Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

9 infections after clean windows 10 install, need help!


  • Please log in to reply
7 replies to this topic

#1 BOV72

BOV72

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:09:59 AM

Posted 29 September 2016 - 11:52 PM

Hello everyone-

This is my first post to the forum, hope this is in the right place. I have spent a good amount of time trying to clean my brothers laptop. I have reinstalled win 7 4 times, every time I reinstall, the viruses come right back. This last time, I formatted the drive, reinstalled win7, and upgraded to win10. Once I installed the nvidia drivers, there were 9 infections. They were as follows: Gen. Variant. Strictor ( multiples), Gen. Variant. Graftor (multiples) and Gen. Varient. Symmi (multiples). I ran Bitdefender rescue but it could not delete them. I used grant perms to unlock the files and manually deleted. So, I need to know if it's finally clean. Apologies for posting a novel.

Thanks Big Orange

BC AdBot (Login to Remove)

 


#2 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:02:59 PM

Posted 30 September 2016 - 01:28 AM

Hello! My name is The Codesee, nice to meet you   :)
 
Please follow the steps below:
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox
  • Select the items below and press go
  • Post the log in your next reply
    • List Installed Programs
    • List Restore Points
    • List last 10 Event Viewer log
    • Flush DNS

:step2: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open called checkup.txt.
  • Post the log in your next reply

:step3: Please download TFC (Temp File Cleaner) to your desktop

  • Close all open applications
  • Double click TFC
  • Click the start button and the program will run
  • When done, press OK to restart your computer

Logs I expect in your next reply:

  • MiniToolBox Log
  • Security Check Log


#3 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:09:59 AM

Posted 30 September 2016 - 02:09 AM

Thank you for the help- I have been working on this for weeks using these tools, to no avail. Here are the logs you requested:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by TennVols72 (administrator) on 30-09-2016 at 03:05:33
Running from "C:\Users\TennVols72\Desktop\Security"
Microsoft Windows 10 Home  (X64)
Model: N80Vm Manufacturer: ASUSTeK Computer Inc.
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® WiFi Link 5100 Driver = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : TennVols72-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-22-15-EE-95-12
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-16-EA-7F-2B-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::29fd:d88d:eddb:6c74%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, September 30, 2016 2:59:22 AM
   Lease Expires . . . . . . . . . . : Friday, October 07, 2016 3:02:27 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 218109674
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-7F-67-77-00-22-15-EE-95-12
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  HG6Box
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4002:c0c::8b
 74.125.138.113
 74.125.138.100
 74.125.138.139
 74.125.138.138
 74.125.138.101
 74.125.138.102
 
 
Pinging google.com [74.125.138.102] with 32 bytes of data:
Reply from 74.125.138.102: bytes=32 time=23ms TTL=43
Reply from 74.125.138.102: bytes=32 time=23ms TTL=43
 
Ping statistics for 74.125.138.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms
Server:  HG6Box
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=69ms TTL=44
Reply from 98.139.183.24: bytes=32 time=86ms TTL=44
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 69ms, Maximum = 86ms, Average = 77ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...00 22 15 ee 95 12 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
 10...00 16 ea 7f 2b 62 ......Intel® WiFi Link 5100 AGN
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.5     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link       192.168.1.5    311
      192.168.1.5  255.255.255.255         On-link       192.168.1.5    311
    192.168.1.255  255.255.255.255         On-link       192.168.1.5    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.1.5    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.1.5    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 10    311 fe80::/64                On-link
 10    311 fe80::29fd:d88d:eddb:6c74/128
                                    On-link
  1    331 ff00::/8                 On-link
 10    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/30/2016 02:52:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: TennVols72-PC)
Description: Activation of app Microsoft.Getstarted_3.11.3.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2016 01:01:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: TennVols72-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2016 01:00:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: TennVols72-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2016 12:17:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: TennVols72-PC)
Description: Activation of app Microsoft.Getstarted_3.11.3.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2016 12:15:45 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (09/30/2016 12:15:45 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to install counter strings because the SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key could not be opened or accessed. The first DWORD in the Data section contains the Win32 error code.
 
Error: (09/29/2016 10:40:20 PM) (Source: Microsoft-Windows-AppModel-State) (User: TennVols72-PC)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe1018
 
Error: (09/29/2016 10:06:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (09/29/2016 10:05:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: TennVols72-PC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/29/2016 10:05:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.14393.0, time stamp: 0x5789990a
Faulting module name: eModel.dll, version: 11.0.14393.0, time stamp: 0x578999d9
Exception code: 0xc0000409
Fault offset: 0x00000000000d5530
Faulting process id: 0x172c
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5
 
 
System errors:
=============
Error: (09/30/2016 03:05:40 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/30/2016 03:05:40 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/30/2016 03:05:39 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/30/2016 03:05:39 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/30/2016 03:05:39 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/30/2016 03:05:34 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/30/2016 03:05:34 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/30/2016 03:05:34 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/30/2016 03:05:34 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/30/2016 03:05:34 AM) (Source: DCOM) (User: TennVols72-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office Sessions:
=========================
Error: (09/30/2016 02:52:21 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: TennVols72-PC)
Description: Microsoft.Getstarted_3.11.3.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca-2144927149
 
Error: (09/30/2016 01:01:08 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: TennVols72-PC)
Description: Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca-2144927149
 
Error: (09/30/2016 01:00:32 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: TennVols72-PC)
Description: Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca-2144927149
 
Error: (09/30/2016 12:17:30 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: TennVols72-PC)
Description: Microsoft.Getstarted_3.11.3.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca-2144927149
 
Error: (09/30/2016 12:15:45 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8130000008D0F0000
 
Error: (09/30/2016 12:15:45 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance813000000CD0B0000
 
Error: (09/29/2016 10:40:20 PM) (Source: Microsoft-Windows-AppModel-State)(User: TennVols72-PC)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe1018
 
Error: (09/29/2016 10:06:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (09/29/2016 10:05:52 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: TennVols72-PC)
Description: Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge-2147023170
 
Error: (09/29/2016 10:05:50 PM) (Source: Application Error)(User: )
Description: MicrosoftEdge.exe11.0.14393.05789990aeModel.dll11.0.14393.0578999d9c000040900000000000d5530172c01d21abf1f19997aC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exeC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll3a3ad6e3-2c46-4e6c-804f-e92be404d4dcMicrosoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-09-30 01:57:21.843
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-30 00:11:07.508
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 22:26:37.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 15.5.0 - iolo technologies, LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17361 - Microsoft Corporation)
 
========================= Devices: ================================
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_19C71043&REV_12\4&1A56424&0&1AF0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Device ID: ROOT\SYSTEM\0001
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 36%
Total physical RAM: 4095.11 MB
Available physical RAM: 2585.5 MB
Total Virtual: 8191.11 MB
Available Virtual: 6913.27 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TennVols-1) (Fixed) (Total:148.6 GB) (Free:114.11 GB) NTFS
2 Drive d: (Bitdefender) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\TENNVOLS72-PC
 
Administrator            DefaultAccount           Guest                    
TennVols72               
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
30-09-2016 02:06:27 Clean Windows 10 Installation
 
**** End of log ****
 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (53.0.2785.143) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MSASCui.exe 
 Windows Defender MSASCui.exe   
 Windows Defender msascuil.exe   
 Windows Defender MpCmdRun.exe   
 iolo Common Lib ioloServiceManager.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
BTW it had Bitdefender 2017 which was infected, i just removed it. and im in safe mode.
 


#4 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:02:59 PM

Posted 30 September 2016 - 09:22 AM

BTW it had Bitdefender 2017 which was infected, i just removed it. and im in safe mode.

 

How did you know Bitdefender 2017 was infected? Why are you in safe mode?



#5 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:09:59 AM

Posted 30 September 2016 - 02:41 PM

Ok- here is what I know, I just ran Bitdefender rescue disk and was infected with 2 more instances of gen.variant.graftor. Not sure if the numbers at the end are are relevant but they are .1229 and .188351 respectively. The reason I believe bd keeps getting infected is that every time it is installed, the infection seems to alter the bit wallet function. I have also found numerous altered registry files as well as I eventually get locked down (grayed out). Same for malwarebytes rogue k, just about your entire arsenal. I recently ran aswmbr, signatures downloaded but fixmbr errored every time. This leads me to believe I have an infected bios, which would be above my pay grade. I'm an architect not a programmer. I made some alterations this morning that I can reverse, hope it doesn't throw you a curve.

Found this, thought it may be my problem, any thoughts are greatly appreciated.

I have been battling with this since Dec 3 2012, These guys use win server 2 & UNIX to take total control of your PC. NO anti virus picks it up, Nothing seems to eradicate the hold they have, Last Night July 13, 2013, was the first time I had a normal BOOT since Dec. 2012.
They use the registry & built in windows tools to do whatever they want so the machine "looks" clean to anti-virus software.
They have already managed to repeatedly turn off windows defender, disable downloads, redirect IE8, and since they do their "big" projects at re-boot, I'm afraid to turn off my machine, oh, yes, they also bypass and defeat TPM.
When you try to find a cure from a search engine, all you get are tons of instructions on HOW to subvert windows! Nothing on stopping it!
I can't seem to get help anywhere, I have tried, reflashing the BIOS, wiping the CMOS, Clearing the DRAMM, Disconnecting the internet, and installing a new HDD. Reinstalling my original factory setup disk (Vista SP1) Problem still there! Waas running 7 pro, and purchased Win8 pro, no help! Destroyed one New HDD already and is damaging the new replacement, (Advanced Format) Western Digital WDC7500BVT, apparently, it runs 4096 kb clusters but reports 512 to the OS, So, it needs to boot from hex 80, these guy's boot from 63, which eventually destroys the drive.
Can some one PLEASE! help? *** Email address is removed for privacy ***, *** Email address is removed for privacy ***, *** Email address is removed for privacy ***, <deleted> (ask for Ray, I include this as quite a bit of time I cannot go online!
PLEASE, PLEASE, PLEASE!!!!!!!
Could someone at Microsoft tell me what to do? Why isn't there a simple switch that turns from "Private - PC to Terminal client" to prevent this? How do I get ALL of this out? they have written "hidden partitions" to my hard drive equalling about 50 Gb's

#6 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:02:59 PM

Posted 30 September 2016 - 03:10 PM

Following the information you have provided, I believe you need advanced tools to remove the infection.

Please create a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs subforum and wait for a malware professional to assist you using advanced tools.

 

The Codesee :)


Edited by The_Codesee, 30 September 2016 - 03:10 PM.


#7 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:09:59 AM

Posted 30 September 2016 - 03:36 PM

Latest infections were "Windows.ui.creddialogcontroller.dll
The former infections:

Graftor.7541- Pla.dll
Graftor.12239- Windows.ui.creddialogcontroller.dll
Strictor.58214- Bhudtask.exe
Symmi.58329- Gamepanelexternalhook.dll

#8 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:09:59 AM

Posted 30 September 2016 - 03:37 PM

Thank you for your help,,,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users