ValeonX Posted May 4, 2019 ID:1311124 Share Posted May 4, 2019 i downloaded FRST and these are my results.FRST.txtAddition.txt.PLS help me Link to post Share on other sites More sharing options...
ValeonX Posted May 4, 2019 Author ID:1311125 Share Posted May 4, 2019 Also i cant download malwarebytes because an admin is blocking me from installing the app Link to post Share on other sites More sharing options...
nasdaq Posted May 4, 2019 ID:1311135 Share Posted May 4, 2019 (edited) Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Please post the Fixlog.tx If the problem persists please run the Farbar program and post fresh logs. fixlist.txt Edited May 4, 2019 by nasdaq Link to post Share on other sites More sharing options...
ValeonX Posted May 5, 2019 Author ID:1311238 Share Posted May 5, 2019 I didn't know what to post so take all of them. Addition.txt Fixlog.txt FRST.txt Link to post Share on other sites More sharing options...
nasdaq Posted May 5, 2019 ID:1311257 Share Posted May 5, 2019 (edited) Hi, The last fix did not go as expected. You have a Trojan.Win32.CoinMiner infection. I have identified the bad. Edit. Please download and use the Fixlist.txt attached. If the you create the file from what I have posted it may not work. === Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX. Type Notepad and and click the OK key. Please copy the entire contents of the code box below to the a new file. start CreateRestorePoint: EmptyTemp: CloseProcesses: (Microsoft Corporation) [File not signed] C:\Windows\servicing\MsMpEngs.exe (Microsoft Corporation) [File not signed] C:\Windows\servicing\OneDrive.exe HKLM-x32\...\Run: [chksum] => C:\Windows\servicing\OneDrive.exe [22016 2019-03-11] (Microsoft Corporation) [File not signed] HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (U) HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (U) HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (U) HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (SurfRight B.V.) <==== ATTENTION HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (Zemana) <==== ATTENTION HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (Qihu 360 Software Co. Limited) <==== ATTENTION HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (U) HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (U) HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (U) HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKU\S-1-5-21-2426846101-1662573320-2267603240-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 U4 napagent; no ImagePath AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [464] AlternateDataStreams: C:\Users\Xmanos\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\Xmanos\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] FirewallRules: [{89DB5941-F39E-4706-A2B6-98F4BC7964B3}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{3FF51DD4-6F3E-4EF1-87EA-F1A7FB21D06C}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [TCP Query User{A530A079-2EC7-4499-BA97-753CFE65E283}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{7820FAD9-0F0C-44EE-A312-12617D95532D}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{5E9E97B3-7DA7-403C-ACA7-CEA384B69CA7}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.182\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.182\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{AE195A76-5545-451A-8DD9-FF51B340F37A}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.182\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.182\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{9F26E633-612B-43F1-AEC2-92C4F88A3C12}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{816B1979-17CB-433C-94FB-6D842A90FE56}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{0362D1F8-1568-4119-85EF-E43252DEF703}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{73009EAA-B80F-4146-9FA3-25FFC391BC89}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{FE505783-80B3-4EF7-9C42-5604FB97D69E}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{0BABA199-D046-4074-B9E3-5468039732B4}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{51C618F1-8BA7-40AE-BA3E-A29A44B4DFE8}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{9DEC1B54-732F-474E-B155-6E7B4159D780}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{A0F43320-81C2-4419-B544-72FAC39EB2E1}E:\p????aµµata portable\graphisoft\archicad 22\archicad.exe] => (Allow) E:\p????aµµata portable\graphisoft\archicad 22\archicad.exe No File FirewallRules: [UDP Query User{AFCC49AF-E868-4CD3-A39A-A4C7C74D5D27}E:\p????aµµata portable\graphisoft\archicad 22\archicad.exe] => (Allow) E:\p????aµµata portable\graphisoft\archicad 22\archicad.exe No File FirewallRules: [TCP Query User{27F75B7B-7682-488B-9F9F-3D51D6408139}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{00D173B7-71DD-4DF4-B003-A8DA0F9BBC74}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{CF178B3F-52A9-4E00-8646-CF08760B4F17}D:\windowsapps\spotifyab.spotifymusic_1.101.348.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.101.348.0_x86__zpdnekdrzrea0\spotify.exe No File FirewallRules: [UDP Query User{ED4900CB-00CA-425E-B37A-DBE4C1C7692E}D:\windowsapps\spotifyab.spotifymusic_1.101.348.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.101.348.0_x86__zpdnekdrzrea0\spotify.exe No File FirewallRules: [TCP Query User{DDC46CE6-6644-4B4F-9238-8EDA4A3076EE}D:\windowsapps\spotifyab.spotifymusic_1.103.259.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.103.259.0_x86__zpdnekdrzrea0\spotify.exe No File FirewallRules: [UDP Query User{EA3F30FC-8C26-417D-8A18-9D37865883EF}D:\windowsapps\spotifyab.spotifymusic_1.103.259.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.103.259.0_x86__zpdnekdrzrea0\spotify.exe No File FirewallRules: [TCP Query User{C74308AB-697B-45F9-9B2D-297268268634}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{D3C0811E-1D58-430E-91CF-73C1F3927AFB}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{6D69FE3A-8EA9-4AEB-8821-23F45110B97B}D:\battle.net\battle.net\battle.net.10979\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\battle.net\battle.net.10979\hearthstone\hearthstone.exe No File FirewallRules: [UDP Query User{81D40728-4D4D-43D7-AD35-C3457012DCB6}D:\battle.net\battle.net\battle.net.10979\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\battle.net\battle.net.10979\hearthstone\hearthstone.exe No File FirewallRules: [TCP Query User{8E21C6C1-A795-4CBA-87E1-B9DCCD3AFC5C}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{3072D3C5-D933-495B-BCB1-81FC5B7635E1}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{389A5035-FFD1-46AE-AF52-F3F4209B51C5}D:\windowsapps\spotifyab.spotifymusic_1.104.197.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.104.197.0_x86__zpdnekdrzrea0\spotify.exe No File FirewallRules: [UDP Query User{16ECA8EB-D81E-4A5B-A2BA-8D4FA1F935E7}D:\windowsapps\spotifyab.spotifymusic_1.104.197.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.104.197.0_x86__zpdnekdrzrea0\spotify.exe No File FirewallRules: [TCP Query User{2EDEE108-2BAD-4237-8BF2-85E977ADABF1}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{790F506D-3C80-439F-A883-30DEBDE0D1FB}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{4579C727-3F6F-4EE7-BCB2-BC48E382704E}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{CE147884-8213-44A3-9E82-C1AEA9753C0C}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{6F2F4255-F6CB-449B-A325-EDB12BF48611}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{E9F6FA1E-0F38-4B40-8D33-841CF800ECE2}D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) D:\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File C:\Windows\servicing\MsMpEngs.exe C:\Windows\servicing\OneDrive.exe 2019-05-05 00:21 - 2019-05-05 00:37 - 000000150 _____ C:\Windows\Reimage.ini Reboot: End Download the file as fixlist.txt in the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the Farbar log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === You should now be able to download Malwarebytes. Run it this way. Open Malwarebytes Anti-Malware. On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected:Scan for RootkitsScan within Archives Scroll further to Potential Threat Protection make sure the following are set as follows: Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)Potentially Unwanted Modifications (PUM`s) set as :- Always detect PUM`s (recommended) Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following: Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed.Click Export > From export you have two options: > From export you have two options: Copy to Clipboard - if selected right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply. === Please post the logs and let me know what problem persists. fixlist.txt Edited May 5, 2019 by nasdaq Link to post Share on other sites More sharing options...
nasdaq Posted May 10, 2019 ID:1312135 Share Posted May 10, 2019 Are you still with me? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 20, 2019 Root Admin ID:1313619 Share Posted May 20, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts