/2017  01:56 PM         2,104,224 cht4vx64.sys
03/18/2017  01:56 PM            49,152 circlass.sys
03/18/2017  01:57 PM           391,584 Classpnp.sys
03/18/2017  01:58 PM            12,288 cldflt.sys
07/31/2017  07:38 PM           382,368 clfs.sys
03/18/2017  01:58 PM           877,472 ClipSp.sys
03/18/2017  01:56 PM            30,208 CmBatt.sys
03/18/2017  01:56 PM            28,064 cmimcext.sys
03/18/2017  01:58 PM           642,688 cng.sys
03/18/2017  01:57 PM            39,840 cnghwassist.sys
03/18/2017  01:57 PM            56,224 condrv.sys
03/18/2017  01:57 PM            86,432 crashdmp.sys
03/18/2017  07:30 PM           559,104 csc.sys
05/19/2017  11:59 PM           112,544 dam.sys
03/18/2017  01:56 PM            45,568 devauthe.sys
03/18/2017  01:57 PM           150,528 dfsc.sys
03/18/2017  01:56 PM           102,816 disk.sys
03/18/2017  01:58 PM            38,816 Diskdump.sys
03/18/2017  01:57 PM            15,360 Dmpusbstor.sys
03/18/2017  01:56 PM            47,104 dmvsc.sys
03/18/2017  01:56 PM            97,280 drmk.sys
03/18/2017  01:56 PM            16,232 drmkaud.sys
03/18/2017  01:57 PM            35,744 Dumpata.sys
03/18/2017  01:59 PM            91,152 dumpfve.sys
05/19/2017  11:58 PM           188,824 dumpsd.sys
03/18/2017  01:58 PM            32,256 dumpsdport.sys
03/18/2017  01:57 PM            25,600 Dumpstorport.sys
07/31/2017  07:32 PM         2,444,704 dxgkrnl.sys
03/31/2017  05:52 PM           409,504 dxgmms1.sys
07/31/2017  07:32 PM           712,600 dxgmms2.sys
03/18/2017  01:56 PM           524,800 e1i63x64.sys
03/18/2017  01:57 PM            88,992 EhStorClass.sys
03/18/2017  01:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  07:31 PM    <DIR>          en-US
03/18/2017  01:56 PM            13,824 errdev.sys
03/18/2017  02:03 PM    <DIR>          etc
03/18/2017  01:56 PM         3,419,040 evbda.sys
03/18/2017  01:57 PM           347,136 exfat.sys
09/12/2017  10:49 AM           101,824 farflt.sys
05/19/2017  11:53 PM           363,424 fastfat.sys
03/18/2017  01:56 PM            32,768 fdc.sys
03/18/2017  01:56 PM            54,272 filecrypt.sys
03/18/2017  01:57 PM            86,432 fileinfo.sys
03/18/2017  01:57 PM            36,864 filetrace.sys
03/18/2017  01:56 PM            26,624 flpydisk.sys
03/18/2017  01:57 PM           386,464 fltMgr.sys
03/18/2017  01:56 PM            63,904 fsdepends.sys
03/18/2017  01:57 PM            33,688 fs_rec.sys
07/27/2017  10:15 PM           715,168 fvevol.sys
03/18/2017  01:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  01:56 PM            21,504 genericusbfn.sys
03/18/2017  01:57 PM         3,440,660 gm.dls
03/18/2017  01:57 PM               646 gmreadme.txt
03/18/2017  01:58 PM             8,192 gpuenergydrv.sys
06/19/2017  10:12 PM            86,528 hdaudbus.sys
03/18/2017  01:56 PM           416,256 HdAudio.sys
03/18/2017  01:56 PM            38,296 hidbatt.sys
03/18/2017  01:56 PM           106,496 hidbth.sys
03/18/2017  01:56 PM           180,736 hidclass.sys
03/18/2017  01:56 PM            52,224 hidi2c.sys
03/18/2017  01:56 PM            51,104 hidinterrupt.sys
03/18/2017  01:56 PM            46,592 hidir.sys
03/18/2017  01:56 PM            40,960 hidparse.sys
03/18/2017  01:56 PM            40,960 hidusb.sys
03/18/2017  01:56 PM            64,416 HpSAMD.sys
07/07/2017  12:07 AM         1,106,848 http.sys
03/18/2017  01:57 PM            74,648 hvservice.sys
03/18/2017  01:56 PM           118,688 hvsocket.sys
03/18/2017  01:57 PM            29,600 hwpolicy.sys
03/18/2017  01:56 PM            16,896 hyperkbd.sys
03/18/2017  01:56 PM           115,200 i8042prt.sys
03/18/2017  01:56 PM            33,280 iagpio.sys
03/18/2017  01:56 PM            81,408 iai2c.sys
03/18/2017  01:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  01:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  01:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  01:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  01:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  01:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  01:56 PM           673,184 iaStorAV.sys
03/18/2017  01:56 PM           412,064 iaStorV.sys
03/18/2017  01:56 PM           526,240 ibbus.sys
03/18/2017  01:58 PM            36,864 IndirectKmd.sys
03/18/2017  01:56 PM            19,360 intelide.sys
06/16/2017  12:52 PM           134,008 IntelNit.sys
03/18/2017  01:56 PM            74,840 intelpep.sys
03/18/2017  01:56 PM           193,536 intelppm.sys
03/18/2017  01:57 PM            49,568 iorate.sys
03/18/2017  01:57 PM            87,040 ipfltdrv.sys
03/18/2017  01:56 PM            92,064 IPMIDrv.sys
03/18/2017  01:58 PM           214,528 ipnat.sys
03/18/2017  01:57 PM           120,320 irda.sys
03/18/2017  01:57 PM            19,968 irenum.sys
03/18/2017  01:56 PM            22,944 isapnp.sys
03/18/2017  01:56 PM            64,416 kbdclass.sys
03/18/2017  01:56 PM            40,448 kbdhid.sys
03/18/2017  01:56 PM            23,040 kdnic.sys
03/18/2017  01:58 PM           390,144 ks.sys
03/18/2017  01:57 PM           136,088 ksecdd.sys
03/18/2017  01:58 PM           170,912 ksecpkg.sys
05/19/2017  11:10 PM            27,136 ksthunk.sys
03/18/2017  01:58 PM            66,560 lltdio.sys
03/18/2017  01:56 PM           108,960 lsi_sas.sys
03/18/2017  01:56 PM           123,808 lsi_sas2i.sys
03/18/2017  01:56 PM           103,328 lsi_sas3i.sys
03/18/2017  01:56 PM            82,848 lsi_sss.sys
03/18/2017  01:57 PM           124,928 luafv.sys
03/18/2017  01:56 PM           405,408 mausbhost.sys
03/18/2017  01:56 PM            51,104 mausbip.sys
08/24/2017  11:27 AM            77,440 mbae64.sys
09/12/2017  10:49 AM            45,472 mbam.sys
09/12/2017  10:36 AM           192,960 MBAMChameleon.sys
09/12/2017  10:49 AM           253,888 MBAMSwissArmy.sys
03/18/2017  01:57 PM            23,552 mcd.sys
03/18/2017  01:56 PM            59,808 megasas.sys
03/18/2017  01:56 PM            64,416 MegaSas2i.sys
03/18/2017  01:56 PM           575,904 megasr.sys
07/27/2017  09:25 PM            97,280 Microsoft.Bluetooth.Legacy.LEEnumerator.sys
03/18/2017  01:56 PM           842,656 mlx4_bus.sys
03/18/2017  01:57 PM            50,688 mmcss.sys
03/18/2017  01:57 PM            42,496 modem.sys
03/18/2017  01:56 PM            39,424 monitor.sys
03/18/2017  01:56 PM            60,320 mouclass.sys
03/18/2017  01:56 PM            33,280 mouhid.sys
03/18/2017  01:57 PM           105,880 mountmgr.sys
03/18/2017  01:58 PM            76,800 mpsdrv.sys
03/18/2017  01:57 PM           144,384 mrxdav.sys
03/18/2017  01:57 PM           467,352 mrxsmb.sys
07/06/2017  11:08 PM           285,696 mrxsmb10.sys
07/07/2017  12:12 AM           228,256 mrxsmb20.sys
03/18/2017  01:57 PM            31,744 msfs.sys
03/18/2017  01:57 PM           169,888 msgpioclx.sys
03/18/2017  01:56 PM            49,056 msgpiowin32.sys
03/18/2017  01:57 PM             8,704 mshidkmdf.sys
03/18/2017  01:57 PM            12,288 mshidumdf.sys
09/12/2017  10:49 AM            81,696 msidntfs.sys
03/18/2017  01:56 PM            19,352 msisadrv.sys
07/27/2017  10:20 PM           279,968 msiscsi.sys
06/19/2017  10:14 PM            32,768 mskssrv.sys
03/18/2017  01:57 PM            83,456 mslldp.sys
03/18/2017  01:58 PM            10,752 mspclock.sys
03/18/2017  01:58 PM            10,752 mspqm.sys
03/18/2017  01:57 PM           367,000 msrpc.sys
03/18/2017  07:31 PM           230,816 mssecflt.sys
03/18/2017  01:56 PM            44,960 mssmbios.sys
03/18/2017  01:58 PM            12,800 mstee.sys
03/18/2017  01:56 PM            16,896 MTConfig.sys
03/18/2017  01:57 PM           123,808 mup.sys
03/18/2017  01:56 PM            63,904 mvumis.sys
09/12/2017  12:21 AM            94,144 mwac.sys
03/18/2017  01:56 PM           108,960 ndfltr.sys
06/19/2017  11:08 PM         1,242,528 ndis.sys
03/18/2017  01:57 PM            50,688 ndiscap.sys
03/18/2017  01:57 PM           128,512 NdisImPlatform.sys
03/18/2017  01:58 PM            27,136 ndistapi.sys
03/18/2017  01:58 PM            65,536 ndisuio.sys
03/18/2017  01:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  01:58 PM           192,000 ndiswan.sys
03/18/2017  01:58 PM            62,464 ndproxy.sys
03/18/2017  01:58 PM           127,488 Ndu.sys
03/18/2017  01:57 PM           122,368 NetAdapterCx.sys
03/18/2017  01:57 PM            57,760 netbios.sys
03/18/2017  01:57 PM           305,152 netbt.sys
07/07/2017  12:20 AM           519,584 netio.sys
04/18/2017  11:18 PM           118,784 netvsc.sys
03/18/2017  01:57 PM            69,120 npfs.sys
03/18/2017  01:56 PM            27,136 npsvctrig.sys
03/18/2017  01:57 PM            41,984 nsiproxy.sys
07/27/2017  10:24 PM         2,327,456 ntfs.sys
03/18/2017  01:57 PM            20,376 ntosext.sys
03/18/2017  01:57 PM             7,680 null.sys
03/18/2017  01:56 PM            80,896 nvdimmn.sys
08/21/2017  06:01 PM           218,712 nvhda64v.sys
03/18/2017  01:56 PM           150,432 nvraid.sys
03/18/2017  01:56 PM           166,304 nvstor.sys
08/21/2017  06:01 PM            48,248 nvvad64v.sys
08/21/2017  06:01 PM            57,976 nvvhci.sys
03/18/2017  01:58 PM           549,888 nwifi.sys
03/18/2017  01:57 PM           152,992 pacer.sys
03/18/2017  01:56 PM            97,792 parport.sys
03/18/2017  01:57 PM           159,648 partmgr.sys
03/18/2017  01:56 PM           353,696 pci.sys
03/18/2017  01:56 PM            16,800 pciide.sys
03/18/2017  01:56 PM            53,656 pciidex.sys
03/18/2017  01:56 PM           120,224 pcmcia.sys
03/18/2017  01:57 PM            52,640 pcw.sys
07/07/2017  12:24 AM           117,664 pdc.sys
03/18/2017  01:58 PM           741,376 PEAuth.sys
03/18/2017  01:56 PM            58,784 percsas2i.sys
03/18/2017  01:56 PM            61,848 percsas3i.sys
03/18/2017  01:56 PM           101,376 pmem.sys
03/18/2017  01:56 PM           373,248 portcls.sys
03/18/2017  01:56 PM           172,032 processr.sys
03/18/2017  01:57 PM            49,664 qwavedrv.sys
03/18/2017  01:57 PM            17,920 rasacd.sys
09/12/2017  10:48 AM           116,048 rasfjmps.sys
03/18/2017  01:58 PM           107,008 rasl2tp.sys
03/18/2017  01:57 PM            81,920 raspppoe.sys
03/18/2017  01:58 PM            97,792 raspptp.sys
03/18/2017  01:58 PM            79,872 rassstp.sys
03/18/2017  01:57 PM           434,080 rdbss.sys
03/18/2017  07:31 PM            27,136 rdpbus.sys
03/18/2017  07:30 PM           183,296 rdpdr.sys
03/18/2017  07:30 PM            30,624 rdpvideominiport.sys
03/18/2017  01:57 PM           282,528 rdyboost.sys
03/18/2017  01:57 PM         1,735,584 refs.sys
03/18/2017  01:57 PM           936,864 refsv1.sys
03/18/2017  01:57 PM            14,336 registry.sys
07/31/2017  06:41 PM           180,736 rfcomm.sys
03/18/2017  01:56 PM            40,960 RfxVmt.sys
03/18/2017  01:57 PM           150,016 rmcast.sys
03/18/2017  01:57 PM            34,816 RNDISMP.sys
05/19/2017  11:08 PM            13,312 rootmdm.sys
03/18/2017  01:58 PM            82,432 rspndr.sys
03/18/2017  01:56 PM           110,496 sbp2port.sys
03/18/2017  01:57 PM            43,520 scfilter.sys
03/18/2017  01:56 PM            91,040 scmbus.sys
03/18/2017  01:57 PM           175,520 scsiport.sys
05/20/2017  12:07 AM           287,648 sdbus.sys
03/18/2017  01:56 PM            31,128 SDFRd.sys
03/18/2017  01:56 PM            98,208 sdport.sys
03/18/2017  01:56 PM            94,624 sdstor.sys
03/18/2017  01:57 PM            75,680 SerCx.sys
03/18/2017  01:57 PM           154,016 SerCx2.sys
03/18/2017  01:56 PM            26,112 serenum.sys
03/18/2017  01:56 PM            84,480 serial.sys
03/18/2017  01:56 PM            28,672 sermouse.sys
03/18/2017  01:56 PM            18,432 sfloppy.sys
03/18/2017  01:56 PM            44,960 sisraid2.sys
03/18/2017  01:56 PM            81,824 sisraid4.sys
03/18/2017  01:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  01:57 PM            21,504 smclib.sys
03/18/2017  01:56 PM           167,328 spacedump.sys
03/18/2017  01:56 PM           587,168 spaceport.sys
03/18/2017  07:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  01:57 PM            80,288 SpbCx.sys
04/27/2017  04:54 PM           414,208 srv.sys
04/27/2017  04:54 PM           722,944 srv2.sys
03/18/2017  01:57 PM           255,488 srvnet.sys
03/18/2017  01:56 PM            31,136 stexstor.sys
05/19/2017  11:54 PM           144,288 storahci.sys
03/18/2017  01:56 PM            95,648 stornvme.sys
05/19/2017  11:54 PM           546,208 storport.sys
03/18/2017  01:58 PM            79,872 storqosflt.sys
03/18/2017  01:56 PM            36,760 storufs.sys
03/18/2017  01:56 PM            36,768 storvsc.sys
03/18/2017  01:57 PM            75,776 stream.sys
03/18/2017  01:56 PM            18,336 swenum.sys
03/18/2017  01:56 PM            64,512 Synth3dVsc.sys
03/18/2017  01:57 PM            31,232 tape.sys
03/18/2017  01:57 PM            28,064 tbs.sys
07/27/2017  10:10 PM         2,679,200 tcpip.sys
03/18/2017  01:57 PM            51,712 tcpipreg.sys
03/18/2017  01:57 PM            40,352 tdi.sys
07/31/2017  07:36 PM           119,712 tdx.sys
01/19/2016  10:50 PM           202,032 TeeDriverW8x64.sys
03/18/2017  07:31 PM            37,280 terminpt.sys
06/03/2017  03:10 AM           130,464 tm.sys
06/03/2017  03:00 AM           219,040 tpm.sys
03/18/2017  01:56 PM            61,440 TsUsbFlt.sys
03/18/2017  01:56 PM            35,328 TsUsbGD.sys
03/18/2017  07:30 PM           125,952 tsusbhub.sys
03/18/2017  01:58 PM           162,304 tunnel.sys
03/18/2017  01:56 PM            78,752 uaspstor.sys
03/18/2017  01:58 PM           104,448 UcmCx.sys
03/18/2017  01:58 PM           179,200 UcmTcpciCx.sys
07/27/2017  09:27 PM            51,712 UcmUcsi.sys
03/18/2017  01:56 PM           213,920 Ucx01000.sys
03/18/2017  01:56 PM            45,568 Udecx.sys
03/18/2017  01:57 PM           324,096 udfs.sys
03/18/2017  01:56 PM            29,600 uefi.sys
03/18/2017  07:31 PM            40,344 UevAgentDriver.sys
03/18/2017  01:58 PM           263,584 ufx01000.sys
03/18/2017  01:56 PM            98,712 UfxChipidea.sys
03/18/2017  01:56 PM           138,656 ufxsynopsys.sys
03/18/2017  01:56 PM            57,856 umbus.sys
09/07/2017  11:15 AM    <DIR>          UMDF
03/18/2017  01:56 PM            14,336 umpass.sys
03/18/2017  01:56 PM            29,600 urschipidea.sys
03/18/2017  01:58 PM            59,288 urscx01000.sys
03/18/2017  01:56 PM            28,064 urssynopsys.sys
03/18/2017  01:57 PM            23,040 usb8023.sys
03/18/2017  01:57 PM            37,888 USBCAMD2.sys
03/18/2017  01:56 PM           173,984 usbccgp.sys
03/18/2017  01:56 PM           103,424 usbcir.sys
03/18/2017  01:56 PM            32,160 usbd.sys
03/18/2017  01:56 PM            98,200 usbehci.sys
03/18/2017  01:56 PM           511,904 usbhub.sys
07/27/2017  10:15 PM           554,400 USBHUB3.SYS
03/18/2017  01:56 PM            30,720 usbohci.sys
03/18/2017  01:56 PM           466,336 usbport.sys
03/18/2017  01:56 PM            27,136 usbprint.sys
03/18/2017  01:56 PM            32,768 usbrpm.sys
03/18/2017  01:56 PM            71,680 usbser.sys
03/18/2017  01:56 PM           131,488 USBSTOR.SYS
03/18/2017  01:56 PM            35,328 usbuhci.sys
04/27/2017  05:59 PM           388,000 USBXHCI.SYS
03/18/2017  01:56 PM            54,176 vdrvroot.sys
03/18/2017  01:57 PM           215,456 VerifierExt.sys
05/19/2017  11:54 PM           730,016 vhdmp.sys
03/18/2017  01:56 PM            35,328 vhf.sys
03/18/2017  01:57 PM            49,664 videoprt.sys
07/31/2017  07:30 PM            82,336 vmbkmcl.sys
07/31/2017  06:44 PM            83,968 vmbkmclr.sys
03/18/2017  01:56 PM           107,424 vmbus.sys
03/18/2017  01:56 PM            25,088 VMBusHID.sys
03/18/2017  01:56 PM            13,824 vmgencounter.sys
03/18/2017  01:56 PM            10,240 vmgid.sys
03/18/2017  01:56 PM             9,216 vms3cap.sys
03/18/2017  01:56 PM            47,520 vmstorfl.sys
03/18/2017  01:56 PM            83,360 volmgr.sys
03/18/2017  01:57 PM           373,664 volmgrx.sys
03/18/2017  01:57 PM           397,216 volsnap.sys
03/18/2017  01:56 PM            16,288 volume.sys
03/18/2017  01:56 PM            74,656 vpci.sys
03/18/2017  01:56 PM           166,816 vsmraid.sys
03/18/2017  01:56 PM           305,568 VSTXRAID.SYS
03/18/2017  01:58 PM            27,136 vwifibus.sys
03/18/2017  01:58 PM            77,312 vwififlt.sys
03/18/2017  01:58 PM            41,472 vwifimp.sys
03/18/2017  01:56 PM            30,720 wacompen.sys
03/18/2017  01:58 PM            81,408 wanarp.sys
03/18/2017  01:57 PM            55,808 watchdog.sys
06/19/2017  11:00 PM           142,752 wcifs.sys
03/18/2017  01:57 PM            72,192 wcnfs.sys
03/18/2017  01:56 PM            44,632 WdBoot.sys
03/18/2017  01:57 PM           902,376 Wdf01000.sys
03/18/2017  01:56 PM           294,816 WdFilter.sys
03/18/2017  01:57 PM            61,672 WdfLdr.sys
06/19/2017  10:07 PM           757,248 WdiWiFi.sys
03/18/2017  01:56 PM           121,248 WdNisDrv.sys
03/18/2017  01:57 PM            46,488 werkernel.sys
03/18/2017  01:57 PM           164,768 wfplwfs.sys
03/18/2017  01:57 PM            35,744 wimmount.sys
03/18/2017  01:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  01:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  01:56 PM            31,648 winhv.sys
03/18/2017  01:57 PM            55,296 winhvr.sys
03/18/2017  01:56 PM            32,160 winmad.sys
03/18/2017  01:58 PM           217,088 winnat.sys
03/18/2017  01:56 PM            90,112 winusb.sys
03/18/2017  01:56 PM            64,920 winverbs.sys
03/18/2017  01:56 PM            18,432 wmiacpi.sys
03/18/2017  01:57 PM            20,384 wmilib.sys
03/18/2017  01:57 PM           208,288 wof.sys
03/18/2017  01:59 PM            30,624 WpdUpFltr.sys
03/18/2017  01:57 PM            33,184 WppRecorder.sys
03/18/2017  01:57 PM            23,552 ws2ifsl.sys
03/18/2017  01:57 PM           100,864 WUDFPf.sys
03/18/2017  01:57 PM           220,672 WUDFRd.sys
05/19/2017  11:07 PM           277,504 xboxgip.sys
03/18/2017  01:56 PM            46,592 xinputhid.sys
             414 File(s)     80,010,168 bytes
               5 Dir(s)  241,079,357,440 bytes free

========= End of CMD: =========


==== End of Fixlog 11:09:33 ====

Link to post
Share on other sites
Aura

Aura

Posted
Posted

And now for the fun part.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

fixlist.txt

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Good :) Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Link to post
Share on other sites
blackmagik3

blackmagik3

Posted
  • Author
Posted

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/12/17
Scan Time: 12:34 PM
Log File: 712446c0-97f1-11e7-b0a0-6045cb609b53.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2787
License: Trial

-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: DESKTOP-7Q467GF\admin

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382255
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 0 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
Aura

Aura

Posted
Posted

That didn't take long. There's something I would like to check. Can you go back in the Recovery Environment, launch FRST, but this time use the Scan button instead of the Fix one?

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

Link to post
Share on other sites
blackmagik3

blackmagik3

Posted
  • Author
Posted

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/12/17
Scan Time: 3:39 PM
Log File: 3a1c3cfe-980b-11e7-8c4e-6045cb609b53.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2788
License: Trial

-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: DESKTOP-7Q467GF\admin

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382974
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Rootkit.Agent.PUA, C:\Windows\System32\drivers\raswzcfj.sys, Quarantined, [6009], [427182],0.0.0

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Alright, now let's do a sweep with AdwCleaner and RogueKiller.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log
  • Copy/pasted RogueKiller clean log

Link to post
Share on other sites
blackmagik3

blackmagik3

Posted
  • Author
Posted

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 12 22:50:32 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-12-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: APNG - 
PUP.Optional.Legacy, SearchProvider found: Ask - websearch.ask.com
PUP.Optional.AmazonBrowserBar, Plugin found: Amazon Assistant for Chrome - 

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1444 B] - [2017/9/12 7:30:20]
C:/AdwCleaner/AdwCleaner[S0].txt - [1541 B] - [2017/9/12 7:28:31]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

Link to post
Share on other sites
blackmagik3

blackmagik3

Posted
  • Author
Posted

RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : admin [Administrator]
Started from : C:\Users\admin\Desktop\RogueKiller64.exe
Mode : Delete -- Date : 09/12/2017 15:59:29 (Duration : 00:20:25)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-789244946-2469842990-2269019741-1001\Software\IM -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-789244946-2469842990-2269019741-1001\Software\IM -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 4 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
[PUP.Gen0][Chrome:Addon] Default : APNG [ehkepjiconegkhpodgoaeamnpckdbblp] -> ERROR [2]
[PUP.Gen0][Chrome:Addon] Default : Amazon Assistant for Chrome [pbjikboenpfhbbejgkoklgkhjpfogcam] -> ERROR [2]
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://mail.google.com/] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2003FZEX-00SRLA0 +++++
--- User ---
[MBR] 703903d4f3903668c4dc30991ba79209
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 1907600 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung SSD 850 EVO 500GB +++++
--- User ---
[MBR] 5b2600847e5b247b2af35cd5a6c9294b
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 476374 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic Flash Disk USB Device +++++
--- User ---
[MBR] 90c955dd5e4eb3da9909eeae41974756
[BSP] 475df732712c291a84b942e8ed531bd2 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 696 | Size: 3909 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 12 22:50:32 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-12-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: APNG - 
PUP.Optional.Legacy, SearchProvider found: Ask - websearch.ask.com
PUP.Optional.AmazonBrowserBar, Plugin found: Amazon Assistant for Chrome - 

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1444 B] - [2017/9/12 7:30:20]
C:/AdwCleaner/AdwCleaner[S0].txt - [1541 B] - [2017/9/12 7:28:31]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Good :) Now, let's get a fresh set of FRST logs to see what's left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites
Aura

Aura

Posted
Posted

No problem :) We're almost done!

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept