Jump to content

Recommended Posts

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.04.2019
Ran by private (24-04-2019 23:09:32) Run:1
Running from C:\Users\private\Downloads
Loaded Profiles: private (Available Profiles: private)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-972725633-3369851496-79442316-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-972725633-3369851496-79442316-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-972725633-3369851496-79442316-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-972725633-3369851496-79442316-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {08D7A902-CA81-4D03-BFBB-E0A5DC60BE92} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {E20D52D0-6659-40D1-9197-08ACEF454720} - System32\Tasks\DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe
Task: {F19B5128-EFC7-48CD-AD7C-7C7C3D36B155} - System32\Tasks\Microsoft\Windows\User Profile Service\MasterGuid => C:\Users\private\AppData\Roaming\\simpletools\\masterguid.exe
HKU\S-1-5-21-972725633-3369851496-79442316-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_728_181027
SearchScopes: HKU\S-1-5-21-972725633-3369851496-79442316-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_728_181027&q={searchTerms}
FF Extension: (Earth from space) - C:\Users\private\AppData\Roaming\Mozilla\Firefox\Profiles\sin8clk6.Dec2018-1545849910610\Extensions\{e3cdb989-8a0e-4fdf-aeed-02058fd00835}.xpi [2019-03-22]
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-08-02] () [File not signed]
R1 M2E1ZDM0; C:\Windows\system32\drivers\M2E1ZDM0 [140008 2018-11-01] (technologiepillac.com -> )
R1 MTJhOG; C:\Windows\system32\drivers\MTJhOG [122520 2018-11-14] (technologievassy.com -> )
R1 NjE3ZWU2Yjg; C:\Windows\system32\drivers\NjE3ZWU2Yjg [121968 2019-02-04] (chavanactechnology.com -> )
R1 ODgzMjZkMmM5Z; C:\Windows\system32\drivers\ODgzMjZkMmM5Z [119920 2018-10-27] (technologiepillac.com -> )
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
R3 X6va066; \??\C:\Windows\SysWOW64\Drivers\X6va066 [X]
S1 YjUzMzU5MTEyM2Mx; system32\drivers\YjUzMzU5MTEyM2Mx.sys [X]
HKLM\...\StartupApproved\Run32: => "DriverPack Notifier"
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\private\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\private\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
FirewallRules: [{B98B372F-B95B-4B0B-BBD0-B4D4B4860573}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{5840B121-8319-4D56-8594-B06B169EDD75}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
C:\Windows\KMS-R@1n.exe
C:\Windows\System32\Tasks\R@1n-KMS\
C:\Windows\system32\drivers\M2E1ZDM0
C:\Windows\system32\drivers\MTJhOG
C:\Windows\system32\drivers\NjE3ZWU2Yjg
C:\Windows\system32\drivers\ODgzMjZkMmM5Z
C:\Program Files (x86)\DriverPack Notifier
C:\Users\private\AppData\Roaming\\simpletools\\masterguid.exe
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKU\S-1-5-21-972725633-3369851496-79442316-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => removed successfully
"HKU\S-1-5-21-972725633-3369851496-79442316-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1" => removed successfully
"HKU\S-1-5-21-972725633-3369851496-79442316-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\2" => removed successfully
"HKU\S-1-5-21-972725633-3369851496-79442316-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\3" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D7A902-CA81-4D03-BFBB-E0A5DC60BE92}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D7A902-CA81-4D03-BFBB-E0A5DC60BE92}" => removed successfully
C:\Windows\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E20D52D0-6659-40D1-9197-08ACEF454720}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E20D52D0-6659-40D1-9197-08ACEF454720}" => removed successfully
C:\Windows\System32\Tasks\DriverPack Notifier => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverPack Notifier" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F19B5128-EFC7-48CD-AD7C-7C7C3D36B155}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F19B5128-EFC7-48CD-AD7C-7C7C3D36B155}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service\MasterGuid => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\User Profile Service\MasterGuid" => removed successfully
HKU\S-1-5-21-972725633-3369851496-79442316-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-972725633-3369851496-79442316-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => removed successfully
HKLM\Software\Classes\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => not found
C:\Users\private\AppData\Roaming\Mozilla\Firefox\Profiles\sin8clk6.Dec2018-1545849910610\Extensions\{e3cdb989-8a0e-4fdf-aeed-02058fd00835}.xpi => moved successfully
HKLM\System\CurrentControlSet\Services\KMS-R@1n => removed successfully
KMS-R@1n => service removed successfully
M2E1ZDM0 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\M2E1ZDM0 => removed successfully
M2E1ZDM0 => service removed successfully
MTJhOG => Unable to stop service.
HKLM\System\CurrentControlSet\Services\MTJhOG => removed successfully
MTJhOG => service removed successfully
NjE3ZWU2Yjg => Unable to stop service.
HKLM\System\CurrentControlSet\Services\NjE3ZWU2Yjg => removed successfully
NjE3ZWU2Yjg => service removed successfully
ODgzMjZkMmM5Z => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ODgzMjZkMmM5Z => removed successfully
ODgzMjZkMmM5Z => service removed successfully
HKLM\System\CurrentControlSet\Services\atillk64 => removed successfully
atillk64 => service removed successfully
HKLM\System\CurrentControlSet\Services\BAPIDRV => removed successfully
BAPIDRV => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va066 => removed successfully
X6va066 => service removed successfully
HKLM\System\CurrentControlSet\Services\YjUzMzU5MTEyM2Mx => removed successfully
YjUzMzU5MTEyM2Mx => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\DriverPack Notifier" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DriverPack Notifier" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Users\private\Application Data => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS removed successfully
"C:\Users\private\AppData\Roaming" => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B98B372F-B95B-4B0B-BBD0-B4D4B4860573}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5840B121-8319-4D56-8594-B06B169EDD75}" => removed successfully
C:\Windows\KMS-R@1n.exe => moved successfully
C:\Windows\System32\Tasks\R@1n-KMS => moved successfully
C:\Windows\system32\drivers\M2E1ZDM0 => moved successfully
C:\Windows\system32\drivers\MTJhOG => moved successfully
C:\Windows\system32\drivers\NjE3ZWU2Yjg => moved successfully
C:\Windows\system32\drivers\ODgzMjZkMmM5Z => moved successfully
"C:\Program Files (x86)\DriverPack Notifier" => not found
"C:\Users\private\AppData\Roaming\\simpletools\\masterguid.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 128855428 B
Java, Flash, Steam htmlcache => 405889215 B
Windows/system/drivers => 222949 B
Edge => 9498 B
Chrome => 0 B
Firefox => 2189021769 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 15062756 B
private => 62213185 B

RecycleBin => 4086 B
EmptyTemp: => 2.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:15:59 ====


All fixed I guess?
Many thanks for the help.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.