Jump to content
Axr

Malware in my computer

Recommended Posts

I have paid version malwarebytes with antiexploit  ransomware. I have trojan, worm, roothkit that bypassed emsisoft, emet, etc

Cannot boot up. Shown as security suite, avira rescue disk show 57 variants of tr/crypt.xpack.gen3

On windows 7 homecpremium. I have oem recovery disk as well as tetail copy of windows 7 ultima. Fresh installs do not work

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018

Ran by SYSTEM on MININT-3HCVRQ6 (12-04-2018 04:44:50)

Running from H:\M

Platform: Windows 7 Home Premium (X86) Language: English (United States)

Internet Explorer Version 8

Boot Mode: Recovery

Default: ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,

HKLM\...\Winlogon: [Shell] explorer.exe [x ] ()

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe

HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [132944 2018-03-22] (VoodooSoft, LLC )

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

S3 AeLookupSvc; %SystemRoot%\System32\aelupsvc.dll [X]

S3 ALG; %SystemRoot%\System32\alg.exe [X]

S3 AppIDSvc; %SystemRoot%\System32\appidsvc.dll [X]

S3 Appinfo; %SystemRoot%\System32\appinfo.dll [X]

S4 AudioEndpointBuilder; %SystemRoot%\System32\Audiosrv.dll [X]

S4 Audiosrv; %SystemRoot%\System32\Audiosrv.dll [X]

S4 AxInstSV; %SystemRoot%\System32\AxInstSV.dll [X]

S3 BDESVC; %SystemRoot%\System32\bdesvc.dll [X]

S2 BFE; %SystemRoot%\System32\bfe.dll [X]

S3 BITS; %SystemRoot%\System32\qmgr.dll [X]

S4 Browser; %SystemRoot%\System32\browser.dll [X]

S4 bthserv; %SystemRoot%\system32\bthserv.dll [X]

S3 CertPropSvc; %SystemRoot%\System32\certprop.dll [X]

S2 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]

S2 CryptSvc; %SystemRoot%\system32\cryptsvc.dll [X]

S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]

S3 defragsvc; %Systemroot%\System32\defragsvc.dll [X]

S4 Dhcp; %SystemRoot%\system32\dhcpcore.dll [X]

S4 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X]

S3 dot3svc; %SystemRoot%\System32\dot3svc.dll [X]

S2 DPS; %SystemRoot%\system32\dps.dll [X]

S4 EapHost; %SystemRoot%\System32\eapsvc.dll [X]

S4 EFS; %SystemRoot%\System32\lsass.exe [X]

S4 ehRecvr; %systemroot%\ehome\ehRecvr.exe [X]

S4 ehSched; %systemroot%\ehome\ehsched.exe [X]

S2 eventlog; %SystemRoot%\System32\wevtsvc.dll [X]

S2 EventSystem; %systemroot%\system32\es.dll [X]

S4 Fax; %systemroot%\system32\fxssvc.exe [X]

S4 fdPHost; %SystemRoot%\system32\fdPHost.dll [X]

S4 FDResPub; %SystemRoot%\system32\fdrespub.dll [X]

S3 FontCache; %SystemRoot%\system32\FntCache.dll [X]

S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [X]

S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X]

S4 hkmsvc; %SystemRoot%\system32\kmsvc.dll [X]

S4 HomeGroupListener; %SystemRoot%\system32\ListSvc.dll [X]

S4 HomeGroupProvider; %SystemRoot%\system32\provsvc.dll [X]

S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]

S4 IKEEXT; %SystemRoot%\System32\ikeext.dll [X]

S4 IPBusEnum; %SystemRoot%\system32\ipbusenum.dll [X]

S4 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [X]

S3 KeyIso; %SystemRoot%\system32\lsass.exe [X]

S3 KtmRm; %systemroot%\system32\msdtckrm.dll [X]

S2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [X]

S2 LanmanWorkstation; %SystemRoot%\System32\wkssvc.dll [X]

S3 lltdsvc; %SystemRoot%\System32\lltdsvc.dll [X]

S4 lmhosts; %SystemRoot%\System32\lmhsvc.dll [X]

S4 Mcx2Svc; %SystemRoot%\system32\Mcx2Svc.dll [X]

S2 MMCSS; %SystemRoot%\system32\mmcss.dll [X]

S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X]

S3 MSDTC; %SystemRoot%\System32\msdtc.exe [X]

S4 MSiSCSI; %systemroot%\system32\iscsiexe.dll [X]

S3 msiserver; %systemroot%\system32\msiexec.exe /V [X]

S4 napagent; %SystemRoot%\system32\qagentRT.dll [X]

S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]

S4 Netlogon; %systemroot%\system32\lsass.exe [X]

S4 Netman; %SystemRoot%\System32\netman.dll [X]

S4 netprofm; %SystemRoot%\System32\netprofm.dll [X]

S4 NetTcpPortSharing; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [X]

S4 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X]

S2 nsi; %systemroot%\system32\nsisvc.dll [X]

S4 p2pimsvc; %SystemRoot%\system32\pnrpsvc.dll [X]

S4 p2psvc; %SystemRoot%\system32\p2psvc.dll [X]

S4 PcaSvc; %SystemRoot%\System32\pcasvc.dll [X]

S3 pla; %systemroot%\system32\pla.dll [X]

S2 PlugPlay; %SystemRoot%\system32\umpnpmgr.dll [X]

S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]

S4 PNRPAutoReg; %SystemRoot%\system32\pnrpauto.dll [X]

S4 PNRPsvc; %SystemRoot%\system32\pnrpsvc.dll [X]

S4 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X]

S2 Power; %SystemRoot%\system32\umpo.dll [X]

S2 ProfSvc; %systemroot%\system32\profsvc.dll [X]

S3 ProtectedStorage; %SystemRoot%\system32\lsass.exe [X]

S4 QWAVE; %windir%\system32\qwave.dll [X]

S4 RasAuto; %SystemRoot%\System32\rasauto.dll [X]

S4 RasMan; %SystemRoot%\System32\rasmans.dll [X]

S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [X]

S4 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [X]

S2 RpcEptMapper; %SystemRoot%\System32\RpcEpMap.dll [X]

S3 RpcLocator; %SystemRoot%\system32\locator.exe [X]

S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]

S2 SamSs; %SystemRoot%\system32\lsass.exe [X]

S4 SCardSvr; %SystemRoot%\System32\SCardSvr.dll [X]

S2 Schedule; %systemroot%\system32\schedsvc.dll [X]

S4 SCPolicySvc; %SystemRoot%\System32\certprop.dll [X]

S4 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X]

S4 seclogon; %windir%\system32\seclogon.dll [X]

S2 SENS; %SystemRoot%\System32\sens.dll [X]

S3 SensrSvc; %SystemRoot%\system32\sensrsvc.dll [X]

S4 SessionEnv; %SystemRoot%\system32\sessenv.dll [X]

S4 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [X]

S2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [X]

S4 SNMPTRAP; %SystemRoot%\System32\snmptrap.exe [X]

S4 Spooler; %SystemRoot%\System32\spoolsv.exe [X]

S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]

S3 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]

S4 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [X]

S4 SstpSvc; %SystemRoot%\system32\sstpsvc.dll [X]

S3 StiSvc; %SystemRoot%\System32\wiaservc.dll [X]

S3 swprv; %Systemroot%\System32\swprv.dll [X]

S2 SysMain; %systemroot%\system32\sysmain.dll [X]

S4 TabletInputService; %SystemRoot%\System32\TabSvc.dll [X]

S4 TapiSrv; %SystemRoot%\System32\tapisrv.dll [X]

S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]

S4 TermService; %SystemRoot%\System32\termsrv.dll [X]

S2 Themes; %SystemRoot%\system32\themeservice.dll [X]

S3 THREADORDER; %SystemRoot%\system32\mmcss.dll [X]

S2 TrkWks; %SystemRoot%\System32\trkwks.dll [X]

S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

S4 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [X]

S4 upnphost; %SystemRoot%\System32\upnphost.dll [X]

S2 UxSms; %SystemRoot%\System32\uxsms.dll [X]

S3 VaultSvc; %SystemRoot%\system32\lsass.exe [X]

S4 vds; %SystemRoot%\System32\vds.exe [X]

S3 VSS; %systemroot%\system32\vssvc.exe [X]

S3 W32Time; %systemroot%\system32\w32time.dll [X]

S4 wbengine; "%systemroot%\system32\wbengine.exe" [X]

S4 WbioSrvc; %SystemRoot%\System32\wbiosrvc.dll [X]

S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X]

S3 WcsPlugInService; %SystemRoot%\System32\WcsPlugInService.dll [X]

S3 WdiServiceHost; %SystemRoot%\system32\wdi.dll [X]

S3 WdiSystemHost; %SystemRoot%\system32\wdi.dll [X]

S4 WebClient; %SystemRoot%\System32\webclnt.dll [X]

S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X]

S3 wercplsupport; %SystemRoot%\System32\wercplsupport.dll [X]

S3 WerSvc; %SystemRoot%\System32\WerSvc.dll [X]

S4 WinHttpAutoProxySvc; winhttp.dll [X]

S2 Winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]

S4 WinRM; %SystemRoot%\system32\WsmSvc.dll [X]

S4 Wlansvc; %SystemRoot%\System32\wlansvc.dll [X]

S3 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [X]

S4 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]

S4 WPCSvc; %SystemRoot%\System32\wpcsvc.dll [X]

S4 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X]

S2 wscsvc; %SystemRoot%\System32\wscsvc.dll [X]

S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]

S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]

S2 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X]

S4 WwanSvc; %SystemRoot%\System32\wwansvc.dll [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 1394ohci; \SystemRoot\system32\DRIVERS\1394ohci.sys [X]

S0 ACPI; system32\DRIVERS\ACPI.sys [X]

S3 AcpiPmi; \SystemRoot\system32\DRIVERS\acpipmi.sys [X]

S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [X]

S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X]

S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X]

S1 AFD; \SystemRoot\system32\drivers\afd.sys [X]

S3 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [X]

S3 aic78xx; \SystemRoot\system32\DRIVERS\djsvs.sys [X]

S3 aliide; \SystemRoot\system32\DRIVERS\aliide.sys [X]

S3 amdagp; \SystemRoot\system32\DRIVERS\amdagp.sys [X]

S3 amdide; \SystemRoot\system32\DRIVERS\amdide.sys [X]

S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [X]

S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [X]

S3 amdsata; \SystemRoot\system32\DRIVERS\amdsata.sys [X]

S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [X]

S0 amdxata; system32\DRIVERS\amdxata.sys [X]

S3 AppID; \SystemRoot\system32\drivers\appid.sys [X]

S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [X]

S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [X]

S3 AsyncMac; system32\DRIVERS\asyncmac.sys [X]

S0 atapi; system32\DRIVERS\atapi.sys [X]

S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]

S3 AthDfu; System32\Drivers\AthDfu.sys [X]

S3 athr; system32\DRIVERS\athr.sys [X]

S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbdx.sys [X]

S3 b57nd60x; system32\DRIVERS\b57nd60x.sys [X]

S1 Beep; no ImagePath

S0 BlackBox; no ImagePath

S1 blbdrive; system32\DRIVERS\blbdrive.sys [X]

S3 bowser; system32\DRIVERS\bowser.sys [X]

S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [X]

S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [X]

S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]

S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]

S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]

S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]

S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]

S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]

S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]

S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]

S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

S3 BthEnum; system32\DRIVERS\BthEnum.sys [X]

S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [X]

S3 BthPan; system32\DRIVERS\bthpan.sys [X]

S3 BTHPORT; System32\Drivers\BTHport.sys [X]

S3 BTHUSB; System32\Drivers\BTHUSB.sys [X]

S4 cdfs; system32\DRIVERS\cdfs.sys [X]

S1 cdrom; system32\DRIVERS\cdrom.sys [X]

S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [X]

S0 CLFS; System32\CLFS.sys [X]

S3 CmBatt; system32\DRIVERS\CmBatt.sys [X]

S3 cmdide; \SystemRoot\system32\DRIVERS\cmdide.sys [X]

S0 CNG; System32\Drivers\cng.sys [X]

S0 Compbatt; system32\DRIVERS\compbatt.sys [X]

S3 CompositeBus; system32\DRIVERS\CompositeBus.sys [X]

S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [X]

S1 DfsC; System32\Drivers\dfsc.sys [X]

S1 discache; System32\drivers\discache.sys [X]

S0 Disk; system32\DRIVERS\disk.sys [X]

S3 drmkaud; system32\drivers\drmkaud.sys [X]

S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]

S3 ebdrv; \SystemRoot\system32\DRIVERS\evbdx.sys [X]

S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [X]

S3 ErrDev; \SystemRoot\system32\DRIVERS\errdev.sys [X]

S3 exfat; no ImagePath

S3 fastfat; no ImagePath

S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [X]

S0 FileInfo; system32\drivers\fileinfo.sys [X]

S3 Filetrace; system32\drivers\filetrace.sys [X]

S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X]

S0 FltMgr; system32\drivers\fltmgr.sys [X]

S3 FsDepends; System32\drivers\FsDepends.sys [X]

S3 fspad_wlh32; system32\DRIVERS\fspad_wlh32.sys [X]

S0 Fs_Rec; no ImagePath

S0 fvevol; System32\DRIVERS\fvevol.sys [X]

S3 FXDrv32; \??\E:\12E2Lastesttool0309(FT34)\Windows\FXDrv32.sys [X]

S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [X]

S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]

S3 HdAudAddService; system32\drivers\HdAudio.sys [X]

S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]

S3 HidBatt; \SystemRoot\system32\DRIVERS\HidBatt.sys [X]

S3 HidBth; \SystemRoot\system32\DRIVERS\hidbth.sys [X]

S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [X]

S3 HidUsb; system32\DRIVERS\hidusb.sys [X]

S3 HpSAMD; \SystemRoot\system32\DRIVERS\HpSAMD.sys [X]

S3 HTTP; system32\drivers\HTTP.sys [X]

S0 hwpolicy; System32\drivers\hwpolicy.sys [X]

S3 i8042prt; system32\DRIVERS\i8042prt.sys [X]

S0 iaStor; system32\DRIVERS\iaStor.sys [X]

S3 iaStorV; \SystemRoot\system32\DRIVERS\iaStorV.sys [X]

S3 igfx; system32\DRIVERS\igdkmd32.sys [X]

S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]

S3 intelide; \SystemRoot\system32\DRIVERS\intelide.sys [X]

S3 intelppm; system32\DRIVERS\intelppm.sys [X]

S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X]

S3 IPMIDRV; \SystemRoot\system32\DRIVERS\IPMIDrv.sys [X]

S3 IPNAT; System32\drivers\ipnat.sys [X]

S3 IRENUM; system32\drivers\irenum.sys [X]

S3 isapnp; \SystemRoot\system32\DRIVERS\isapnp.sys [X]

S3 iScsiPrt; \SystemRoot\system32\DRIVERS\msiscsi.sys [X]

S3 kbdclass; system32\DRIVERS\kbdclass.sys [X]

S3 kbdhid; system32\DRIVERS\kbdhid.sys [X]

S0 KSecDD; System32\Drivers\ksecdd.sys [X]

S0 KSecPkg; System32\Drivers\ksecpkg.sys [X]

S3 L1C; system32\DRIVERS\L1C62x86.sys [X]

S2 lltdio; system32\DRIVERS\lltdio.sys [X]

S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [X]

S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [X]

S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [X]

S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [X]

S2 luafv; \SystemRoot\system32\drivers\luafv.sys [X]

S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [X]

S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [X]

S3 Modem; system32\drivers\modem.sys [X]

S3 monitor; system32\DRIVERS\monitor.sys [X]

S3 mouclass; system32\DRIVERS\mouclass.sys [X]

S3 mouhid; system32\DRIVERS\mouhid.sys [X]

S0 mountmgr; System32\drivers\mountmgr.sys [X]

S3 mpio; \SystemRoot\system32\DRIVERS\mpio.sys [X]

S3 mpsdrv; System32\drivers\mpsdrv.sys [X]

S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]

S3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X]

S3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X]

S3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X]

S0 msahci; system32\DRIVERS\msahci.sys [X]

S3 msdsm; \SystemRoot\system32\DRIVERS\msdsm.sys [X]

S1 Msfs; no ImagePath

S3 mshidkmdf; \SystemRoot\System32\drivers\mshidkmdf.sys [X]

S0 msisadrv; system32\DRIVERS\msisadrv.sys [X]

S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X]

S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X]

S3 MSPQM; system32\drivers\MSPQM.sys [X]

S3 MsRPC; no ImagePath

S1 mssmbios; system32\DRIVERS\mssmbios.sys [X]

S3 MSTEE; system32\drivers\MSTEE.sys [X]

S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [X]

S0 Mup; System32\Drivers\mup.sys [X]

S3 NativeWifiP; system32\DRIVERS\nwifi.sys [X]

S0 NDIS; system32\drivers\ndis.sys [X]

S3 NdisCap; system32\DRIVERS\ndiscap.sys [X]

S3 NdisTapi; system32\DRIVERS\ndistapi.sys [X]

S3 Ndisuio; system32\DRIVERS\ndisuio.sys [X]

S3 NdisWan; system32\DRIVERS\ndiswan.sys [X]

S3 NDProxy; no ImagePath

S1 NetBIOS; system32\DRIVERS\netbios.sys [X]

S1 NetBT; System32\DRIVERS\netbt.sys [X]

S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [X]

S1 Npfs; no ImagePath

S1 nsiproxy; system32\drivers\nsiproxy.sys [X]

S3 Ntfs; no ImagePath

S1 Null; no ImagePath

S3 nvraid; \SystemRoot\system32\DRIVERS\nvraid.sys [X]

S3 nvstor; \SystemRoot\system32\DRIVERS\nvstor.sys [X]

S3 nv_agp; \SystemRoot\system32\DRIVERS\nv_agp.sys [X]

S3 ohci1394; \SystemRoot\system32\DRIVERS\ohci1394.sys [X]

S3 Parport; \SystemRoot\system32\DRIVERS\parport.sys [X]

S0 partmgr; System32\drivers\partmgr.sys [X]

S2 Parvdm; \SystemRoot\system32\DRIVERS\parvdm.sys [X]

S0 pci; system32\DRIVERS\pci.sys [X]

S3 pciide; \SystemRoot\system32\DRIVERS\pciide.sys [X]

S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [X]

S0 pcw; System32\drivers\pcw.sys [X]

S2 PEAUTH; system32\drivers\peauth.sys [X]

S3 PptpMiniport; system32\DRIVERS\raspptp.sys [X]

S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [X]

S1 Psched; system32\DRIVERS\pacer.sys [X]

S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [X]

S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [X]

S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X]

S3 RasAcd; System32\DRIVERS\rasacd.sys [X]

S3 RasAgileVpn; system32\DRIVERS\AgileVpn.sys [X]

S3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X]

S3 RasPppoe; system32\DRIVERS\raspppoe.sys [X]

S3 RasSstp; system32\DRIVERS\rassstp.sys [X]

S1 rdbss; system32\DRIVERS\rdbss.sys [X]

S3 rdpbus; \SystemRoot\system32\DRIVERS\rdpbus.sys [X]

S1 RDPCDD; System32\DRIVERS\RDPCDD.sys [X]

S1 RDPENCDD; system32\drivers\rdpencdd.sys [X]

S1 RDPREFMP; system32\drivers\rdprefmp.sys [X]

S3 RDPWD; no ImagePath

S0 rdyboost; System32\drivers\rdyboost.sys [X]

S3 RFCOMM; system32\DRIVERS\rfcomm.sys [X]

S2 rspndr; system32\DRIVERS\rspndr.sys [X]

S3 sbp2port; \SystemRoot\system32\DRIVERS\sbp2port.sys [X]

S3 scfilter; System32\DRIVERS\scfilter.sys [X]

S2 secdrv; no ImagePath

S3 Serenum; \SystemRoot\system32\DRIVERS\serenum.sys [X]

S3 Serial; \SystemRoot\system32\DRIVERS\serial.sys [X]

S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [X]

S3 sffdisk; \SystemRoot\system32\DRIVERS\sffdisk.sys [X]

S3 sffp_mmc; \SystemRoot\system32\DRIVERS\sffp_mmc.sys [X]

S3 sffp_sd; \SystemRoot\system32\DRIVERS\sffp_sd.sys [X]

S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [X]

S3 sisagp; \SystemRoot\system32\DRIVERS\sisagp.sys [X]

S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [X]

S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [X]

S3 Smb; system32\DRIVERS\smb.sys [X]

S0 spldr; no ImagePath

S4 SRTSPX; \SystemRoot\system32\drivers\NIS\1100000.088\SRTSPX.SYS [X]

S3 srv; System32\DRIVERS\srv.sys [X]

S3 srv2; System32\DRIVERS\srv2.sys [X]

S3 srvnet; System32\DRIVERS\srvnet.sys [X]

S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [X]

S3 swenum; system32\DRIVERS\swenum.sys [X]

S0 Tcpip; System32\drivers\tcpip.sys [X]

S3 TCPIP6; system32\DRIVERS\tcpip.sys [X]

S2 tcpipreg; System32\drivers\tcpipreg.sys [X]

S3 TDPIPE; system32\drivers\tdpipe.sys [X]

S3 TDTCP; system32\drivers\tdtcp.sys [X]

S1 tdx; system32\DRIVERS\tdx.sys [X]

S1 TermDD; system32\DRIVERS\termdd.sys [X]

S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [X]

S3 tunnel; system32\DRIVERS\tunnel.sys [X]

S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [X]

S3 UCORESYS; \??\F:\M\SN12E2_Bios_965HGP05\SN12E2_965HGP05\UCORESYS.SYS [X]

S4 udfs; system32\DRIVERS\udfs.sys [X]

S3 uliagpkx; \SystemRoot\system32\DRIVERS\uliagpkx.sys [X]

S3 umbus; system32\DRIVERS\umbus.sys [X]

S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [X]

S3 usbaudio; system32\drivers\usbaudio.sys [X]

S3 usbccgp; system32\DRIVERS\usbccgp.sys [X]

S3 usbcir; \SystemRoot\system32\DRIVERS\usbcir.sys [X]

S3 usbehci; system32\DRIVERS\usbehci.sys [X]

S3 usbhub; system32\DRIVERS\usbhub.sys [X]

S3 usbohci; \SystemRoot\system32\DRIVERS\usbohci.sys [X]

S3 usbprint; \SystemRoot\system32\DRIVERS\usbprint.sys [X]

S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]

S3 usbuhci; system32\DRIVERS\usbuhci.sys [X]

S3 usbvideo; System32\Drivers\usbvideo.sys [X]

S0 vdrvroot; system32\DRIVERS\vdrvroot.sys [X]

S3 vga; system32\DRIVERS\vgapnp.sys [X]

S1 VgaSave; \SystemRoot\System32\drivers\vga.sys [X]

S3 vhdmp; \SystemRoot\system32\DRIVERS\vhdmp.sys [X]

S3 viaagp; \SystemRoot\system32\DRIVERS\viaagp.sys [X]

S3 ViaC7; \SystemRoot\system32\DRIVERS\viac7.sys [X]

S3 viaide; \SystemRoot\system32\DRIVERS\viaide.sys [X]

S0 volmgr; system32\DRIVERS\volmgr.sys [X]

S0 volmgrx; System32\drivers\volmgrx.sys [X]

S0 volsnap; system32\DRIVERS\volsnap.sys [X]

S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [X]

S3 VSScanner; system32\DRIVERS\vsscanner.sys [X]

S3 vwifibus; system32\DRIVERS\vwifibus.sys [X]

S1 vwififlt; system32\DRIVERS\vwififlt.sys [X]

S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [X]

S3 WANARP; system32\DRIVERS\wanarp.sys [X]

S1 Wanarpv6; system32\DRIVERS\wanarp.sys [X]

S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [X]

S0 Wdf01000; system32\drivers\Wdf01000.sys [X]

S1 WfpLwf; system32\DRIVERS\wfplwf.sys [X]

S3 WIMMount; system32\drivers\wimmount.sys [X]

S3 WmiAcpi; system32\DRIVERS\wmiacpi.sys [X]

S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X]

S3 WudfPf; system32\drivers\WudfPf.sys [X]

S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X]

S3 __FOX__UNI_DRIVER__; \??\C:\Users\J\AppData\Local\Temp\FoxG1Driver.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

Error(1) reading file: "C:\pagefile.sys"

Error(1) reading file: "C:\MSDOS.SYS"

Error(1) reading file: "C:\IO.SYS"

Error(1) reading file: "C:\Intel"

Error(1) reading file: "C:\hiberfil.sys"

Error(1) reading file: "C:\config.sys"

2018-04-12 04:35 - 2018-04-12 04:35 - 000000000 ____D C:\Panda USB Vaccine

2018-04-12 04:34 - 2018-04-06 03:37 - 000865272 _____ (Panda Security ) C:\usbvaccine.exe

2018-04-08 02:51 - 2018-04-08 03:10 - 000000000 ____D C:\RescueCD Logs

2018-04-06 00:25 - 2018-04-06 00:25 - 000000000 ____D C:\Windows\System32\SMI

2018-04-06 00:25 - 2018-04-04 13:57 - 035921920 _____ C:\Windows\System32\config\COMPON~1

2018-04-05 06:53 - 2018-04-05 06:53 - 000019532 _____ C:\Users\J\Desktop\MTB1.txt

2018-04-05 06:53 - 2013-01-09 14:26 - 000654424 _____ (Sysinternals - www.sysinternals.com) C:\Users\J\Desktop\autoruns.exe

2018-04-05 06:52 - 2017-12-09 12:32 - 015201544 _____ (Goversoft LLC) C:\Users\J\Desktop\PrivaZer34.exe

2018-04-05 06:51 - 2016-10-27 14:59 - 000465024 _____ (Bleeping Computer, LLC) C:\Users\J\Desktop\sc-cleaner.exe

2018-04-05 06:49 - 2018-04-05 06:49 - 000001811 _____ C:\Users\J\Desktop\aswMBR1.txt

2018-04-05 06:49 - 2018-04-05 06:49 - 000000512 _____ C:\Users\J\Desktop\MBR.dat

2018-04-05 06:39 - 2018-04-05 06:39 - 000001005 _____ C:\Users\J\Desktop\hijackthis.log1.txt

2018-04-04 13:58 - 2018-04-05 06:40 - 000032474 _____ C:\Users\J\Desktop\FRST.txt

2018-04-04 13:58 - 2018-04-05 06:40 - 000012019 _____ C:\Users\J\Desktop\Addition.txt

2018-04-04 13:57 - 2018-04-12 04:44 - 000000000 ____D C:\FRST

2018-04-04 13:16 - 2018-04-04 13:16 - 000000000 ____D C:\users\Administrator

2018-04-04 13:12 - 2018-04-05 06:50 - 000000462 _____ C:\Users\J\Desktop\settings.ini

2018-04-04 13:12 - 2014-03-17 10:48 - 003159616 _____ (VS Revo Group) C:\Users\J\Desktop\Revouninstaller.exe

2018-04-04 13:11 - 2018-04-05 06:44 - 000019532 _____ C:\Users\J\Desktop\MTB.txt

2018-04-04 13:10 - 2018-04-05 06:43 - 000002163 _____ C:\Users\J\Desktop\FSS.txt

2018-04-04 13:07 - 2018-04-06 06:03 - 000000000 ____D C:\Users\J\Desktop\backups

2018-04-04 13:03 - 2018-04-04 13:03 - 000000000 _____ C:\Users\J\defogger_reenable

2018-04-04 13:02 - 2018-04-05 06:38 - 000001974 _____ C:\Users\J\Desktop\Rkill.txt

2018-04-04 12:58 - 2018-04-04 12:59 - 000000000 ____D C:\Rem-VBSqt

2018-04-04 12:54 - 2015-09-06 20:32 - 000448512 _____ (OldTimer Tools) C:\Users\J\Desktop\TFC.exe

2018-04-04 12:53 - 2016-10-27 15:11 - 000892416 _____ (Farbar) C:\Users\J\Desktop\MiniToolBox INTERNET CONNECTION ISSUES.exe

2018-04-04 12:53 - 2016-05-18 00:18 - 016563352 _____ (Malwarebytes Corp.) C:\Users\J\Desktop\mbar-1.09.3.1001.exe

2018-04-04 12:52 - 2017-12-29 12:28 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\J\Desktop\iExplore.exe

2018-04-04 12:52 - 2017-12-29 11:27 - 000899584 _____ (Farbar) C:\Users\J\Desktop\FSS.exe

2018-04-04 12:51 - 2016-10-27 15:13 - 000899584 _____ (Farbar) C:\Users\J\Desktop\FARAR SCANNER SERVICE NETWORK ISSUES.exe

2018-04-04 12:51 - 2016-08-04 17:46 - 000468480 _____ () C:\Users\J\Desktop\CKScanner.exe

2018-04-04 12:51 - 2016-05-18 00:22 - 005198336 _____ (AVAST Software) C:\Users\J\Desktop\awMBR.exe

2018-04-04 12:50 - 2016-10-27 18:30 - 005198336 _____ (AVAST Software) C:\Users\J\Desktop\IEXPLOREMBR ROOTKIT.exe

2018-04-04 12:50 - 2016-08-10 19:17 - 000388608 _____ (Trend Micro Inc.) C:\Users\J\Desktop\HijackThis.exe

2018-04-04 12:49 - 2016-05-18 00:07 - 002030536 _____ (Bleeping Computer, LLC) C:\Users\J\Desktop\rkill.exe

2018-04-04 12:49 - 2014-12-31 13:51 - 015298136 _____ C:\Users\J\Desktop\RogueKiller32-64.com.exe

2018-04-04 12:49 - 2011-09-20 00:49 - 000139264 _____ () C:\Users\J\Desktop\RKUnhookerLEX.EXE

2018-04-04 12:48 - 2017-12-29 12:08 - 000114176 _____ (bartblaze) C:\Users\J\Desktop\Rem-VBS.exe

2018-04-04 12:48 - 2014-12-06 23:46 - 000050477 _____ C:\Users\J\Desktop\Defogger.exe

2018-04-04 12:46 - 2018-04-04 11:53 - 001764352 _____ (Farbar) C:\Users\J\Desktop\FRST.exe

2018-04-04 01:49 - 2018-04-04 01:49 - 000000000 ____D C:\M

2018-03-27 07:58 - 2018-03-27 20:29 - 005659794 _____ (Swearware) C:\combofix.exe

2018-03-26 17:52 - 2018-03-27 06:17 - 005659794 _____ (Swearware) C:\Users\J\Desktop\ComboFix-1.exe

2018-03-26 17:48 - 2018-04-05 06:53 - 000000000 ____D C:\ProgramData\VoodooShield

2018-03-26 17:48 - 2018-03-26 17:48 - 000001027 _____ C:\Users\Public\Desktop\Voodoo Shield.lnk

2018-03-26 17:48 - 2018-03-26 17:48 - 000000000 ____D C:\Program Files\VoodooShield

2018-03-26 17:33 - 2018-03-26 17:33 - 000000000 ____D C:\Users\J\AppData\Roaming\WinRAR

2018-03-26 15:50 - 2018-04-04 13:13 - 000000000 ____D C:\Users\J\AppData\Local\Adobe

2018-03-26 15:50 - 2018-03-26 15:50 - 000057560 _____ C:\Users\J\AppData\Local\GDIPFONTCACHEV1.DAT

2018-03-26 15:50 - 2018-03-26 15:50 - 000000000 ____D C:\Users\J\AppData\Roaming\Adobe

2018-03-26 15:50 - 2018-03-26 15:50 - 000000000 ____D C:\Users\J\AppData\Local\SRS Labs

2018-03-26 15:50 - 2018-03-26 15:50 - 000000000 ____D C:\Users\J\AppData\Local\FSP

2018-03-26 15:50 - 2018-03-26 15:50 - 000000000 ____D C:\Users\J\AppData\Local\BMExplorer

2018-03-26 15:48 - 2018-04-04 13:03 - 000000000 ____D C:\users\J

2018-03-26 15:48 - 2018-03-26 15:48 - 000000020 ___SH C:\Users\J\ntuser.ini

2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 _SHDL C:\users\Default User

2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 _SHDL C:\users\All Users

2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 _SHDL C:\Documents and Settings

2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 _SHDL C:\Documents and Settings

2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 ____D C:\Users\J\AppData\Local\VirtualStore

2018-03-26 15:48 - 2009-07-13 23:48 - 000000000 ____D C:\Users\J\AppData\Roaming\Media Center Programs

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-03-26 17:49 - 2010-03-20 10:43 - 000000000 ____D C:\Program Files\WinRAR

 

Some files in TEMP:

====================

2018-04-05 06:47 - 2009-11-19 09:37 - 000455600 _____ (Macrovision Corporation) C:\Users\J\AppData\Local\Temp\_isC706.exe

 

==================== Known DLLs (Whitelisted) =========================

 

C:\Windows\System32\clbcatq.dll IS MISSING <==== ATTENTION

C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION

C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION

C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION

C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION

C:\Windows\System32\MSCTF.dll IS MISSING <==== ATTENTION

C:\Windows\System32\NORMALIZ.dll IS MISSING <==== ATTENTION

C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION

C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION

C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION

C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION

C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION

C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION

C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe IS MISSING <==== ATTENTION

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION

C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION

C:\Windows\System32\services.exe IS MISSING <==== ATTENTION

C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION

C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION

C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION

C:\Windows\System32\dnsapi.dll IS MISSING <==== ATTENTION

C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION

C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION

C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION

 

==================== Association (Whitelisted) =============

 

 

==================== Restore Points  =========================

 

 

==================== BCD ================================

The boot configuration data store could not be opened.

The requested system device cannot be found.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 12%

Total physical RAM: 4060.16 MB

Available physical RAM: 3568.56 MB

Total Virtual: 4058.44 MB

Available Virtual: 3568.46 MB

 

==================== Drives ================================

 

Drive c: (Install_OS) (Fixed) (Total:39.06 GB) (Free:38.2 GB) NTFS

Drive e: (Data) (Fixed) (Total:253.17 GB) (Free:252.74 GB) NTFS

Drive f: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF

Drive g: (USB20FD) (Removable) (Total:14.44 GB) (Free:14.36 GB) FAT32

Drive h: () (Removable) (Total:59.45 GB) (Free:59 GB) exFAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: () (Fixed) (Total:5.86 GB) (Free:5.15 GB) NTFS

 

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: CA1EB6E0)

Partition 1: (Not Active) - (Size=5.9 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=253.2 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: 30048BCB)

Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)

 

========================================================

Disk: 2 (Protective MBR) (Size: 59.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of FRST.txt ============================

 

 

 

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018

Ran by Hannspree User (05-04-2018 14:07:20)

Running from F:\M

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2013-05-28 17:00:08)

Boot Mode: Safe Mode (minimal)

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-4007488331-1904091925-3465478802-500 - Administrator - Disabled)

Brynn (S-1-5-21-4007488331-1904091925-3465478802-1001 - Limited - Enabled) => C:\Users\Brynn

Guest (S-1-5-21-4007488331-1904091925-3465478802-501 - Limited - Disabled)

Hannspree User (S-1-5-21-4007488331-1904091925-3465478802-1000 - Administrator - Enabled) => C:\Users\Hannspree User

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Emsisoft Anti-Malware (Enabled - Out of date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Emsisoft Anti-Malware (Enabled - Out of date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.14 - Atheros Communications Inc.)

Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 8.0.0.238 - Atheros)

BleachBit (HKLM\...\BleachBit) (Version: 1.5.2 - BleachBit)

Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 6.04.002 - Atheros Communications)

CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)

Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)

Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.5.5.1 - Sentelic)

HashTab 6.0.0.28 (HKLM\...\HashTab) (Version: 6.0.0.28 - Implbits Software)

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)

Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

OSD (HKLM\...\{660D6E77-AADA-41E6-9E18-1300D4381FB7}) (Version: 1.00.000 - )

PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)

Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)

RogueKiller version 12.7.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.4.0 - Adlice Software)

Spybot Anti-Beacon (HKLM\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.6 - Safer-Networking Ltd.)

SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.4400 - SRS Labs, Inc.)

Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.7.0 - Tweaking.com)

Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.0.9.7 - BiniSoft.org)

WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)

WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

Wireshark 1.12.7 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, hxxp://www.wireshark.org)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files\Bluetooth Suite\BtvAppExt.dll [2009-10-28] (TODO: <Company name>)

ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

ContextMenuHandlers2: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)

ContextMenuHandlers3: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

ContextMenuHandlers4: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)

ContextMenuHandlers6: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {ED801FC7-478B-47B1-B51E-2D840EE4E5AE} - System32\Tasks\{22596FBB-EF7C-4FD9-8BBF-099D94718DFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

Shortcut: C:\Users\Hannspree User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit\BleachBit-homepage.lnk -> hxxp://bleachbit.sourceforge.net

 

==================== Loaded Modules (Whitelisted) ==============

 

2009-10-28 20:12 - 2009-10-28 20:12 - 000061440 _____ () C:\Program Files\Bluetooth Suite\AthCopyHook.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

AlternateDataStreams: C:\Users\Hannspree User\Downloads\EmsisoftAntiMalwareSetup.exe:BDU [0]

AlternateDataStreams: C:\Users\Hannspree User\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\1001movie.com -> 1001movie.com

 

There are 6091 more sites.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:04 - 2017-11-04 20:56 - 000004929 _____ C:\Windows\system32\Drivers\etc\hosts

 

0.0.0.0 a.ads1.msn.com

0.0.0.0 a.ads2.msads.net

0.0.0.0 a.ads2.msn.com

0.0.0.0 a.rad.msn.com

0.0.0.0 a-0001.a-msedge.net

0.0.0.0 a-0002.a-msedge.net

0.0.0.0 a-0003.a-msedge.net

0.0.0.0 a-0004.a-msedge.net

0.0.0.0 a-0005.a-msedge.net

0.0.0.0 a-0006.a-msedge.net

0.0.0.0 a-0007.a-msedge.net

0.0.0.0 a-0008.a-msedge.net

0.0.0.0 a-0009.a-msedge.net

0.0.0.0 ac3.msn.com

0.0.0.0 ad.doubleclick.net

0.0.0.0 adnexus.net

0.0.0.0 adnxs.com

0.0.0.0 ads.msn.com

0.0.0.0 ads1.msads.net

0.0.0.0 ads1.msn.com

0.0.0.0 aidps.atdmt.com

0.0.0.0 aka-cdn-ns.adtech.de

0.0.0.0 a-msedge.net

0.0.0.0 apps.skype.com

0.0.0.0 az361816.vo.msecnd.net

0.0.0.0 az512334.vo.msecnd.net

0.0.0.0 b.ads1.msn.com

0.0.0.0 b.ads2.msads.net

0.0.0.0 b.rad.msn.com

0.0.0.0 bs.serving-sys.com

 

There are 83 more lines.

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hannspree User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: bdruninstaller => "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"

MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices =============

 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/17/2018 07:02:55 AM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (01/28/2018 07:16:18 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "C:\Users\Hannspree User\Desktop\HANNSPREE RECOVERY\procexp64.exe".

Dependent Assembly Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (01/28/2018 06:44:45 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (12/17/2017 06:16:45 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "E:\A MALWARE SCAN\HitmanPro_x64.exe".

Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/17/2017 06:04:27 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (11/11/2017 09:22:52 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (11/04/2017 11:03:30 PM) (Source: Windows Search Service) (EventID: 1019) (User: )

Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-4007488331-1904091925-3465478802-1000}/">.

 

Error: (11/04/2017 11:02:53 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: The index cannot be initialized.

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

 

System errors:

=============

Error: (04/05/2018 02:00:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (04/05/2018 01:59:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

 

Windows Defender:

===================================

Date: 2014-05-15 17:52:09.751

Description: 

Windows Defender scan has been stopped before completion.

Scan ID:{37AED7E9-D60B-4D2E-AD66-89A940958A4D}

Scan Type:AntiSpyware

Scan Parameters:Quick Scan

 

CodeIntegrity:

===================================

 

Date: 2017-11-04 20:44:06.556

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2017-11-04 20:38:06.723

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2017-11-04 20:01:17.141

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2017-08-18 21:27:49.942

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.

 

Date: 2017-08-18 20:51:59.429

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.

 

==================== Memory info =========================== 

 

Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz

Percentage of memory in use: 19%

Total physical RAM: 2012.16 MB

Available physical RAM: 1627.34 MB

Total Virtual: 4024.32 MB

Available Virtual: 3663.07 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:39.06 GB) (Free:20.72 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (Data) (Fixed) (Total:253.17 GB) (Free:179.07 GB) NTFS

Drive e: (eSysRescueLiveCD) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS

Drive f: () (Removable) (Total:59.45 GB) (Free:59.1 GB) exFAT

 

\\?\Volume{8bf2556a-13d0-11e8-8484-806e6f6e6963}\ () (Fixed) (Total:5.86 GB) (Free:1.52 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: FBA0ECD2)

Partition 1: (Active) - (Size=5.9 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=253.2 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Protective MBR) (Size: 59.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

Still waiting?? Is there something wrong?

 

Support ticket 2280331 by Philip malwarebytes support?

Share this post


Link to post
Share on other sites

Hi Axr :)

I understand that you already have a ticket opened with Malwarebytes support?

Share this post


Link to post
Share on other sites

Hi Axr,

Are you still with me?

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites

Hi Axr,

Are you still with me?

Share this post


Link to post
Share on other sites

Yes I'm still here. I had to replace my router difficulty connecting to internet

Share this post


Link to post
Share on other sites

Good!

I understand that you already have a ticket opened with Malwarebytes support?

Share this post


Link to post
Share on other sites

It was on live chat and they said will send me case number in email which they did. I follow the instructions and several replies but no response.

This was 3 weeks ago. Ive been without laptop for over month now. 

The logs I sent was after I ran OEM recovery disk. Something does seem right as if on restart the computer boots up in ram disk before loading C drive. There is 5.9 partition before C partition which with windows image file I assume is recovery image

The recovery disk to me back to windows 7 home premium. So yesteday, i update to current Windows 7 2018 about 800mb of updates.

However something is still in controll of this computer. I tried to run FRST and it says I must first be connected to internet to scan the computer? The same thing with Rkill. Must be on the internet to scan the computer

On D drive in the recycle bin there is file setup.exe with 0 bytes

I also noted that I have russian keyboard and other russian files under drivers  .sys

Can you still help? 

Share this post


Link to post
Share on other sites

I meant to say oem recovery disk took me back to 2009 windows 7 32bit premium

I looked at task manager it has program nircmd.3xe Running

I ran aswMBR in safe mode without fixing anything

Disk 0 boot \Device\harddisk0\DRO  -> \Device\Ide\IAAStorageDevice-0

It shows Disk 0 unknown MBR code

Disk 0 partition 1 00 27 Hidden NTFS WinRE NTSF 6000 mb offset 2048

Edited by Axr

Share this post


Link to post
Share on other sites

I have 2 paid premium copies of malwarebytes. My computer wants to connect to internet in order to run scans on the drive

 

In my boot up it has boot process of EMS loading to hypervisor. Hypervisor should not be on Windows 7 home. I have in autoruns reg keys to office Office is not installed on this computer

 

Malwarebytes generates a lot of revenue from the sale of their products but poor support for the cutomer as evidence by pissed off complaints from comsumers.

I'm fed up and will be filing complaint with consumer protection division of state attorney generals office and FTC under consumer protection laws. My computer became infected while this product failed to stop the instrusion and all but ignored in obtain support for my product after repeated request. 

Share this post


Link to post
Share on other sites

Axr, since you have a ticket open with the support, I cannot go over them to assist you. I did request that someone take a look at your thread and your ticket to see what's happening, so you should be contacted soon.

Share this post


Link to post
Share on other sites

Hi Axr,

Were you contacted by the support in the end?

Share this post


Link to post
Share on other sites

Hi Axr,

Are you still with me?

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.