Phantom Posted December 9, 2020 ID:1426158 Share Posted December 9, 2020 On 07 Dec I was infected with .nobu ransomware by downloading a software & unfortunately this is an online key so recovering my encrypted files is not possible. So once I was infected I started the cleaning process with the following software's: Malwarebytes Anti-Rootkit Beta, Malwarebytes, Adw Cleaner, Rogue Killer & FRST. After this my PC was clean but I still got some problems...like I am still able to see files in my registry saved under "nobu" are they still a threat? Should I delete them manually? And sometimes Chrome is still trying to pop up with ads & random trojan websites although Malwarebytes is blocking them but I need to know how to stop it...I have already removed all the extensions added by the virus & reset the browsers. Lastly some IMPORTANT thing for those who have been affected with this virus even after cleaning the virus you have to manually delete the IP address added by the virus in your hosts (computer / windows / system32/ drivers / etc / hosts). Looking forward for an urgent response. Link to post Share on other sites More sharing options...
kevinf80 Posted December 9, 2020 ID:1426186 Share Posted December 9, 2020 Hiya Phantom and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin Link to post Share on other sites More sharing options...
Phantom Posted December 9, 2020 Author ID:1426200 Share Posted December 9, 2020 Heyy Kevin, Thank you for your prompt response...I have Malwarebytes already installed so as you said I enabled the root kits (archived where already ticked). I ran the scan and 01 detection was found but when I checked it was a file which was already quarantined by Rogue Killer. When I re-checked Rogue Killer logs I see it has quarantined autoKMS.log & autoKMS.exe I don't think it is related with nobu...right? However attached is the log from Malwarebytes. I will do the scan with Sophos & Farbar later coz I am already running Photorec in the background & hoping to recover some files...it's already done at 50%. As you said that Sophos will take some time & do not use the PC. Will do as soon as the Photorec process is over & get back to you. Cheers. MB History.txt Link to post Share on other sites More sharing options...
Phantom Posted December 9, 2020 Author ID:1426201 Share Posted December 9, 2020 Find the MB history as below, so you do not have to download the file. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/9/20 Scan Time: 5:44 PM Log File: 0e20414c-3a18-11eb-a9ab-f01faf403338.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.34123 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: DELL-07-PC\DELL-07 -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233391 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 8 min, 56 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\71357C62322A3D83.VIR, No Action By User, 0, 392686, 1.0.34123, , shuriken, , A326689A279A533A1587B9032AA6AD7B, 4AA0DAAB0DEE253495078CC87D668CC4B2912B40C287C9D405F5B416683F57A3 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Phantom Posted December 9, 2020 Author ID:1426238 Share Posted December 9, 2020 Have done scanning with the rest 02 tools, Sophos found one threat. Find the logs as follows: Sophos 2020-12-09 14:58:34.889 Sophos Virus Removal Tool version 2.8.0 2020-12-09 14:58:34.889 Copyright (c) 2009-2020 Sophos Limited. All rights reserved. 2020-12-09 14:58:34.889 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2020-12-09 14:58:34.889 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64 2020-12-09 14:58:34.890 Checking for updates... 2020-12-09 14:58:35.626 Update progress: proxy server not available 2020-12-09 14:58:43.924 Downloading updates... 2020-12-09 14:58:43.925 Update progress: [I96736] sdds.svrt_v1.20: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2020-12-09 14:58:43.925 Update progress: [I95020] sdds.svrt_v1.20: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2020-12-09 14:58:43.925 Update progress: [I22529] sdds.svrt_v1.20: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2020-12-09 14:58:43.925 Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update-B: url=SOPHOS 2020-12-09 14:58:43.925 Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file 2020-12-09 14:58:43.925 Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file 2020-12-09 14:58:43.925 Update progress: [V81533] SU::createCachedPackageSource creating cached package source 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 94 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2ce2ec3f760c3dbfc1d8e2ed416e7feex000.xml: 2522 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2ce2ec3f760c3dbfc1d8e2ed416e7feex000.xml: 15 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3bb2c2f9d31132827cd6a81fc1f7e792x000.xml: 8673 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3bb2c2f9d31132827cd6a81fc1f7e792x000.xml: 16 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE583/1c92fd00a421422e551741ebba66434ex000.xml: 590 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE583/1c92fd00a421422e551741ebba66434ex000.xml: 156 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 598 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 62 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE579/26a1a097a14b8e0bbd28be53a2aafb1ex000.xml: 601 bytes 2020-12-09 14:58:43.925 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE579/26a1a097a14b8e0bbd28be53a2aafb1ex000.xml: 16 ms 2020-12-09 14:58:43.925 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE580/44559335c6f1bc63dde9d811db091136x000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE580/44559335c6f1bc63dde9d811db091136x000.xml: 31 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE577/55f0b0a4e526c2d0401e01357d48129ax000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE577/55f0b0a4e526c2d0401e01357d48129ax000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE576/7ed1ad18698b36122cfd3eb25407d6e6x000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE576/7ed1ad18698b36122cfd3eb25407d6e6x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE575/f655ae2aebfe5da4ab6db868c674ba43x000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE575/f655ae2aebfe5da4ab6db868c674ba43x000.xml: 46 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE578/fd09277a9cc316c7820beadc29555583x000.xml: 601 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE578/fd09277a9cc316c7820beadc29555583x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE582/82c6da4417f47dbfe85579c76f31c452x000.xml: 2055 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE582/82c6da4417f47dbfe85579c76f31c452x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE581/ac27a781f955fe1f363fed7ca3ebc5ffx000.xml: 9909 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE581/ac27a781f955fe1f363fed7ca3ebc5ffx000.xml: 62 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e499540fe0102bd9a2b11010845937ebx000.xml: 615 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e499540fe0102bd9a2b11010845937ebx000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4b8b6493af61681b9359850a322b02c7x000.xml: 320 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4b8b6493af61681b9359850a322b02c7x000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 753 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 331 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 31 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f68284d0c844770e160f65625b572b5ex000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f68284d0c844770e160f65625b572b5ex000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b6237eb64a0908d40c9415a7c7ba3843x000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b6237eb64a0908d40c9415a7c7ba3843x000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 664cf44531a491f6d94d8e883ebd8013x000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 664cf44531a491f6d94d8e883ebd8013x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e633c35f2a494780bd5b5266ac06f13ax000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e633c35f2a494780bd5b5266ac06f13ax000.xml: 47 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d48b68b7041bde7c1484c5cb94897672x000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d48b68b7041bde7c1484c5cb94897672x000.xml: 46 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 28bb8eb241a254452f85129686b027e5x000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 28bb8eb241a254452f85129686b027e5x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2a074ff18c7f3222667dc2edfa46e75fx000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2a074ff18c7f3222667dc2edfa46e75fx000.xml: 31 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9bb8aeca1b234665832ec72c609610cex000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9bb8aeca1b234665832ec72c609610cex000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7009c81b29e1d232da816176e143ae49x000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7009c81b29e1d232da816176e143ae49x000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 51d6e7beb10ae1cf1b534f59c6e58e86x000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 51d6e7beb10ae1cf1b534f59c6e58e86x000.xml: 32 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ff82765819ae95b2d888a3384d7f2c2cx000.xml: 1027 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ff82765819ae95b2d888a3384d7f2c2cx000.xml: 46 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d9a77a07892e11509435eeb503ebcbafx000.xml: 338 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d9a77a07892e11509435eeb503ebcbafx000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: edba9d025184cf9e450353e621575fd7x000.xml: 877 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: edba9d025184cf9e450353e621575fd7x000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c3b05924f8bebb2144ddae058798a9e0x000.xml: 320 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c3b05924f8bebb2144ddae058798a9e0x000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 143a722a52e62e05945de47738c85c0fx000.xml: 877 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 143a722a52e62e05945de47738c85c0fx000.xml: 16 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 15858544ab8b144fb289f49c2e7c806ax000.xml: 332 bytes 2020-12-09 14:58:43.926 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 15858544ab8b144fb289f49c2e7c806ax000.xml: 15 ms 2020-12-09 14:58:43.926 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b005f37e178c4fc45de9c57268dadc50x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b005f37e178c4fc45de9c57268dadc50x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8dd4490449ab42a73fe4df2c752a7782x000.xml: 332 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8dd4490449ab42a73fe4df2c752a7782x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7058c13cfd7f5e6039f891311ebba8aax000.xml: 1027 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7058c13cfd7f5e6039f891311ebba8aax000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ba077c5e28537dafc410507ccaf5f83bx000.xml: 332 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ba077c5e28537dafc410507ccaf5f83bx000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: bc2c5e7314423265da7857c71bf782e5x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: bc2c5e7314423265da7857c71bf782e5x000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5e7460873006b214fd68e9307c8b01cfx000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5e7460873006b214fd68e9307c8b01cfx000.xml: 32 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f222f289153e3ed05abafd3fa3e91c64x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f222f289153e3ed05abafd3fa3e91c64x000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5460d93c864bcac80628c717f3c5cad4x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5460d93c864bcac80628c717f3c5cad4x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: df3a4de52142d5fc6506775e1114924cx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: df3a4de52142d5fc6506775e1114924cx000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4c9d868240075771bc631fd70ffeb16ex000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4c9d868240075771bc631fd70ffeb16ex000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4eac5d58eaa7027016f336e941c20e03x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4eac5d58eaa7027016f336e941c20e03x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b4b5ea57a2c3ebf1d2d8b13470bee761x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b4b5ea57a2c3ebf1d2d8b13470bee761x000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5d1d99fd3f7fe3de9da46d177eb9872cx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5d1d99fd3f7fe3de9da46d177eb9872cx000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 00221b86018a1a9f486e7f8d3afc1607x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 00221b86018a1a9f486e7f8d3afc1607x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c6eb697ca554f7656b875d8975c2c204x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c6eb697ca554f7656b875d8975c2c204x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2631c86b4d54d95167e94e0af8efdd0dx000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2631c86b4d54d95167e94e0af8efdd0dx000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d419ff734350263f3ea5229d8494a763x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d419ff734350263f3ea5229d8494a763x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 303946e68b324d60ecce2eb79a1265a9x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 303946e68b324d60ecce2eb79a1265a9x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4fea943908090fea4ce54d42e6a8d63cx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4fea943908090fea4ce54d42e6a8d63cx000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 46b53c8c400ba0b5f0ba5f5af433180fx000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 46b53c8c400ba0b5f0ba5f5af433180fx000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5479e6c1fd454379a09450fdf960dd10x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5479e6c1fd454379a09450fdf960dd10x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a3a9d4c9159578b14300adbacc533e7ax000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a3a9d4c9159578b14300adbacc533e7ax000.xml: 32 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ea86ddefe491482d9d21f40d7a64d7ebx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ea86ddefe491482d9d21f40d7a64d7ebx000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6986765f6535230a3c867f1cf5e111e6x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6986765f6535230a3c867f1cf5e111e6x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5df1e15bd950f6636297a2443e91332bx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5df1e15bd950f6636297a2443e91332bx000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3ce0a7e01a1ba3f71ec640dc9b001801x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3ce0a7e01a1ba3f71ec640dc9b001801x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1bb8f856988a42b9f3675c7acbf46dc4x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1bb8f856988a42b9f3675c7acbf46dc4x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0393d948872ce4b27e290b4839b39648x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0393d948872ce4b27e290b4839b39648x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5cc8dfcd766d6ea2706a76c5e3369a3dx000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5cc8dfcd766d6ea2706a76c5e3369a3dx000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 533d3759ebcb48dd1a9ba752edd164fax000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 533d3759ebcb48dd1a9ba752edd164fax000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b48888e6eaaff687109f190051608730x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b48888e6eaaff687109f190051608730x000.xml: 15 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 282c18d102daef7b4b2b697afa6c4bb6x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 282c18d102daef7b4b2b697afa6c4bb6x000.xml: 16 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f8adfca9d000f4d972c8991333b5f710x000.xml: 877 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f8adfca9d000f4d972c8991333b5f710x000.xml: 31 ms 2020-12-09 14:58:43.927 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e9539119d0beec27fc3ba78a60f1c132x000.xml: 336 bytes 2020-12-09 14:58:43.927 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e9539119d0beec27fc3ba78a60f1c132x000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a980367ca95cfb9ba11ac74057b9f833x000.xml: 877 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a980367ca95cfb9ba11ac74057b9f833x000.xml: 15 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a5f7c4b9bc9e10b2abf6d913ca0f416dx000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a5f7c4b9bc9e10b2abf6d913ca0f416dx000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d05778823a713782d5f325d6d91fbab3x000.xml: 877 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d05778823a713782d5f325d6d91fbab3x000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 269257b45b2cfa91af801b062dfb86eex000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 269257b45b2cfa91af801b062dfb86eex000.xml: 31 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7a345d0770fbe9368241a63614b6b5bdx000.xml: 877 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7a345d0770fbe9368241a63614b6b5bdx000.xml: 15 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8dd737edbb9988958cbaee7f9c1b35b1x000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8dd737edbb9988958cbaee7f9c1b35b1x000.xml: 32 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 50a8cfbf06b755aadababdeaf7061eb3x000.xml: 877 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 50a8cfbf06b755aadababdeaf7061eb3x000.xml: 15 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 60aac09c9397edecc1b3ce557394d39dx000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 60aac09c9397edecc1b3ce557394d39dx000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: da82c4321ed3a85c851dd96613257cf6x000.xml: 1027 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: da82c4321ed3a85c851dd96613257cf6x000.xml: 15 ms 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d6f82f98826028071fb6ad3490b7ce39x000.xml: 336 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d6f82f98826028071fb6ad3490b7ce39x000.xml: 16 ms 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE579 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE579 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE579 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE580 LATEST path= baseVersion= [included from product IDE579 LATEST path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE580 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE580 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE581 LATEST path= baseVersion= [included from product IDE580 LATEST path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE581 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE581 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE582 LATEST path= baseVersion= [included from product IDE581 LATEST path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE582 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE582 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I49502] sdds.data0910.xml: found supplement IDE583 LATEST path= baseVersion= [included from product IDE582 LATEST path=] 2020-12-09 14:58:43.928 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE583 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE583 LATEST path= 2020-12-09 14:58:43.928 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2020-12-09 14:58:43.928 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c90fc61d20c95b97fb8f24a79b020a22x000.xml: 58196 bytes 2020-12-09 14:58:43.928 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c90fc61d20c95b97fb8f24a79b020a22x000.xml: 202 ms 2020-12-09 14:58:43.928 Update progress: [I19463] Product download size 175118518 bytes 2020-12-09 14:58:47.531 Option all = no 2020-12-09 14:58:47.531 Option recurse = yes 2020-12-09 14:58:47.531 Option archive = no 2020-12-09 14:58:47.531 Option service = yes 2020-12-09 14:58:47.531 Option confirm = yes 2020-12-09 14:58:47.531 Option sxl = yes 2020-12-09 14:58:47.532 Option max-data-age = 35 2020-12-09 14:58:47.532 Option vdl-logging = yes 2020-12-09 14:58:47.536 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2020-12-09 14:58:47.536 Machine ID: 72e114e2c8c646ad8f75caee21ad7a2b 2020-12-09 14:58:47.552 Component SVRTcli.exe version 2.8.0 2020-12-09 14:58:47.552 Component control.dll version 2.8.0 2020-12-09 14:58:47.552 Component SVRTservice.exe version 2.8.0 2020-12-09 14:58:47.552 Component engine\osdp.dll version 1.44.1.2490 2020-12-09 14:58:47.552 Component engine\veex.dll version 3.79.0.2490 2020-12-09 14:58:47.552 Component engine\savi.dll version 9.0.20.2490 2020-12-09 14:58:47.553 Component rkdisk.dll version 1.5.33.1 2020-12-09 14:58:47.553 Version info: Product version 2.8.0 2020-12-09 14:58:47.553 Version info: Detection engine 3.79.0 2020-12-09 14:58:47.553 Version info: Detection data 5.78 2020-12-09 14:58:47.553 Version info: Build date 9/8/2020 2020-12-09 14:58:47.553 Version info: Data files added 404 2020-12-09 14:58:47.553 Version info: Last successful update (not yet updated) 2020-12-09 14:58:48.453 Update progress: [I19463] Syncing product IDE579 LATEST path= 2020-12-09 14:58:48.453 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4c2bcd4c718673e16f63e09efff1a8ex000.xml: 38198 bytes 2020-12-09 14:58:48.453 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4c2bcd4c718673e16f63e09efff1a8ex000.xml: 312 ms 2020-12-09 14:58:48.453 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 80c010739f5e4c4f864dc9c1fae69d07x000.xml: 397 bytes 2020-12-09 14:58:48.453 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 80c010739f5e4c4f864dc9c1fae69d07x000.xml: 16 ms 2020-12-09 14:58:48.453 Update progress: [I19463] Product download size 3367160 bytes 2020-12-09 14:58:48.778 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 47359be3189a166823d428918b6a3c51x000.xml: 5195 bytes 2020-12-09 14:58:48.778 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 47359be3189a166823d428918b6a3c51x000.xml: 31 ms 2020-12-09 14:58:48.852 Update progress: [I19463] Syncing product IDE580 LATEST path= 2020-12-09 14:58:48.852 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: fa14ac969204291e5569af27e2082366x000.xml: 39399 bytes 2020-12-09 14:58:48.852 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: fa14ac969204291e5569af27e2082366x000.xml: 31 ms 2020-12-09 14:58:48.852 Update progress: [I19463] Product download size 2835246 bytes 2020-12-09 14:58:50.040 Update progress: [I19463] Syncing product IDE581 LATEST path= 2020-12-09 14:58:50.040 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 17f809780a173606a6bb5e40b9ae96bcx000.xml: 22780 bytes 2020-12-09 14:58:50.040 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 17f809780a173606a6bb5e40b9ae96bcx000.xml: 31 ms 2020-12-09 14:58:50.040 Update progress: [I19463] Product download size 1593214 bytes 2020-12-09 14:58:50.202 Update progress: [I19463] Syncing product IDE582 LATEST path= 2020-12-09 14:58:50.202 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1afa1ddc28682a88313795a51cac53dcx000.xml: 881 bytes 2020-12-09 14:58:50.202 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1afa1ddc28682a88313795a51cac53dcx000.xml: 15 ms 2020-12-09 14:58:50.202 Update progress: [I19463] Product download size 49749 bytes 2020-12-09 14:58:50.339 Update progress: [I19463] Syncing product IDE583 LATEST path= 2020-12-09 14:58:50.339 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f430c089bf466bb070b959d79391e4c2x000.xml: 124 bytes 2020-12-09 14:58:50.339 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f430c089bf466bb070b959d79391e4c2x000.xml: 93 ms 2020-12-09 14:58:50.369 Installing updates... 2020-12-09 14:58:50.972 Error level 1 2020-12-09 14:59:00.507 Update successful 2020-12-09 14:59:17.020 Option all = no 2020-12-09 14:59:17.020 Option recurse = yes 2020-12-09 14:59:17.020 Option archive = no 2020-12-09 14:59:17.020 Option service = yes 2020-12-09 14:59:17.020 Option confirm = yes 2020-12-09 14:59:17.020 Option sxl = yes 2020-12-09 14:59:17.022 Option max-data-age = 35 2020-12-09 14:59:17.022 Option vdl-logging = yes 2020-12-09 14:59:17.025 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2020-12-09 14:59:17.025 Machine ID: 72e114e2c8c646ad8f75caee21ad7a2b 2020-12-09 14:59:17.026 Component SVRTcli.exe version 2.8.0 2020-12-09 14:59:17.026 Component control.dll version 2.8.0 2020-12-09 14:59:17.026 Component SVRTservice.exe version 2.8.0 2020-12-09 14:59:17.026 Component engine\osdp.dll version 1.44.1.2490 2020-12-09 14:59:17.026 Component engine\veex.dll version 3.79.0.2490 2020-12-09 14:59:17.026 Component engine\savi.dll version 9.0.20.2490 2020-12-09 14:59:17.027 Component rkdisk.dll version 1.5.33.1 2020-12-09 14:59:17.027 Version info: Product version 2.8.0 2020-12-09 14:59:17.027 Version info: Detection engine 3.79.0 2020-12-09 14:59:17.027 Version info: Detection data 5.78 2020-12-09 14:59:17.027 Version info: Build date 9/8/2020 2020-12-09 14:59:17.027 Version info: Data files added 405 2020-12-09 14:59:17.027 Version info: Last successful update 12/9/2020 8:29:00 PM 2020-12-09 15:07:10.684 Could not open C:\hiberfil.sys 2020-12-09 15:07:15.102 Could not open C:\pagefile.sys 2020-12-09 15:11:24.516 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.517 Could not open C:\System Volume Information\{70c399c9-3a25-11eb-abcb-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.517 Could not open C:\System Volume Information\{cfecb5c6-3922-11eb-ae92-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.517 Could not open C:\System Volume Information\{cfecb5ca-3922-11eb-ae92-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.518 Could not open C:\System Volume Information\{cfecb5ef-3922-11eb-ae92-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.518 Could not open C:\System Volume Information\{cfecb603-3922-11eb-ae92-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:11:24.518 Could not open C:\System Volume Information\{ebad78fa-389c-11eb-8036-f01faf403338}{3808876b-c176-4e48-b7ae-04046e6cc752} 2020-12-09 15:12:53.049 Could not open C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Sessions\Session_13251995476783216 2020-12-09 15:12:53.092 Could not open C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Sessions\Tabs_13251997569990059 2020-12-09 15:13:07.721 >>> Virus 'Mal/Generic-S' found in file C:\Users\DELL-07\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RDQWLJC\file[1].exe 2020-12-09 15:13:07.721 >>> Virus 'Mal/Generic-S' found in file C:\Users\DELL-07\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RDQWLJC\file[1].exe 2020-12-09 15:33:35.096 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2020-12-09 15:33:35.098 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2020-12-09 15:33:39.316 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2020-12-09 15:33:39.317 Could not open C:\Windows\System32\config\RegBack\SAM 2020-12-09 15:33:39.319 Could not open C:\Windows\System32\config\RegBack\SECURITY 2020-12-09 15:33:39.320 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2020-12-09 15:33:39.321 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2020-12-09 16:04:46.787 Could not open LOGICAL:0003:00000000 2020-12-09 16:04:46.797 Could not open D:\ 2020-12-09 16:14:00.064 The following items will be cleaned up: 2020-12-09 16:14:00.064 Mal/Generic-S 2020-12-09 16:16:24.225 Threat 'Mal/Generic-S' has been cleaned up. 2020-12-09 16:16:24.225 File "C:\Users\DELL-07\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RDQWLJC\file[1].exe" belongs to malware 'Mal/Generic-S'. 2020-12-09 16:16:24.225 File "C:\Users\DELL-07\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RDQWLJC\file[1].exe" has been cleaned up. 2020-12-09 16:16:24.226 Removal successful 2020-12-09 16:16:25.088 Error level 0 FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2020 Ran by DELL-07 (administrator) on DELL-07-PC (Dell Inc. Latitude E6330) (09-12-2020 22:22:28) Running from C:\Users\DELL-07\Desktop\Secure Loaded Profiles: DELL-07 Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2> (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6> (TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (www.shadowexplorer.com) [File not signed] C:\Program Files (x86)\ShadowExplorer\sesvc.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7953976 2019-12-10] (Intel Corporation -> Motorola Solutions, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016568 2020-12-02] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\Run: [GoogleChromeAutoLaunch_46D14624D80CA338C7782938840B2358] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: {359a99c5-b246-11ea-99a3-f01faf403338} - F:\OnePlus_setup.exe /s HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: {359a9a96-b246-11ea-99a3-f01faf403338} - F:\Setup.exe HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: {8922ee51-6996-11ea-9081-f01faf403338} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-4013663536-3610763388-2062449828-1000\...\MountPoints2: {cdc89385-94ca-11ea-9ee0-f01faf403338} - F:\HiSuiteDownLoader.exe HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-04-07] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Upd7Live.exe [2016-10-14] (Alexander Lomachevsky -> simplix) HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1EDC6236-2BDD-44F2-829A-7A826FAB68F3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-30] (Mozilla Corporation -> Mozilla Foundation) Task: {62740F29-214B-4A51-831B-33E5AB14AA07} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC -> Google LLC) Task: {8765A8CE-5E93-4289-9E18-88144A173270} - System32\Tasks\Firefox Default Browser Agent BE9C2D0CFAE2B446 => C:\Users\DELL-07\AppData\Roaming\waeedui.exe <==== ATTENTION Task: {9C43CC97-4AD0-4343-BC36-8D3931532DD6} - System32\Tasks\NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544} => C:\Users\DELL-07\AppData\Roaming\eveedui.exe <==== ATTENTION Task: {B65B82F8-0CC8-46F4-8029-6B3A955C8B35} - System32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} => C:\Users\DELL-07\AppData\Roaming\hieedui.exe <==== ATTENTION Task: {C68007BC-44C8-40A2-BE5C-29F79E00C68A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC -> Google LLC) Task: {EC7F5AB1-7547-4DDC-9280-9A84B0495770} - System32\Tasks\{C8A3C36B-E4E3-42A6-AE0C-B9423F0539CD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Malwarebytes\Anti-Malware\mbemsg.exe" -d "C:\Program Files\Malwarebytes\Anti-Malware" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{EE777AB5-DB11-4291-945F-D0302F3AC3ED}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF DefaultProfile: gpz3r2pa.default FF ProfilePath: C:\Users\DELL-07\AppData\Roaming\Mozilla\Firefox\Profiles\gpz3r2pa.default [2020-06-04] FF ProfilePath: C:\Users\DELL-07\AppData\Roaming\Mozilla\Firefox\Profiles\z180s208.default-release [2020-12-08] FF Extension: (Greasemonkey) - C:\Users\DELL-07\AppData\Roaming\Mozilla\Firefox\Profiles\z180s208.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 2 CHR Profile: C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-12-09] CHR DownloadDir: C:\Users\DELL-07\Desktop\Secure CHR Extension: (Slides) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-21] CHR Extension: (Docs) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-21] CHR Extension: (Google Drive) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24] CHR Extension: (YouTube) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-21] CHR Extension: (Email Tracker) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bnompdfnhdbgdaoanapncknhmckenfog [2020-12-05] CHR Extension: (WebRTC Leak Shield) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bppamachkoflopbagkdoflbgfjflfnfl [2020-08-25] CHR Extension: (Facebook Pixel Helper) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-01] CHR Extension: (Sheets) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-21] CHR Extension: (Google Docs Offline) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17] CHR Extension: (SimilarWeb - Traffic Rank & Website Analysis) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp [2020-11-16] CHR Extension: (Screenshot Tool and Editor) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ialiedlpfknneamnbemcgmaboleiccdd [2020-11-18] CHR Extension: (FATRANK) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jcnfkjjanbdfabigknbedgkfjkljhbdn [2020-12-07] CHR Extension: (Formatted email subject lines by cloudHQ) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbnejjahbkciooojokighdfkmcgkpjfb [2020-11-17] CHR Extension: (Gmail™ Email Templates by cloudHQ) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\llccdnmbipddnkhmldacpcjjcnljpoij [2020-11-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-21] CHR Extension: (Data Scraper - Easy Web Scraping) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2020-11-21] CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2020-10-18] CHR Extension: (Gmail) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Extension: (Chrome Media Router) - C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20] CHR Profile: C:\Users\DELL-07\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-07] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3668944 2020-08-08] (philandro Software GmbH -> philandro Software GmbH) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-08-06] (Mixbyte Inc -> Freemake) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [518712 2019-12-19] (Intel Corporation -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-07] (Malwarebytes Inc -> Malwarebytes) R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13666872 2020-11-17] (Adlice -> ) R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7031056 2016-05-02] (TeamViewer -> TeamViewer GmbH) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-07] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-07] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-12-08] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2020-12-08] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-07] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [126576 2020-12-08] (Malwarebytes Inc -> Malwarebytes) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2020-12-09] (Adlice -> ) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2020-12-09 22:21 - 2020-12-09 22:23 - 000000000 ____D C:\FRST 2020-12-09 20:28 - 2020-12-09 20:28 - 000000000 ____D C:\ProgramData\Sophos 2020-12-09 20:27 - 2020-12-09 20:27 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2020-12-09 20:27 - 2020-12-09 20:27 - 000002759 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk 2020-12-09 20:27 - 2020-12-09 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2020-12-09 20:27 - 2020-12-09 20:27 - 000000000 ____D C:\Program Files (x86)\Sophos 2020-12-09 19:20 - 2020-12-09 19:20 - 000290968 _____ C:\Windows\Minidump\120920-14445-01.dmp 2020-12-09 18:56 - 2020-12-09 18:56 - 000020053 _____ C:\Users\DELL-07\Downloads\creports 2020-12-09 (1).csv 2020-12-09 13:56 - 2020-12-09 20:17 - 000015192 _____ C:\Users\DELL-07\Desktop\Linkedin New.csv 2020-12-08 21:16 - 2020-12-08 21:16 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-12-08 21:15 - 2020-12-09 19:20 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys 2020-12-08 21:15 - 2020-12-08 21:15 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-12-08 21:15 - 2020-12-08 21:15 - 000126576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-12-08 21:01 - 2020-12-08 21:01 - 036641874 _____ C:\Users\DELL-07\Desktop\Backup.reg 2020-12-08 20:48 - 2020-12-08 20:48 - 000000000 ____D C:\Windows\pss 2020-12-08 14:49 - 2020-12-08 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataNumen Excel Repair 2020-12-08 14:48 - 2020-12-08 14:48 - 000000000 ____D C:\Users\DELL-07\AppData\Local\Downloaded Installations 2020-12-08 12:35 - 2020-12-08 12:35 - 000000000 ____D C:\Users\DELL-07\Desktop\testdisk-7.1.win 2020-12-08 12:29 - 2020-12-08 12:29 - 000290968 _____ C:\Windows\Minidump\120820-16941-01.dmp 2020-12-07 22:10 - 2020-12-08 11:27 - 000000000 ____D C:\Program Files\Recuva 2020-12-07 22:10 - 2020-12-07 22:10 - 000001658 _____ C:\Users\Public\Desktop\Recuva.lnk 2020-12-07 22:10 - 2020-12-07 22:10 - 000001658 _____ C:\ProgramData\Desktop\Recuva.lnk 2020-12-07 22:10 - 2020-12-07 22:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2020-12-07 22:04 - 2020-12-07 22:04 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\www.shadowexplorer.com 2020-12-07 22:03 - 2020-12-07 22:03 - 000001889 _____ C:\Users\DELL-07\Desktop\ShadowExplorer.lnk 2020-12-07 22:03 - 2020-12-07 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2020-12-07 22:03 - 2020-12-07 22:03 - 000000000 ____D C:\Program Files (x86)\ShadowExplorer 2020-12-07 21:46 - 2020-12-07 21:46 - 000000000 ____D C:\Windows\ERUNT 2020-12-07 21:45 - 2020-12-07 21:46 - 000000841 _____ C:\DelFix.txt 2020-12-07 21:16 - 2020-12-08 13:19 - 000000000 ____D C:\Windows\system32\appmgmt 2020-12-07 20:37 - 2020-12-07 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2020-12-07 20:37 - 2020-12-07 20:37 - 000000000 ____D C:\Program Files\RogueKiller 2020-12-07 20:36 - 2020-12-07 20:42 - 000000000 ____D C:\ProgramData\RogueKiller 2020-12-07 20:18 - 2020-12-07 20:18 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-12-07 20:18 - 2020-12-07 20:18 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-12-07 20:18 - 2020-12-07 20:18 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-12-07 20:18 - 2020-12-07 20:18 - 000000000 ____D C:\Users\DELL-07\AppData\Local\mbam 2020-12-07 20:17 - 2020-12-07 20:17 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-12-07 20:17 - 2020-12-07 20:17 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-12-07 20:16 - 2020-12-07 20:16 - 000000000 ____D C:\Program Files\Malwarebytes 2020-12-07 19:17 - 2020-12-07 19:17 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7463515B.sys 2020-12-07 19:16 - 2020-12-07 20:30 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2020-12-07 19:16 - 2020-12-07 20:18 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-12-07 18:52 - 2020-12-09 22:22 - 000000000 ____D C:\Users\DELL-07\Desktop\Secure 2020-12-07 18:43 - 2020-12-07 18:43 - 000003208 _____ C:\Windows\system32\Tasks\{C8A3C36B-E4E3-42A6-AE0C-B9423F0539CD} 2020-12-07 18:30 - 2020-12-07 20:17 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-12-07 18:11 - 2020-12-09 19:20 - 356990773 _____ C:\Windows\MEMORY.DMP 2020-12-07 18:11 - 2020-12-09 19:20 - 000000000 ____D C:\Windows\Minidump 2020-12-07 18:11 - 2020-12-07 18:11 - 000283256 _____ C:\Windows\Minidump\120720-33680-01.dmp 2020-12-07 18:09 - 2020-12-07 18:09 - 000000000 ____D C:\ProgramData\Emsisoft 2020-12-07 18:08 - 2020-12-08 17:49 - 000000000 ____D C:\EEK 2020-12-07 15:42 - 2020-12-07 15:42 - 000000000 ____D C:\Users\DELL-07\Documents\Freemake 2020-12-07 14:56 - 2020-12-07 20:10 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\wjllvez4m3p 2020-12-07 14:56 - 2020-12-07 14:56 - 000001110 _____ C:\Users\DELL-07\_readme.txt 2020-12-07 14:54 - 2020-12-07 14:56 - 000001100 _____ C:\Users\DELL-07\AppData\LocalLow\machineinfo.txt.nobu 2020-12-07 14:54 - 2020-12-07 14:52 - 002228224 _____ C:\Users\DELL-07\AppData\LocalLow\exuieaoEiI 2020-12-07 14:54 - 2020-03-03 10:45 - 000020480 _____ C:\Users\DELL-07\AppData\LocalLow\lifwZVt5ic 2020-12-07 14:53 - 2020-12-08 17:52 - 000000000 ____D C:\SystemID 2020-12-07 14:53 - 2020-12-07 20:22 - 000000000 ____D C:\Windows\SysWOW64\kbqtffm 2020-12-07 14:53 - 2020-12-07 20:08 - 000000000 ____D C:\Windows\system32\Tasks\System 2020-12-07 14:53 - 2020-12-07 20:08 - 000000000 ____D C:\Users\DELL-07\AppData\Local\78d92480-ef27-46a3-ab35-87a9d6c6c6fe 2020-12-07 14:53 - 2020-12-07 20:08 - 000000000 ____D C:\Users\DELL-07\AppData\Local\44efc42f-4e38-4a3c-a4f5-8eb3207d439b 2020-12-07 14:53 - 2020-12-07 19:41 - 000003606 _____ C:\Windows\system32\Tasks\Firefox Default Browser Agent BE9C2D0CFAE2B446 2020-12-07 14:53 - 2020-12-07 14:56 - 000000000 ____D C:\Users\DELL-07\Documents\VlcpVideoV1.0.1 2020-12-07 14:53 - 2020-12-07 14:54 - 000916735 _____ (SQLite Development Team) C:\Users\DELL-07\AppData\LocalLow\sqlite3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 005548264 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2020-12-07 14:53 - 2020-12-07 14:53 - 000634432 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe 2020-12-07 14:53 - 2020-12-07 14:53 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000003606 _____ C:\Windows\system32\Tasks\NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544} 2020-12-07 14:53 - 2020-12-07 14:53 - 000000561 _____ C:\Users\DELL-07\AppData\Local\bowsakkdestx.txt 2020-12-07 14:53 - 2020-12-07 14:53 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Doleon 2020-12-07 14:53 - 2020-12-07 14:53 - 000000000 ____D C:\ProgramData\sib 2020-12-07 14:53 - 2020-12-07 14:53 - 000000000 ____D C:\ProgramData\Riate 2020-12-07 14:53 - 2020-12-07 14:53 - 000000000 ____D C:\ProgramData\KLF36IMOB9 2020-12-07 14:52 - 2020-12-07 20:10 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\zdxxyp4dw35 2020-12-07 14:52 - 2020-12-07 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TdNativeMessage 2020-12-07 14:52 - 2020-12-07 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RearRips 2020-12-07 14:52 - 2020-12-07 14:52 - 000003606 _____ C:\Windows\system32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} 2020-12-07 14:52 - 2020-12-07 14:52 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\305f7ca580575406.60124791_888 2020-12-07 14:52 - 2006-12-07 07:39 - 001101824 _____ (NuMedia Soft, Inc.) C:\Windows\SysWOW64\NMSDVDXU.dll 2020-12-07 14:51 - 2020-12-07 20:00 - 000000000 ____D C:\Users\DELL-07\AppData\Local\CrashDumps 2020-12-07 14:51 - 2020-12-07 15:40 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Noderts 2020-12-07 14:51 - 2020-12-07 14:51 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Python 2020-12-07 14:51 - 2020-12-07 14:51 - 000000000 ____D C:\Users\DELL-07\AppData\Local\Pider 2020-12-07 14:50 - 2020-12-07 14:51 - 000000000 ____D C:\ProgramData\AllDup 2020-12-07 14:50 - 2020-12-07 14:50 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\AllDup 2020-12-07 14:49 - 2020-12-07 14:50 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Q-Dir 2020-12-07 14:41 - 2020-12-07 15:43 - 000000000 ____D C:\Users\DELL-07\AppData\Roaming\Dr Email Verifier 2020-12-07 14:39 - 2020-12-07 14:56 - 001203714 _____ C:\Users\DELL-07\Downloads\dr-email-verifier.zip.nobu 2020-12-04 12:37 - 2020-12-07 14:56 - 000970402 _____ C:\Users\DELL-07\Downloads\Fat Burning Secrets.pdf.nobu 2020-12-01 11:05 - 2020-12-01 11:05 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2020-11-30 18:50 - 2020-12-02 10:18 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-11-27 21:20 - 2020-12-07 14:56 - 000010893 _____ C:\Users\DELL-07\Desktop\To Promote.xlsx.nobu 2020-11-22 12:17 - 2020-12-07 14:56 - 000310237 _____ C:\Users\DELL-07\Downloads\Video Thumbnail.png.nobu 2020-11-21 22:12 - 2020-12-07 22:16 - 000000000 ____D C:\Users\DELL-07\Downloads\Reddit 2020-11-21 22:11 - 2020-12-08 14:50 - 000000000 ____D C:\Users\DELL-07\Downloads\Email List & Swipes 2020-11-16 19:48 - 2020-12-07 14:56 - 000000000 ___SD C:\Users\DELL-07\Documents\My Data Sources ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-12-09 19:28 - 2009-07-14 10:15 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-12-09 19:28 - 2009-07-14 10:15 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-12-09 19:22 - 2020-03-16 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2020-12-09 19:20 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-12-08 19:41 - 2020-06-04 19:26 - 000000000 ____D C:\Users\DELL-07\AppData\LocalLow\Mozilla 2020-12-08 19:40 - 2020-06-04 19:26 - 000000000 ____D C:\ProgramData\Mozilla 2020-12-08 17:58 - 2020-09-24 17:58 - 000000000 ____D C:\Users\DELL-07\Desktop\Notes 2020-12-08 17:04 - 2020-10-31 20:56 - 000000000 ____D C:\Users\DELL-07\Downloads\Docs 2020-12-08 14:51 - 2020-10-31 20:47 - 000000000 ____D C:\Users\DELL-07\Downloads\Keywords 2020-12-08 11:43 - 2020-01-07 17:39 - 000000000 ____D C:\Users\DELL-07 2020-12-08 11:20 - 2016-06-20 11:23 - 000724158 _____ C:\Windows\system32\perfh019.dat 2020-12-08 11:20 - 2016-06-20 11:23 - 000150428 _____ C:\Windows\system32\perfc019.dat 2020-12-08 11:20 - 2009-07-14 10:43 - 001647438 _____ C:\Windows\system32\PerfStringBackup.INI 2020-12-08 11:20 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf 2020-12-07 15:42 - 2020-08-22 21:34 - 000000000 ____D C:\Program Files (x86)\Freemake 2020-12-07 15:41 - 2020-06-08 16:57 - 000000000 ____D C:\Users\DELL-07\AppData\Local\Bluestacks 2020-12-07 14:57 - 2020-10-31 20:48 - 000000000 ____D C:\Users\DELL-07\Downloads\Softwares 2020-12-07 14:57 - 2020-10-31 20:41 - 000000000 ____D C:\Users\DELL-07\Downloads\Ads Creative 2020-12-07 14:57 - 2020-09-23 20:28 - 000000000 ____D C:\Users\DELL-07\Downloads\Harmonica_assets 2020-12-07 14:57 - 2020-09-22 18:07 - 000000000 ____D C:\Users\DELL-07\Downloads\Stamps 2020-12-07 14:56 - 2020-09-22 18:27 - 000000000 ____D C:\Users\DELL-07\.openshot_qt 2020-12-07 14:56 - 2020-07-19 21:30 - 000000499 ____H C:\Users\DELL-07\Desktop\~$July new.xlsx.nobu 2020-12-07 14:56 - 2020-07-18 22:16 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Unicorm July 2020.xlsx.nobu 2020-12-07 14:56 - 2020-07-17 00:01 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Daily Target.xlsx.nobu 2020-12-07 14:56 - 2020-07-15 21:10 - 000000499 ____H C:\Users\DELL-07\Desktop\~$203.xlsx.nobu 2020-12-07 14:56 - 2020-07-12 20:40 - 000000499 ____H C:\Users\DELL-07\Desktop\~$12 July Unicorn Capital.xlsx.nobu 2020-12-07 14:56 - 2020-07-11 19:53 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Blocked.xlsx.nobu 2020-12-07 14:56 - 2020-07-04 21:48 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Target July.xlsx.nobu 2020-12-07 14:56 - 2020-06-22 20:23 - 000000499 ____H C:\Users\DELL-07\Desktop\~$Treading Promise Company.xlsx.nobu 2020-12-07 14:56 - 2020-04-23 17:57 - 000000496 ____H C:\Users\DELL-07\Downloads\~$hilesh singh - Sr. php developer - 5 Yrs 6 Months.docx.nobu 2020-12-07 14:56 - 2020-04-23 17:03 - 000000496 ____H C:\Users\DELL-07\Downloads\~$hammadMeraj[4_0].docx.nobu 2020-12-07 14:56 - 2020-04-22 17:14 - 000000496 ____H C:\Users\DELL-07\Downloads\~$iyVratShukla[5_3].docx.nobu 2020-12-07 14:56 - 2020-04-22 11:17 - 000000496 ____H C:\Users\DELL-07\Desktop\~$twAssignment.docx.nobu 2020-12-07 14:56 - 2020-04-16 15:46 - 000000496 ____H C:\Users\DELL-07\Desktop\~$kash Kumar.docx.nobu 2020-12-07 14:56 - 2020-04-10 13:41 - 000000496 ____H C:\Users\DELL-07\Downloads\~$NDARPSUDAN[6_0] (2).docx.nobu 2020-12-07 14:56 - 2020-04-10 13:39 - 000000496 ____H C:\Users\DELL-07\Downloads\~$shawshekhar[5_4].doc.nobu 2020-12-07 14:56 - 2020-04-10 13:39 - 000000496 ____H C:\Users\DELL-07\Downloads\~$NDARPSUDAN[6_0] (1).docx.nobu 2020-12-07 14:56 - 2020-04-07 11:42 - 000000496 ____H C:\Users\DELL-07\Downloads\~$manshu - Manager sales & operations - 10 Yrs 0 Month (1).docx.nobu 2020-12-07 14:56 - 2020-04-03 12:47 - 000000496 ____H C:\Users\DELL-07\Desktop\~$chana_ManualTester.docx.nobu 2020-12-07 14:56 - 2020-03-24 13:01 - 000000496 ____H C:\Users\DELL-07\Downloads\~$P.Net_Amity Noida.docx.nobu 2020-12-07 14:56 - 2020-03-24 10:12 - 000000496 ____H C:\Users\DELL-07\Downloads\~$praTrikha[2_4] - Consultant Cpcareers.doc.nobu 2020-12-07 14:56 - 2020-03-21 14:45 - 000000499 ____H C:\Users\DELL-07\Desktop\~$linkdin id.xlsx.nobu 2020-12-07 14:56 - 2020-03-13 09:57 - 000000496 ____H C:\Users\DELL-07\Downloads\~$hilMehta[5_5].docx.nobu 2020-12-07 14:56 - 2020-03-13 09:57 - 000000496 ____H C:\Users\DELL-07\Downloads\~$hilMehta[5_5] (1).docx.nobu 2020-12-07 14:56 - 2020-03-04 10:18 - 000000496 ____H C:\Users\DELL-07\Desktop\~$nux Administration Linux 2.docx.nobu 2020-12-07 14:56 - 2020-03-02 13:11 - 000000496 ____H C:\Users\DELL-07\Downloads\~$molSNag[7_0] (1) - Anusmita Cp.docx.nobu 2020-12-07 14:56 - 2020-03-02 10:02 - 000000496 ____H C:\Users\DELL-07\Downloads\~$ Sheet for SA - Java Dev.docx.nobu 2020-12-07 14:56 - 2020-01-07 17:39 - 000000000 ____D C:\Users\DELL-07\AppData\Local\VirtualStore 2020-12-05 11:42 - 2020-01-07 18:17 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-12-05 11:42 - 2020-01-07 18:17 - 000003204 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2020-12-03 16:54 - 2020-01-07 18:18 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-12-03 16:54 - 2020-01-07 18:18 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-12-03 16:54 - 2020-01-07 18:18 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-12-02 10:18 - 2020-06-04 19:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-11-18 21:14 - 2020-01-07 17:58 - 000000000 ____D C:\Users\DELL-07\AppData\Local\Microsoft Help 2020-11-13 12:18 - 2009-07-14 10:38 - 000032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======== 2020-12-07 14:53 - 2020-12-07 14:53 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll 2020-12-07 14:53 - 2020-12-07 14:53 - 000000561 _____ () C:\Users\DELL-07\AppData\Local\bowsakkdestx.txt 2020-09-23 19:04 - 2020-09-23 19:04 - 000000218 _____ () C:\Users\DELL-07\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-12-03 15:05 ==================== End of FRST.txt ======================== Have attached the addition file as requested, also the nobu files from registry are still present...should I delete them manually in safe mode?? Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 9, 2020 ID:1426259 Share Posted December 9, 2020 Hiya Phantom, Thanks for those logs... I see many threads with malware, infection and ransomware. On many occasions I also see autoKMS.exe as the prime conduit for spreading misery to anyone looking for a free Windows OS. We are all aware what that software is used for, it is also very easy to see why Malware writers take advantage of such software. Continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Thanks, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
Solution Phantom Posted December 10, 2020 Author Solution ID:1426365 Share Posted December 10, 2020 Heyy Kevin, So I did both the above action...after running FRST the PC rebooted and I got the following message from the action center: Turn on Windows Security Service (on clicking it I got the error that the service can't be started) Windows Defender need to scan the computer (on clicking it opened but when I pressed start now it gave me the following error - the specified service does not exist as an installed service) Let me know what to do, attached are the logs as requested. Cheers. msert.log Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 10, 2020 ID:1426382 Share Posted December 10, 2020 Hello Phantom, Your operating system is Windows 7, Microsoft stopped suporting that OS 14th January 2020. Windows Defender had no anti-virus components for that version of Windows, an alternative was to install Microsoft Security Essentials to give adequate AV protection. Unfortunately MSE support also ended 14th Jan 2020. So infact your system does not have any protection, you need to get an AV appliction with active realtime protection or your system will be exploited again very easily. Have a look at the following link for advice: https://www.avg.com/en/signal/best-free-antivirus-software Thank you, Kevin.. Link to post Share on other sites More sharing options...
Phantom Posted December 10, 2020 Author ID:1426391 Share Posted December 10, 2020 Hi Kevin, thanks for the info didn't knew that. Just wanted to know that why the PC is showing me this alert now? Also after downloading AVG should I get rid of every other anti-virus which I have installed, would AVG be sufficient? And hope those last logs were clear. Secondly I am still able to see .nobu folders in my registry...shall I delete them? And chrome is still trying to open up suspicious website whenever I search something...what to do? Lastly which software do you recommend to recover encrypted files, I tried Shadow Recovery, Recuva & Photorec but no luck. Cheers. Link to post Share on other sites More sharing options...
kevinf80 Posted December 10, 2020 ID:1426490 Share Posted December 10, 2020 Hiya Phantom, Yes of course you can remove the registry entries you`ve quoted. Regarding recovery of the encrypted files, at present there is no definite fix available for .nobu ransomware. Have a read here: https://www.bleepingcomputer.com/forums/t/737637/nobu-ransomware-virus/ What you have is a newer version of Stop DJVU. The original version and some subsequent versions may find help with Emsisoft Decryptor for Stop DJVU you could try and see if it works for you.. https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu Regarding the Chrome block, try to reset Chrome with the instructions from the following link, see if that clears the blocks against Chrome.. https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/ Regarding AV protection, I use Malwarebytes and Windows Defender on my Windows 10 systems. If you want my advice you should upgrade to Windows 10 from Windows 7.. https://www.howtogeek.com/509087/how-to-upgrade-from-windows-7-to-windows-10-for-free/ Thanks, Kevin.. Link to post Share on other sites More sharing options...
Phantom Posted December 11, 2020 Author ID:1426645 Share Posted December 11, 2020 Hi Kevin, Just wanted to say thanks a lot for helping me out...as soon I deleted the files from the registry the chrome issue also got solved. So I guess my PC is clean now. I owe you one & I will definitely shall square up one day. May you have a fantastic holiday season ahead Cheers, Phantom Link to post Share on other sites More sharing options...
kevinf80 Posted December 11, 2020 ID:1426650 Share Posted December 11, 2020 Hiya Phantom, Thanks for the information update, good to hear your system is ok for you.. Hope you also have a great holiday season. Continue to clean up: Uninstall the following program (unless you prefer to keep it):Sophos AVhttp://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Also delete this folder if still present: C:\ProgramData\Sophos Next, Right click on FRST here: C:\Users\DELL-07\Desktop\Secure\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted December 13, 2020 ID:1427003 Share Posted December 13, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts