Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitcoin miner,system files missing(no sig)cant run device manager,


  • This topic is locked This topic is locked
2 replies to this topic

#1 juggalotus42000

juggalotus42000

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 13 November 2017 - 04:56 PM

my main thing is i need to know how to repair these files using either windows update or a win10 usb thumb drive.I Thought i almost had the command coi2i2ect but it cancelled, thank god i went into cmd an typed enabled the built in admin acc,but i cant install anything with it unless i i2un it in cmd? I know i had oi2 have a bitcoin minei2 i have some results that i got Rkill i read  the rules an it didnt say i coulndt post i2kill i2esults. 

rogram started at: 11/13/2017 03:38:08 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System32\WUDFHost.exe (PID: 1428) [WD-HEUR]
 * C:\Windows\System32\WUDFHost.exe (PID: 1672) [WD-HEUR]
 * C:\Windows\System32\WUDFHost.exe (PID: 2532) [WD-HEUR]
 * C:\Windows\System32\WUDFHost.exe (PID: 2860) [WD-HEUR]
 * C:\Windows\System32\SearchIndexer.exe (PID: 4216) [WD-HEUR]
 * C:\Windows\System32\smartscreen.exe (PID: 3364) [WD-HEUR]
 * C:\Windows\System32\rundll32.exe (PID: 5464) [WD-HEUR]
 
7 proccesses terminated!
 
Possibly Patched Files.
 
 * C:\Windows\System32\winlogon.exe
 * C:\Windows\System32\dwm.exe
 * C:\Windows\System32\spoolsv.exe
 * C:\Windows\System32\conhost.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS\System32\browser.dll : 133,120 : 03/18/2017 02:56 PM : 9c7f445b018ab4744b6e0c657b5d1833 [NoSig]
 
 * C:\WINDOWS\System32\comres.dll : 1,295,360 : 03/18/2017 02:57 PM : 368156910fbf157becbe682fb1ef0cf3 [NoSig]
 +-> C:\WINDOWS\SysWOW64\comres.dll : 1,295,360 : 03/18/2017 02:58 PM : fb84ec5688a3659e616ec69b4c0bba85 [Pos Repl]
 
 * C:\WINDOWS\System32\conhost.exe : 47,616 : 03/18/2017 02:57 PM : 9d6e324f3f64ebb93a6d3592dcd478ff [NoSig]
 
 * C:\WINDOWS\System32\cryptsvc.dll : 94,720 : 03/18/2017 02:58 PM : 1f7f1a15b807bc7b241bb2feea79bc92 [NoSig]
 
 * C:\WINDOWS\System32\ctfmon.exe : 11,264 : 03/18/2017 02:58 PM : 8818ee0dc3d3f21dbd975b489b8b78cb [NoSig]
 +-> C:\WINDOWS\SysWOW64\ctfmon.exe : 10,240 : 03/18/2017 02:58 PM : e551f4e20262db7abf1684109d313cc7 [Pos Repl]
 
 * C:\WINDOWS\System32\d3d8thk.dll : 14,336 : 03/18/2017 02:58 PM : 909ae507486df16bd5680f1f08a089a9 [NoSig]
 +-> C:\WINDOWS\SysWOW64\d3d8thk.dll : 12,800 : 03/18/2017 02:59 PM : 9a4253466cd1cd62c7890de0bf66d8bf [Pos Repl]
 
 * C:\WINDOWS\System32\ddraw.dll : 573,952 : 03/18/2017 02:58 PM : d67915e6326bc2d3966605197503b9ec [NoSig]
 +-> C:\WINDOWS\SysWOW64\ddraw.dll : 545,792 : 03/18/2017 02:58 PM : bf3497ec763eda12543d88fec2a666ac [Pos Repl]
 
 * C:\WINDOWS\System32\dsound.dll : 550,912 : 03/18/2017 02:57 PM : ca998767551ddc2dd7875b924f03ba2c [NoSig]
 +-> C:\WINDOWS\SysWOW64\dsound.dll : 488,960 : 03/18/2017 02:58 PM : 33ed7f186984f998fbde95b90712f598 [Pos Repl]
 
 * C:\WINDOWS\System32\dwm.exe : 57,344 : 03/18/2017 02:58 PM : 7c58d437f828b75330490e39ce5e109b [NoSig]
 
 * C:\WINDOWS\System32\es.dll : 452,096 : 03/18/2017 02:57 PM : 1541374239f33512d7f4d24ed1e9238c [NoSig]
 +-> C:\WINDOWS\SysWOW64\es.dll : 331,776 : 03/18/2017 02:58 PM : ef21f3b62e17bdde3b76f9ee5a540d48 [Pos Repl]
 
 * C:\WINDOWS\System32\hid.dll : 35,840 : 03/18/2017 02:57 PM : fd19be5b513994dcec6088ba0a80e0b7 [NoSig]
 +-> C:\WINDOWS\SysWOW64\hid.dll : 25,600 : 03/18/2017 02:58 PM : 7361f835796d37a806f157a3bc06b831 [Pos Repl]
 
 * C:\WINDOWS\System32\hnetcfg.dll : 389,120 : 03/18/2017 02:57 PM : 3ac0dc04ab1aae0f49a25e149f38466e [NoSig]
 +-> C:\WINDOWS\SysWOW64\hnetcfg.dll : 329,216 : 03/18/2017 02:58 PM : 2e4b5211e0b98a0692f51a310b01ed93 [Pos Repl]
 
 * C:\WINDOWS\System32\ias.dll : 31,232 : 03/18/2017 02:57 PM : fbe052c0ddc7c0e421b32686261471ae [NoSig]
 +-> C:\WINDOWS\SysWOW64\ias.dll : 23,040 : 03/18/2017 02:58 PM : b85afe1edf27ee7733abaf171905d235 [Pos Repl]
 
 * C:\WINDOWS\System32\ipsecsvc.dll : 458,240 : 03/18/2017 02:57 PM : 118e91aee8f6ddad088f955498cf2487 [NoSig]
 
 * C:\WINDOWS\System32\linkinfo.dll : 41,984 : 03/18/2017 02:58 PM : 820bd06f64c8c7c9ba0971923dd2c176 [NoSig]
 +-> C:\WINDOWS\SysWOW64\linkinfo.dll : 32,768 : 03/18/2017 02:58 PM : 5345be0ed263ffcbc4ea7029fcd7d825 [Pos Repl]
 
 * C:\WINDOWS\System32\lpk.dll : 3,072 : 03/18/2017 02:57 PM : fe3d9bdf00f6fb4d25fd185f712cf1a4 [NoSig]
 +-> C:\WINDOWS\SysWOW64\lpk.dll : 2,560 : 03/18/2017 02:58 PM : c28efd42596e48ab1083a784e84f4090 [Pos Repl]
 
 * C:\WINDOWS\System32\midimap.dll : 25,088 : 03/18/2017 02:57 PM : 1461d59795a0bf1ae2d0325d7242782f [NoSig]
 +-> C:\WINDOWS\SysWOW64\midimap.dll : 18,944 : 03/18/2017 02:58 PM : d42dfe1635a41a38dc760200077d24a4 [Pos Repl]
 
 * C:\WINDOWS\System32\mshtml.dll : 23,686,144 : 11/07/2017 06:01 AM : 36a52b8ef1a5b82af9633015242bb886 [NoSig]
 +-> C:\WINDOWS\SysWOW64\mshtml.dll : 19,337,216 : 11/07/2017 06:01 AM : 0a5c9ba374e66576d922c4684396eeab [Pos Repl]
 
 * C:\WINDOWS\System32\msimg32.dll : 8,704 : 03/18/2017 02:57 PM : 582a75d2476dd6e1b6dbc61a46cd3d30 [NoSig]
 +-> C:\WINDOWS\SysWOW64\msimg32.dll : 7,168 : 03/18/2017 02:58 PM : 0aa6a90017a9150f12029148a794a823 [Pos Repl]
 
 * C:\WINDOWS\System32\msprivs.dll : 2,560 : 03/18/2017 02:58 PM : d40defd581aa5938d164af2b889eaaef [NoSig]
 
 * C:\WINDOWS\System32\netlogon.dll : 772,096 : 11/07/2017 06:01 AM : 425022b86d347773b63177077ed6e927 [NoSig]
 +-> C:\WINDOWS\SysWOW64\netlogon.dll : 657,408 : 11/07/2017 06:01 AM : da0d142abf9380da7dab9e33585d4614 [Pos Repl]
 
 * C:\WINDOWS\System32\netman.dll : 253,440 : 03/18/2017 02:57 PM : d9ff8ca42c3541f4840693f17143c595 [NoSig]
 
 * C:\WINDOWS\System32\perfctrs.dll : 46,080 : 03/18/2017 02:58 PM : ff38d14b6b95cccab0247fff4941cd3c [NoSig]
 +-> C:\WINDOWS\SysWOW64\perfctrs.dll : 40,960 : 03/18/2017 02:58 PM : 0d562d6909336b7d9655fefa74b2996d [Pos Repl]
 
 * C:\WINDOWS\System32\qmgr.dll : 1,159,680 : 03/18/2017 02:58 PM : 5c0d4dbacb90d9ece77907f4f6cf9ef6 [NoSig]
 
 * C:\WINDOWS\System32\rasadhlp.dll : 16,896 : 03/18/2017 02:57 PM : e56abbda98e3bdd284b34049fd9e76e6 [NoSig]
 +-> C:\WINDOWS\SysWOW64\rasadhlp.dll : 12,800 : 03/18/2017 02:58 PM : 4f9ff13a61d3edd8fcdb74427e6a8092 [Pos Repl]
 
 * C:\WINDOWS\System32\regsvc.dll : 154,624 : 11/07/2017 06:01 AM : e9be20c3eb1aa268f64211ac9b4278b4 [NoSig]
 
 * C:\WINDOWS\System32\rpcss.dll : 1,085,440 : 11/07/2017 06:01 AM : aa7f1c36f5bc779964cfa4f98d224d9f [NoSig]
 
 * C:\WINDOWS\System32\scecli.dll : 270,848 : 03/18/2017 02:57 PM : e59c89147384360998519724dc7295c7 [NoSig]
 +-> C:\WINDOWS\SysWOW64\scecli.dll : 208,896 : 03/18/2017 02:58 PM : f6b83b8043228a4264965aaf1df6a8e3 [Pos Repl]
 
 * C:\WINDOWS\System32\schannel.dll : 488,960 : 03/18/2017 02:58 PM : 49c4c3d0e85c70e790e31e5e30985462 [NoSig]
 +-> C:\WINDOWS\SysWOW64\schannel.dll : 397,312 : 03/18/2017 02:58 PM : aea03d4a3cebb801e788e31c9f3b7b7f [Pos Repl]
 
 * C:\WINDOWS\System32\schedsvc.dll : 877,568 : 03/18/2017 02:58 PM : 5bbfa6ca63e8a5bb8fa2fa84a5562ce2 [NoSig]
 
 * C:\WINDOWS\System32\sfc.dll : 3,072 : 03/18/2017 02:57 PM : da30f45b77b309f9b984dae45aa11ccc [NoSig]
 +-> C:\WINDOWS\SysWOW64\sfc.dll : 2,560 : 03/18/2017 02:58 PM : afbb0a7b8c6308fc3f1cc63d891eac51 [Pos Repl]
 
 * C:\WINDOWS\System32\shsvcs.dll : 612,864 : 11/07/2017 06:01 AM : 490f6144273a85a3cff3d416850e0611 [NoSig]
 +-> C:\WINDOWS\SysWOW64\shsvcs.dll : 564,224 : 11/07/2017 06:01 AM : 9e4b3216469999b7bf3d486808a6540c [Pos Repl]
 
 * C:\WINDOWS\System32\spoolsv.exe : 757,760 : 11/07/2017 06:01 AM : 250b6272326fc54414231ac71176e6fa [NoSig]
 
 * C:\WINDOWS\System32\ssdpsrv.dll : 239,616 : 03/18/2017 02:58 PM : e95a6c339ae68515897b2e4c6b0842ca [NoSig]
 
 * C:\WINDOWS\System32\tapisrv.dll : 306,688 : 03/18/2017 02:58 PM : c1c6a802c2a9a57029d4347e251f4d18 [NoSig]
 +-> C:\WINDOWS\SysWOW64\tapisrv.dll : 252,416 : 03/18/2017 02:58 PM : 288bac85e239a9af0846689916528361 [Pos Repl]
 
 * C:\WINDOWS\System32\termsrv.dll : 992,256 : 03/18/2017 02:58 PM : 0b5c6d1683cde89b3488326c60ea6ef2 [NoSig]
 
 * C:\WINDOWS\System32\upnphost.dll : 432,128 : 03/18/2017 02:58 PM : bbb6bdbe5adce6f87f70623d5a1ec5bc [NoSig]
 +-> C:\WINDOWS\SysWOW64\upnphost.dll : 325,120 : 03/18/2017 02:58 PM : 56e7bed718f1110d3c4d25051c048fd3 [Pos Repl]
 
 * C:\WINDOWS\System32\userinit.exe : 32,256 : 03/18/2017 02:58 PM : 46b72e05d0b9f489ca60dbd7361039b0 [NoSig]
 +-> C:\WINDOWS\SysWOW64\userinit.exe : 27,136 : 03/18/2017 02:58 PM : 61e7f56a1c00894fcb212f25bb52ee68 [Pos Repl]
 
 * C:\WINDOWS\System32\usp10.dll : 79,360 : 03/18/2017 02:57 PM : 8ec7efe2680c50d5a006c920431ee10c [NoSig]
 +-> C:\WINDOWS\SysWOW64\usp10.dll : 77,824 : 03/18/2017 02:58 PM : 3421ff641f7a025534e1446582a9f3fa [Pos Repl]
 
 * C:\WINDOWS\System32\UxTheme.dll : 587,264 : 03/18/2017 02:58 PM : 327bc46b509cce4390252cc09801672a [NoSig]
 +-> C:\WINDOWS\SysWOW64\uxtheme.dll : 474,112 : 03/18/2017 02:58 PM : 387ff21062a4f2b41d3958de67a9d6e1 [Pos Repl]
 
 * C:\WINDOWS\System32\w32time.dll : 524,288 : 03/18/2017 02:57 PM : e75460ac4e936bfc0703021db0bb17b8 [NoSig]
 
 * C:\WINDOWS\System32\wbem\wmiprvse.exe : 489,984 : 03/18/2017 02:58 PM : c3b76154e72cfe98742b899d53ee5ab2 [NoSig]
 +-> C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe : 421,376 : 03/18/2017 02:58 PM : 5b09099b46e6c57bdfcbf385b9898521 [Pos Repl]
 
 * C:\WINDOWS\System32\wdigest.dll : 215,040 : 03/18/2017 02:58 PM : efaae7bdd8561c5548de174b94eb2f5b [NoSig]
 +-> C:\WINDOWS\SysWOW64\wdigest.dll : 186,880 : 03/18/2017 02:58 PM : a755ec5fc0c44772db1577f00e398264 [Pos Repl]
 
 * C:\WINDOWS\System32\wiaservc.dll : 634,368 : 03/18/2017 02:58 PM : f83f43cd328e6ceeaac27612f3eb1ff5 [NoSig]
 
 * C:\WINDOWS\System32\wininet.dll : 3,307,008 : 11/07/2017 06:01 AM : 57da6fa5b8e23f33ea6d19f37cd73dd8 [NoSig]
 +-> C:\WINDOWS\SysWOW64\wininet.dll : 2,859,520 : 11/07/2017 06:02 AM : 15d7c50aec1ffada6080334b951974ee [Pos Repl]
 
 * C:\WINDOWS\System32\winlogon.exe : 706,560 : 11/07/2017 06:01 AM : 9cda170849a4f66f4d68b3dbb3ac8394 [NoSig]
 
 * C:\WINDOWS\System32\ws2help.dll : 4,608 : 03/18/2017 02:57 PM : e5fc72abba3ebca933f78c0da366a111 [NoSig]
 +-> C:\WINDOWS\SysWOW64\ws2help.dll : 4,096 : 03/18/2017 02:58 PM : 72e03656330480167832df9196b1a358 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\asyncmac.sys : 28,672 : 03/18/2017 02:57 PM : 766f3a7e42afcf74265fac78987d1665 [NoSig]
 
 * C:\WINDOWS\System32\drivers\beep.sys : 10,240 : 03/18/2017 02:57 PM : ed03d2ace378c9eb8bb957abbd85b951 [NoSig]
 
 * C:\WINDOWS\System32\drivers\bridge.sys : 115,712 : 11/07/2017 06:01 AM : 44a8a52763381e5dcae122330191493c [NoSig]
 
 * C:\WINDOWS\System32\drivers\bthport.sys : 982,016 : 11/07/2017 06:01 AM : 27b7348b88de2f93c4fb4d53ec469ab0 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\bth.inf_amd64_3de30a3985098e2f\bthport.sys : 982,016 : 11/07/2017 06:01 AM : 27b7348b88de2f93c4fb4d53ec469ab0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cdfs.sys : 93,184 : 03/18/2017 02:57 PM : b6e5ad7c83a5254dee9d86023c0e5a81 [NoSig]
 
 * C:\WINDOWS\System32\drivers\cdrom.sys : 160,256 : 03/18/2017 02:56 PM : abe77ad954bc3d72f559cf0c381e50bc [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\cdrom.inf_amd64_8343533b38a2a0da\cdrom.sys : 160,256 : 03/18/2017 02:56 PM : abe77ad954bc3d72f559cf0c381e50bc [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\CmBatt.sys : 30,208 : 03/18/2017 02:56 PM : 232f3a3ac3a2fb32c5c46503a6517073 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\cmbatt.inf_amd64_de573f8d03a16ba1\CmBatt.sys : 30,208 : 03/18/2017 02:56 PM : 232f3a3ac3a2fb32c5c46503a6517073 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\drmk.sys : 97,280 : 03/18/2017 02:56 PM : 08b2bbb2d2fc84433af6438242e8fcb8 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_d971d3ff1aaf7bdb\drmk.sys : 97,280 : 03/18/2017 02:56 PM : 08b2bbb2d2fc84433af6438242e8fcb8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fdc.sys : 32,768 : 03/18/2017 02:56 PM : 853081957ba148f38fd8de4390cfcf4a [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\fdc.inf_amd64_2e08c158fa6dcbb9\fdc.sys : 32,768 : 03/18/2017 02:56 PM : 853081957ba148f38fd8de4390cfcf4a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\flpydisk.sys : 26,624 : 03/18/2017 02:56 PM : 90b2983d8495c26345a1dc5f0c3bb07b [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\flpydisk.inf_amd64_45c46b6b6624cebf\flpydisk.sys : 26,624 : 03/18/2017 02:56 PM : 90b2983d8495c26345a1dc5f0c3bb07b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidclass.sys : 180,736 : 03/18/2017 02:56 PM : ba2af6edbd2a5479c79fc7b17fc48f7a [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\input.inf_amd64_e15abe7d25aa2071\hidclass.sys : 180,736 : 03/18/2017 02:56 PM : ba2af6edbd2a5479c79fc7b17fc48f7a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidparse.sys : 40,960 : 03/18/2017 02:56 PM : 11753d24f7b7b22b787ece33c62aa6a8 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\input.inf_amd64_e15abe7d25aa2071\hidparse.sys : 40,960 : 03/18/2017 02:56 PM : 11753d24f7b7b22b787ece33c62aa6a8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidusb.sys : 40,960 : 03/18/2017 02:56 PM : c1a608120de0df52e51b8baf86af19f9 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\input.inf_amd64_e15abe7d25aa2071\hidusb.sys : 40,960 : 03/18/2017 02:56 PM : c1a608120de0df52e51b8baf86af19f9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\i8042prt.sys : 115,200 : 03/18/2017 02:56 PM : c6c8315e3262fae460529c6da2951682 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\keyboard.inf_amd64_82738beb7b514250\i8042prt.sys : 115,200 : 03/18/2017 02:56 PM : c6c8315e3262fae460529c6da2951682 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\intelppm.sys : 193,536 : 03/18/2017 02:56 PM : 64ec687a811dc4f69df3816f073352aa [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\cpu.inf_amd64_06bb16552d790e06\intelppm.sys : 193,536 : 03/18/2017 02:56 PM : 64ec687a811dc4f69df3816f073352aa [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipfltdrv.sys : 87,040 : 03/18/2017 02:57 PM : a0f9f2e87f0c751fe164d90eb44a9b63 [NoSig]
 
 * C:\WINDOWS\System32\drivers\ipnat.sys : 214,528 : 03/18/2017 02:58 PM : dcc05e5eaa580c97f13b434fafaced85 [NoSig]
 
 * C:\WINDOWS\System32\drivers\irenum.sys : 19,968 : 03/18/2017 02:57 PM : e7fd479e3298f3c8852a0d2f092bdb35 [NoSig]
 
 * C:\WINDOWS\System32\drivers\ks.sys : 390,144 : 03/18/2017 02:58 PM : 2a36f026a670178332b2f24417993c8f [NoSig]
 
 * C:\WINDOWS\System32\drivers\mcd.sys : 23,552 : 03/18/2017 02:57 PM : 257d88ab64e53dd46c6a5680fce862ca [NoSig]
 
 * C:\WINDOWS\System32\drivers\modem.sys : 42,496 : 03/18/2017 02:57 PM : 0cd29540c32c2e2e0e3d7e9832752af3 [NoSig]
 
 * C:\WINDOWS\System32\drivers\mouhid.sys : 33,280 : 03/18/2017 02:56 PM : 5c09868963b0c076ac3bc7759a46b7b1 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\msmouse.inf_amd64_b0ca8be2ac09ed24\mouhid.sys : 33,280 : 03/18/2017 02:56 PM : 5c09868963b0c076ac3bc7759a46b7b1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mrxdav.sys : 144,384 : 03/18/2017 02:57 PM : d14c297933c82b8cb0b5cbba4ddc830b [NoSig]
 
 * C:\WINDOWS\System32\drivers\msfs.sys : 31,744 : 03/18/2017 02:57 PM : 92c00bd9616f353ca59a755c33269757 [NoSig]
 
 * C:\WINDOWS\System32\drivers\MSKSSRV.sys : 32,768 : 07/10/2017 11:40 PM : c2939119a17e52d74191efc1e4cdee09 [NoSig]
 
 * C:\WINDOWS\System32\drivers\MSPCLOCK.sys : 10,752 : 03/18/2017 02:58 PM : b4860ab91dc4e73936f0ff504d6b4b07 [NoSig]
 
 * C:\WINDOWS\System32\drivers\MSPQM.sys : 10,752 : 03/18/2017 02:58 PM : 8edc45c3f7f64a51c98b59e24648f74b [NoSig]
 
 * C:\WINDOWS\System32\drivers\ndistapi.sys : 27,136 : 03/18/2017 02:58 PM : 73b4c72fb6170a08c64bda92de93ecf7 [NoSig]
 
 * C:\WINDOWS\System32\drivers\ndisuio.sys : 65,536 : 03/18/2017 02:58 PM : 6704f27eb15a5b30aa7fa5a4f4d1fd47 [NoSig]
 
 * C:\WINDOWS\System32\drivers\ndiswan.sys : 192,000 : 03/18/2017 02:58 PM : 94517bc9f29a1b73d377f1bf1c3dca34 [NoSig]
 
 * C:\WINDOWS\System32\drivers\ndproxy.sys : 62,464 : 03/18/2017 02:58 PM : ac6ac99075732f5c29db0004dd5b1ac6 [NoSig]
 
 * C:\WINDOWS\System32\drivers\netbt.sys : 305,152 : 11/07/2017 06:01 AM : bad3c424788bc071c3ec82cfcda954d2 [NoSig]
 
 * C:\WINDOWS\System32\drivers\npfs.sys : 69,120 : 03/18/2017 02:57 PM : 6d8f6a9c53cfb0c49e8251a442b7283f [NoSig]
 
 * C:\WINDOWS\System32\drivers\null.sys : 7,680 : 03/18/2017 02:57 PM : 4ffb2d5655d10700d5b8e205c4db86bd [NoSig]
 
 * C:\WINDOWS\System32\drivers\parport.sys : 97,792 : 03/18/2017 02:56 PM : 2cc6c325b271c7ca60f374f8f868cb45 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\msports.inf_amd64_05d977a8d9cb7c99\parport.sys : 97,792 : 03/18/2017 02:56 PM : 2cc6c325b271c7ca60f374f8f868cb45 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\portcls.sys : 373,248 : 03/18/2017 02:56 PM : 57dd010d1d05ac368b0c9159e10f3d93 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_d971d3ff1aaf7bdb\portcls.sys : 373,248 : 03/18/2017 02:56 PM : 57dd010d1d05ac368b0c9159e10f3d93 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\processr.sys : 172,032 : 03/18/2017 02:56 PM : d57cf871b3977731a91fe9611a54c7c1 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\cpu.inf_amd64_06bb16552d790e06\processr.sys : 172,032 : 03/18/2017 02:56 PM : d57cf871b3977731a91fe9611a54c7c1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rasacd.sys : 17,920 : 03/18/2017 02:57 PM : ea9eb06efc325cd2acf5df2f26a4894e [NoSig]
 
 * C:\WINDOWS\System32\drivers\rasl2tp.sys : 107,008 : 03/18/2017 02:58 PM : 5279ec98f6218d29eaddfeccc0d80e9a [NoSig]
 
 * C:\WINDOWS\System32\drivers\raspppoe.sys : 81,920 : 03/18/2017 02:57 PM : d7ff75ed7a48fd60a573c9e959cf4db5 [NoSig]
 
 * C:\WINDOWS\System32\drivers\raspptp.sys : 97,792 : 03/18/2017 02:58 PM : d292d7fadcee481cc64a9de8fe9c3347 [NoSig]
 
 * C:\WINDOWS\System32\drivers\rdpdr.sys : 183,296 : 03/18/2017 08:31 PM : 53a01d3fdb701ac5d9dde4140227e3d9 [NoSig]
 
 * C:\WINDOWS\System32\drivers\rmcast.sys : 150,016 : 03/18/2017 02:57 PM : 0f647242b10c25ca60c525bac6ab1321 [NoSig]
 
 * C:\WINDOWS\System32\drivers\rndismp.sys : 34,816 : 03/18/2017 02:57 PM : ac93ea1d3b288cff56437b90bdce34f6 [NoSig]
 
 * C:\WINDOWS\System32\drivers\rootmdm.sys : 13,312 : 07/10/2017 11:40 PM : 2bd6f409ffe5c39a1a77e2ea8d50e7d9 [NoSig]
 
 * C:\WINDOWS\System32\drivers\serenum.sys : 26,112 : 03/18/2017 02:56 PM : e5b450e4e0dc1591254bf9ccf6c57b40 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\msports.inf_amd64_05d977a8d9cb7c99\serenum.sys : 26,112 : 03/18/2017 02:56 PM : e5b450e4e0dc1591254bf9ccf6c57b40 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\serial.sys : 84,480 : 03/18/2017 02:56 PM : 628d8dd136f92316bfeb58fa005338b7 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\msports.inf_amd64_05d977a8d9cb7c99\serial.sys : 84,480 : 03/18/2017 02:56 PM : 628d8dd136f92316bfeb58fa005338b7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sfloppy.sys : 18,432 : 03/18/2017 02:56 PM : 15cfcc4692da8887b977ce5fc5181084 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\flpydisk.inf_amd64_45c46b6b6624cebf\sfloppy.sys : 18,432 : 03/18/2017 02:56 PM : 15cfcc4692da8887b977ce5fc5181084 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\smclib.sys : 21,504 : 03/18/2017 02:57 PM : 29626cb229a3368245dd4475a74a969a [NoSig]
 
 * C:\WINDOWS\System32\drivers\srv.sys : 414,208 : 11/07/2017 06:02 AM : 897a3a77543369bc4d97eb71a40e6111 [NoSig]
 
 * C:\WINDOWS\System32\drivers\stream.sys : 75,776 : 03/18/2017 02:57 PM : 5954b05eee264ff17bc5d52b822a62e0 [NoSig]
 
 * C:\WINDOWS\System32\drivers\tape.sys : 31,232 : 03/18/2017 02:57 PM : d5dfb9a05ae9c32187648bf910cf481b [NoSig]
 
 * C:\WINDOWS\System32\drivers\udfs.sys : 324,096 : 03/18/2017 02:57 PM : c82be75239d412057c9e3db1785680c6 [NoSig]
 
 * C:\WINDOWS\System32\drivers\usb8023.sys : 23,040 : 03/18/2017 02:57 PM : 413d926810dfa65d3676d640f83ddeaa [NoSig]
 
 * C:\WINDOWS\System32\drivers\usbcamd2.sys : 37,888 : 03/18/2017 02:57 PM : 2a951382bedc6bcbc51438f2114d9894 [NoSig]
 
 * C:\WINDOWS\System32\drivers\usbuhci.sys : 35,328 : 03/18/2017 02:56 PM : 7ba802c9f73a84b75bb22538ada495be [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\usbport.inf_amd64_45fbbb1fe9d7c7bb\usbuhci.sys : 35,328 : 03/18/2017 02:56 PM : 7ba802c9f73a84b75bb22538ada495be [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\videoprt.sys : 49,664 : 03/18/2017 02:57 PM : f986f93ba638b9d1a96216ea817c9ed8 [NoSig]
 
 * C:\WINDOWS\System32\drivers\wanarp.sys : 81,408 : 03/18/2017 02:58 PM : fdd16ef9177a8a2ef08a7fa3d3efaa13 [NoSig]
 
 * C:\WINDOWS\System32\drivers\ws2ifsl.sys : 23,552 : 03/18/2017 02:57 PM : daf4451760b46cb383d287c4faffe97d [NoSig]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  (was about 40 ip/website ui2ls hei2e so i erased them )
 
 
  20 out of 112 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 11/13/2017 03:44:25 PM
Execution time: 0 hours(s), 6 minute(s), and 16 seconds(s)


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:33 PM

Posted 17 November 2017 - 05:35 PM

Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:33 PM

Posted 28 November 2017 - 07:54 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users