Jump to content

Cannot remove 2 threats

Robin321

By Robin321
in Resolved Malware Removal Logs

 Share

Recommended Posts

Robin321

Robin321

Posted
Posted

Hi there,

 

I tried a lot of stuff to remove these 2 threats, scan in safe mode with rootkits on, adwcleaner, they still persist.

Also, my PC is running really slow all of a sudden lately, apps such as chrome crashing often, not sure if the trojan threats shown are causing this.

 

Thanks 

c564b5a17e38ee8143719a96defae72c.png

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions


 

Link to post
Share on other sites
Robin321

Robin321

Posted
  • Author
Posted

Hi nasdaq, thanks for the reply.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.01.2019 01
Ran by Robin (administrator) on MASTERBLASTER (11-01-2019 00:36:56)
Running from C:\Users\Robin\Downloads
Loaded Profiles: Robin (Available Profiles: Robin)
Platform: Windows 10 Pro Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\MIGService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Hi-Rez Studios) G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() E:\Program Files (x86)\PureVPN\PureVPNService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
() E:\Program Files (x86)\PureVPN\vpnclient.exe
(DEVGURU Co., LTD.) E:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Wondershare) E:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe
() C:\Users\Robin\AppData\Roaming\System
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Valve Corporation) G:\Program Files (x86)\Steam\Steam.exe
(Epic Games, Inc.) G:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
() C:\Users\Robin\AppData\Roaming\System
(Valve Corporation) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Epic Games, Inc.) G:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Malwarebytes) G:\Program Files\Anti-Malware\MBAMService.exe
(Malwarebytes) G:\Program Files\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WhatsApp) C:\Users\Robin\AppData\Local\WhatsApp\app-0.3.1847\WhatsApp.exe
(WhatsApp) C:\Users\Robin\AppData\Local\WhatsApp\app-0.3.1847\WhatsApp.exe
(WhatsApp) C:\Users\Robin\AppData\Local\WhatsApp\app-0.3.1847\WhatsApp.exe
(WhatsApp) C:\Users\Robin\AppData\Local\WhatsApp\app-0.3.1847\WhatsApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Robin\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3465096 2017-09-29] (Paramount Software UK Ltd)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2917695786-4206889046-1909740344-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [1384840 2018-10-04] (Nota Inc.)
HKU\S-1-5-21-2917695786-4206889046-1909740344-1002\...\Run: [Steam] => G:\Program Files (x86)\Steam\steam.exe [3133216 2019-01-04] (Valve Corporation)
HKU\S-1-5-21-2917695786-4206889046-1909740344-1002\...\Run: [Discord] => C:\Users\Robin\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-2917695786-4206889046-1909740344-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-2917695786-4206889046-1909740344-1002\...\Run: [SideSync] => E:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [12476064 2018-03-07] ()
HKU\S-1-5-21-2917695786-4206889046-1909740344-1002\...\Run: [EpicGamesLauncher] => G:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35184016 2019-01-10] (Epic Games, Inc.)
HKU\S-1-5-21-2917695786-4206889046-1909740344-1002\...\MountPoints2: {0d1c38d2-c013-11e7-8b33-14dae944d382} - "I:\setup.exe" 
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [67072 2018-04-11] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-12] (Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5
Tcpip\..\Interfaces\{24cabfb1-ea97-4e32-8811-dacfb6e9bb6f}: [DhcpNameServer] 89.101.160.4 89.101.160.5
Tcpip\..\Interfaces\{e26c6f3a-a635-4641-ab04-b6fed2b190a8}: [DhcpNameServer] 89.101.160.4 89.101.160.5

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\java\bin\ssv.dll [2018-11-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\java\bin\jp2ssv.dll [2018-11-13] (Oracle Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> E:\Program Files (x86)\java\bin\dtplugin\npDeployJava1.dll [2018-11-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> E:\Program Files (x86)\java\bin\plugin2\npjp2.dll [2018-11-13] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mrmemory.co.uk/memory-ram-upgrades/model/Asus~Motherboard~P8P67
CHR StartupUrls: Default -> "hxxp://www.google.ie/"
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default [2019-01-11]
CHR Extension: (Slides) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
CHR Extension: (Docs) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (Ledger Manager) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2018-08-02]
CHR Extension: (TV) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-11-09]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-02]
CHR Extension: (Chrome IG Story) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2019-01-06]
CHR Extension: (Adblock Plus) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (Street Racers) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohkjfondhjjfehnehlpmjpljpihfhfc [2017-11-09]
CHR Extension: (Tampermonkey) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-12-18]
CHR Extension: (Sheets) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-09]
CHR Extension: (Ledger Wallet Ethereum) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2018-12-10]
CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2018-07-30]
CHR Extension: (Build with Chrome) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2017-11-09]
CHR Extension: (MetaMask) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2019-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Show Apps in new tab) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip [2017-11-23]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-24] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-02] (EasyAntiCheat Ltd)
U2 HiPatchService; G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc.)
R2 MacriumImageGuardianService; C:\Program Files\Macrium\Reflect\MIGService.exe [3441184 2017-09-29] (Paramount Software UK Ltd)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4061392 2017-09-29] (Paramount Software UK Ltd)
R3 MBAMService; G:\Program Files\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 OpenVPNService; E:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [31872 2016-12-20] (The OpenVPN Project)
R2 PureVPNService; E:\Program Files (x86)\PureVPN\PureVPNService.exe [30472 2017-11-10] ()
R2 sevpnclient; E:\Program Files (x86)\PureVPN\vpnclient.exe [4845832 2017-07-06] ()
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; E:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare)
R2 WsDrvInst; E:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe [120016 2018-04-11] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 a016mgmt; C:\WINDOWS\System32\drivers\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2014-06-16] (Intel Mobile Communications)
S3 HidGuardian; C:\WINDOWS\System32\drivers\HidGuardian.sys [26736 2017-04-17] (Benjamin Höglinger-Stelzer)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45192 2017-10-20] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2016-12-08] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2016-12-08] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-12-08] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2016-12-08] (Logitech Inc.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2018-01-01] (hxxp://libusb-win32.sourceforge.net)
R2 MacriumImageGuardianDriver; C:\WINDOWS\system32\Drivers\mrigflt.sys [50408 2017-11-02] (Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-01-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-10] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-11] (Malwarebytes)
S3 MotioninJoyXFilter; C:\WINDOWS\System32\drivers\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 mrcbt; C:\WINDOWS\System32\drivers\mrcbt.sys [73928 2017-11-02] (Windows (R) Win 7 DDK provider)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\neo_vpn.sys [29744 2016-07-22] (PureVPN)
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2018-04-11] (MediaTek Inc.)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-09] (Windows (R) Win 7 DDK provider)
S3 s0016mgmt; C:\WINDOWS\System32\drivers\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\WINDOWS\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\WINDOWS\System32\drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\WINDOWS\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 s1018mgmt; C:\WINDOWS\System32\drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\WINDOWS\System32\drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\WINDOWS\System32\drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 s1029bus; C:\WINDOWS\System32\drivers\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\WINDOWS\System32\drivers\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\WINDOWS\System32\drivers\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\WINDOWS\System32\drivers\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
S3 s1039bus; C:\WINDOWS\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\WINDOWS\System32\drivers\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\WINDOWS\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S3 s916bus; C:\WINDOWS\System32\drivers\s916bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s916mgmt; C:\WINDOWS\System32\drivers\s916mgmt.sys [130088 2007-11-02] (MCCI Corporation)
S3 s916obex; C:\WINDOWS\System32\drivers\s916obex.sys [124968 2007-11-02] (MCCI Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 se3ebus; C:\WINDOWS\System32\drivers\se3ebus.sys [107784 2007-04-10] (MCCI Corporation)
S3 se3emgmt; C:\WINDOWS\System32\drivers\se3emgmt.sys [126216 2007-04-10] (MCCI Corporation)
S3 se3eobex; C:\WINDOWS\System32\drivers\se3eobex.sys [123144 2007-04-10] (MCCI Corporation)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-11] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-22] (Microsoft Corporation)
S1 sxgilimn; \??\C:\WINDOWS\system32\drivers\sxgilimn.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-11 00:36 - 2019-01-11 00:36 - 002425856 _____ (Farbar) C:\Users\Robin\Downloads\FRST64 (1).exe
2019-01-10 17:32 - 2019-01-11 00:37 - 000021350 _____ C:\Users\Robin\Downloads\FRST.txt
2019-01-10 17:32 - 2019-01-11 00:36 - 000000000 ____D C:\FRST
2019-01-10 17:32 - 2019-01-10 17:33 - 000048967 _____ C:\Users\Robin\Downloads\Addition.txt
2019-01-10 17:31 - 2019-01-11 00:17 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-10 17:31 - 2019-01-10 17:31 - 002425856 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2019-01-10 17:31 - 2019-01-10 17:31 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-10 17:31 - 2019-01-10 17:31 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-01-10 17:31 - 2019-01-10 17:31 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-10 17:31 - 2019-01-10 17:31 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-10 17:30 - 2019-01-10 17:30 - 000000000 ____D C:\Users\Robin\AppData\Roaming\Imminent
2019-01-10 17:29 - 2019-01-10 17:29 - 000003178 _____ C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot
2019-01-10 17:28 - 2019-01-10 17:29 - 000000000 ____D C:\AdwCleaner
2019-01-10 17:28 - 2019-01-10 17:28 - 007320272 _____ (Malwarebytes) C:\Users\Robin\Downloads\adwcleaner_7.2.6.0.exe
2019-01-10 17:14 - 2019-01-10 17:31 - 000000817 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-10 17:14 - 2019-01-10 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-10 17:14 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-10 17:13 - 2019-01-10 17:13 - 081227760 _____ (Malwarebytes ) C:\Users\Robin\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211 (1).exe
2019-01-01 21:36 - 2019-01-01 21:36 - 000000000 ___HD C:\Users\Robi
2019-01-01 21:36 - 2019-01-01 21:36 - 000000000 ___HD C:\Users\Publ
2019-01-01 21:36 - 2019-01-01 21:36 - 000000000 ____D C:\Users\Robin\AppData\Local\Speech Graphics
2019-01-01 21:36 - 2019-01-01 21:36 - 000000000 _____ C:\Users\Public\Shared Files
2018-12-30 02:02 - 2018-12-31 18:45 - 000000000 ____D C:\WINDOWS\Minidump
2018-12-16 01:22 - 2018-12-16 01:22 - 081227760 _____ (Malwarebytes ) C:\Users\Robin\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-11 00:25 - 2018-10-25 08:55 - 000000000 ____D C:\Users\Robin\AppData\Roaming\WhatsApp
2019-01-11 00:15 - 2018-05-16 16:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-11 00:15 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-10 17:33 - 2018-05-16 16:17 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-10 17:33 - 2018-04-11 23:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-10 17:30 - 2018-05-16 16:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-10 17:21 - 2018-11-13 22:09 - 000000000 ____D C:\Users\Default\AppData\Roaming\socketvision
2019-01-10 17:21 - 2018-11-13 22:09 - 000000000 ____D C:\Users\Default User\AppData\Roaming\socketvision
2019-01-10 17:21 - 2018-11-13 22:06 - 000000000 ____D C:\Users\Robin\AppData\Roaming\socketvision
2019-01-10 17:20 - 2018-11-14 01:09 - 000736870 _____ C:\WINDOWS\ntbtlog.txt
2019-01-10 17:15 - 2018-04-11 21:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-10 17:14 - 2017-11-02 21:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-10 17:13 - 2018-07-19 20:59 - 000000000 ____D C:\Users\Robin\AppData\Local\CrashDumps
2019-01-10 17:12 - 2017-11-02 22:02 - 000000000 ____D C:\ProgramData\Logishrd
2019-01-10 16:32 - 2018-02-06 20:00 - 000000000 ____D C:\Users\Robin\AppData\LocalLow\Mozilla
2019-01-06 18:27 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-05 20:03 - 2018-04-11 23:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-01 21:36 - 2018-04-11 23:38 - 000000000 __SHD C:\Users\Public\Libraries
2019-01-01 21:29 - 2017-11-03 23:50 - 000000000 ____D C:\Users\Robin\AppData\Local\UnrealEngine
2018-12-30 05:47 - 2018-05-16 16:10 - 000000000 ____D C:\Users\Robin
2018-12-22 10:11 - 2018-10-25 08:55 - 000000000 ____D C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-12-22 10:11 - 2018-10-25 08:55 - 000000000 ____D C:\Users\Robin\AppData\Local\WhatsApp
2018-12-22 10:11 - 2017-11-04 16:03 - 000000000 ____D C:\Users\Robin\AppData\Local\SquirrelTemp
2018-12-19 22:54 - 2018-05-16 16:15 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2917695786-4206889046-1909740344-1002
2018-12-19 22:54 - 2018-05-16 16:10 - 000002425 _____ C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-19 22:54 - 2017-11-02 17:40 - 000000000 ___RD C:\Users\Robin\OneDrive
2018-12-19 22:32 - 2018-11-14 01:54 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-19 22:32 - 2018-11-14 01:54 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-16 01:10 - 2018-02-28 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2018-12-16 01:10 - 2018-02-28 13:10 - 000000000 ____D C:\Users\Robin\AppData\Roaming\Samsung
2018-12-16 01:10 - 2018-02-28 13:10 - 000000000 ____D C:\ProgramData\Samsung
2018-12-16 01:10 - 2017-11-23 21:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-12-16 01:09 - 2018-11-13 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-12-16 01:09 - 2018-11-13 21:08 - 000000000 ____D C:\ProgramData\Wondershare
2018-12-16 01:09 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-16 01:09 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-16 01:09 - 2017-12-07 10:30 - 000000000 ____D C:\Users\Robin\AppData\Local\Packages
2018-12-12 22:35 - 2018-11-14 01:57 - 000002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-12 22:35 - 2018-11-14 01:57 - 000002318 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2018-11-13 23:40 - 2018-11-13 23:40 - 000703600 ___SH () C:\Users\Robin\AppData\Roaming\System
2018-11-13 22:06 - 2018-11-13 22:06 - 000140800 _____ () C:\Users\Robin\AppData\Local\installer.dat
2018-10-07 18:56 - 2018-10-07 18:56 - 000001265 _____ () C:\Users\Robin\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2017-08-15 15:54 - 2017-08-15 15:54 - 000703600 ___SH () C:\Users\Robin\AppData\Local\Temp\Update.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-16 16:08

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

ATTENTION: System Restore is disabled
Turn System Restore ON for Drives in Windows 10 - Immediately.
https://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know if the problem persists.

fixlist.txt

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.