Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Floxif 2.0 - Malwarebytes is useless! Please help!


  • Please log in to reply
16 replies to this topic

#1 jsumm52

jsumm52

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 10 December 2017 - 08:21 PM

Hello this is my first time posting to this site and I'm here because I don't know what else to do. I have the premium version of Malwarebytes and yesterday, out of nowhere I started getting all of the real-time protection notifications telling me it was quarantining all of these Trojan.Floxif.AppFlsh files. A bunch of .dll files with random varying names in varying locations. I could barely use my computer because I got a new window every second telling me to reboot my computer to finish the removal process.

 

It kept tracing the virus to a symsrv.dll file located in C:\Program Files\Common Files\System. I tried to delete the file but couldn't because it was open in a bunch of processes and services including: Adobe Acrobat, SpotifyWebHelper, Steam Bootstrapper, Java Update, Google Update, Nvidia Container, and Malwarebytes itself! I eventually shut down all of the processes it was using including Malwarebytes and I was finally able to delete the file. But when I re-opened MWB, the symsrv.dll file came back! And when scanning with MWB it kept finding three instances of the Floxif.AppFlsh virus. 

 

1. symserv.dll in C:\Program Files\Common Files\System

2. HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENT VERSION\WINDOWS | APPINIT_DLLS

3. HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENT VERSION\WINDOWS | APPINIT_DLLS

 

In looking around at discussions and threads regarding the Floxif virus that came with CCleaner, I'm pretty sure that this is a different beast entirely:

 

First off, I'm running a 64 bit version of Windows

Second, I installed CCleaner over a year ago and haven't had any issue with it until now. 

Third, the typical signs of the virus and places it attacks are obviously very different. 

 

Obviously quarantining the threats, deleting them, then rebooting doesn't work or I wouldn't be here. I tried installing other Anti-virus programs but they failed to install. I tried opening Steam but it failed to open. I tried going back to a restore point from safe mode but it failed to restore. I can't open Windows defender and I get warnings saying both Windows Defender and Malwarebytes are off, even when Malwarebytes is running. I tried running a custom scan including rootkits and scanning all 3 of my drives. They false flagged some PUP's but other than that nothing new. 

 

A strange thing though, after doing the full custom scan, when I do regular scans after that it will stop flagging the 3 threats mentioned above and it actually says I'm clean and clear! This got me really excited and I did the reboot hoping that it was the final nail in Floxif's coffin but I was wrong. When my computer started back up, MWB continued flagging the Floxif virus. 

I'm very competent with computers, more than anyone I know personally, but I'm not an expert. I think I'm capable of destroying this thing if I knew how or where to look. That's where you guys come in. Worst case scenario is a factory reset which would mean buying 8TB of external memory to back everything up on. I'm hoping you guys can help me save that cost. Tell me what you need to know or what you think I need to try next. Also, how do I attach pictures? If I knew that I could include screenshots. 

 

Thank you!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:35 PM

Posted 11 December 2017 - 07:32 AM

Welcome to BC...

 

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

If MBAR is successful then run the scans below.

 

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 jsumm52

jsumm52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 11 December 2017 - 12:21 PM

How do I attach the log files? 



#4 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:35 PM

Posted 11 December 2017 - 12:32 PM

You don't attach...follow the directions for copying and pasting.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 jsumm52

jsumm52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 11 December 2017 - 04:12 PM

Ok so I performed all of the scans per the instructions, though the ESET and AwdCleaner instructions were not exact, I think I did the equivalents of what you asked. After finishing the Free one time ESET scan that found 382 threats I was prompted to download the NOD32 anti-virus so I started the 30-day free trial and it's scanning right now.

 

In looking through the instructions it looks like you only asked me to include the log from AdwCleaner so here it is: 

 

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 11 16:56:24 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 12-11-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Users\Jon\AppData\Roaming\download Manager
PUP.Optional.Legacy, C:\Program Files (x86)\GreenTree Applications
PUP.Optional.Legacy, C:\Program Files\Caster
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
PUP.Optional.Legacy, C:\ProgramData\ytd video downloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\ytd video downloader
PUP.Optional.Legacy, C:\Users\All Users\ytd video downloader
PUP.Optional.Legacy, C:\Program Files\Yhid
PUP.Optional.Legacy, C:\Program Files\YhidUn
PUP.Optional.Legacy, C:\Users\Jon\AppData\Roaming\Geunfy
PUP.Optional.Legacy, C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
PUP.Optional.Legacy, C:\ProgramData\Application Data\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
PUP.Optional.Legacy, C:\Users\All Users\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
 
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\Windows\rsrcs.dll
PUP.Optional.Legacy, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\sfahrihg.default\searchplugins\Search Provided by Bing.xml
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - http:\\www%2dsearching.com\?prd=set_epc&s=g9bzftpbl0cshmobu,28ebb27e-cbd6-4672-b4c7-d6062a480e12,
PUP.Optional.Legacy, C:\Users\Jon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - http:\\www%2dsearching.com\?prd=set_epc&s=g9bzftpbl0cshmobu,28ebb27e-cbd6-4672-b4c7-d6062a480e12,
 
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{3BBDD8B7-629A-41C9-BF67-D2C44A25EE46}C:\program files (x86)\bitlord\bitlord.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{DA8FABCB-3B38-4BBB-B351-E9774C2E3C44}C:\program files (x86)\bitlord\bitlord.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
What do I do now? 


#6 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:35 PM

Posted 11 December 2017 - 04:21 PM

Rerun AdwCleaner and be sure to click on Clean when scan finishes. But if you are still scanning with Eset then wait until

that scan is finished to prevent any problems with more than one scan being performed at the same time. It will ask you to

reboot to perform the cleaning if it finds anything.

 

Can you post the results of the Malwarebytes Anti Rootkit scan?

 

Post the log from the Eset scan.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 jsumm52

jsumm52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 11 December 2017 - 04:53 PM

Ok so the NOD32 scan didn't find anything so then I ran the AdwCleaner again, and clicked "Clean" again when it showed the "PUP.Optional.Legacy". When it restarted my computer, Malwarbytes Premium opened and said it found 4 threats. Both times that I chose clean and had AdwCleaner reboot my computer, no log has appeared. I went into the folder you told me to go to and found the log. Here are the results:

 

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 11 21:32:53 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 12-11-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [3356 B] - [2017/12/11 16:58:33]
C:/AdwCleaner/AdwCleaner[S0].txt - [3493 B] - [2017/12/11 16:56:24]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

The MBAR Log:

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.12.11.04
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.726.15063.0
Jon :: ZOEY [administrator]
 
12/11/2017 9:33:30 AM
mbar-log-2017-12-11 (09-33-30).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 253751
Time elapsed: 5 minute(s), 19 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 5
C:\Program Files (x86)\Bonjour\GDl32.dll (Trojan.Floxif.AppFlsh) -> Delete on reboot. [67e9190f9614d264880df213d928fe02]
C:\Program Files (x86)\Bonjour\OLE23.dll (Trojan.Floxif.AppFlsh) -> Delete on reboot. [361ae6421793d75f415432d319e8fe02]
C:\Program Files (x86)\Bonjour\PSAPl.dll (Trojan.Floxif.AppFlsh) -> Delete on reboot. [89c76bbdf7b345f1c7ced72e4fb2ba46]
C:\Windows\SysWOW64\dlcoer.dll (Trojan.Floxif.AppFlsh) -> Delete on reboot. [ec64091f3a7090a6f1a48c7941c05ea2]
C:\Users\Jon\AppData\Local\Temp\conres.dll (Trojan.Floxif.AppFlsh) -> Delete on reboot. [81cfa58305a592a4395c64a128d939c7]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

The ESET scan log:

C:\$Recycle.Bin\S-1-5-21-327907841-911269452-4019396247-1001\$RXTJGM9\mdnsNSP.dll Win32/Floxif.H virus deleted
C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe a variant of Win32/YTDDownloader.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\x3CF3EDNhm\ytd_installer.exe a variant of Win32/YTDDownloader.D potentially unwanted application,a variant of Win32/YTDDownloader.A potentially unwanted application cleaned by deleting
C:\Program Files\Common Files\System\symsrv.dll Win32/Floxif.E virus deleted
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat_sl.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\amtemu.v0.9.1-painter.exe Win32/HackTool.Crack.FS potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\amtlib.dll Win32/HackTool.Crack.FE potentially unsafe application cleaned by deleting
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll Win32/Floxif.H virus deleted
C:\Program Files (x86)\ASUS\GPU TweakII\ChartEx.ocx Win32/Floxif.H virus deleted
C:\Program Files (x86)\ASUS\GPU TweakII\FeedbackChart.ocx Win32/Floxif.H virus deleted
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\Google\Update\1.3.33.7\goopdate.dll Win32/Floxif.H virus deleted
C:\Program Files (x86)\Google\Update\1.3.33.7\OLE23.dll Win32/Floxif.E virus deleted
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll Win32/Floxif.H virus deleted
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll Win32/Floxif.H virus deleted
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Plugins\SPUser\nvspcaps\_nvspcaps.dll Win32/Floxif.H virus deleted
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Win32/Floxif.H virus deleted
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin\NvTelemetry.dll Win32/Floxif.H virus deleted
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvSHIM.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe Win32/Floxif.H virus deleted
C:\Program Files (x86)\TeamViewer\tv_w32.dll Win32/Floxif.H virus deleted
C:\Users\Jon\AppData\Local\Comms\Unistore\data\7\n\b000040d000000073701.dat a variant of Generik.LPOCEJT trojan cleaned by deleting
C:\Users\Jon\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe Win32/Floxif.H virus deleted
C:\Users\Jon\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll Win32/Floxif.H virus deleted
C:\Users\Jon\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\3\uslawns_request[5182].doc a variant of Generik.LPOCEJT trojan cleaned by deleting
C:\Users\Jon\AppData\Roaming\DVDVideoSoft\FreeYTVDownloader.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
C:\Users\Jon\AppData\Roaming\Spotify\libcef.dll Win32/Floxif.H virus deleted
C:\Users\Jon\AppData\Roaming\Spotify\SpotifyWebHelper.exe Win32/Floxif.H virus deleted
C:\Users\Jon\Documents\MediaCreationTool.exe Win32/Floxif.H virus deleted
C:\Users\Jon\Downloads\ccsetup523.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Jon\Downloads\COD-IW_patch-FIX.exe a variant of Win64/HackTool.Crack.H potentially unsafe application,a variant of Win32/HackTool.Crack.EN potentially unsafe application cleaned by deleting
C:\Users\Jon\Downloads\FreemakeVideoDownloaderSetup.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
C:\Users\Jon\Downloads\YTDSetup (1).exe a variant of Win32/YTDDownloader.D potentially unwanted application,a variant of Win32/YTDDownloader.A potentially unwanted application cleaned by deleting
C:\Users\Jon\Downloads\YTDSetup (2).exe a variant of Win32/YTDDownloader.D potentially unwanted application,a variant of Win32/YTDDownloader.A potentially unwanted application cleaned by deleting
C:\Users\Jon\Downloads\YTDSetup.exe a variant of Win32/YTDDownloader.D potentially unwanted application,a variant of Win32/YTDDownloader.A potentially unwanted application cleaned by deleting
C:\Windows\AutoKMS\AutoKMS.exe a variant of MSIL/HackKMS.H potentially unsafe application cleaned by deleting
C:\Windows\Web\nR0\ShellHlp.exe a variant of Win64/Packed.Enigma.C trojan cleaned by deleting
E:\Call of Duty - World at War incl Multiplayer.iso Win32/Floxif.H virus deleted
E:\FL Studio Producer Edition 12.4.2 + Keygen - Crackingpatching.com.zip Win32/Keygen.MI potentially unsafe application deleted
E:\Arma 3 [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Bulletstorm - Full Clip Edition [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Dark Souls 3 [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Assassin's Creed - Syndicate - Gold Edition [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Call of Duty - Black Ops 2 [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Call of Duty - WWII MP-ZM Add-on [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Call of Duty - WWII [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Cuphead [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Dragon Age Inquisition\DLC unlocker\DragonAgeInc-DLC_unlocker.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Grand Theft Auto V [FitGirl Ultra Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Hitman [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Metal Gear Solid V - The Phantom Pain [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Middle-earth - Shadow of War [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Ms. Splosion Man\Redist\VcRedist 2008.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Ms. Splosion Man\Redist\VcRedist 2010.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Ori and the Blind Forest PC game ^^nosTEAM^^\Ori-and-the-Blind-Forest_nosTEAM.exe Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
E:\Finished\Games\Prey [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Rise of the Tomb Raider [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Shadow Warrior 2\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Titanfall 2 [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Tom Clancy's Ghost Recon - Wildlands [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Total War - WARHAMMER II [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Total.War.SHOGUN.2.Complete-PROPHET\ppt-tws2.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted
E:\Finished\Games\Totally.Accurate.Battle.Simulator.v0.2.0\Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Totally.Accurate.Battle.Simulator.v0.2.0\Redist\oalinst.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Totally.Accurate.Battle.Simulator.v0.2.0\Redist\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Totally.Accurate.Battle.Simulator.v0.3.6174.523\TotallyAccurateBattleSimulator.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Totally.Accurate.Battle.Simulator.v0.3.6174.523\Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Totally.Accurate.Battle.Simulator.v0.3.6174.523\Redist\oalinst.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Totally.Accurate.Battle.Simulator.v0.3.6174.523\Redist\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Unravel [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\Watch Dogs 2\Redist\vcredist_x64_2012.exe Win32/Floxif.H virus deleted
E:\Finished\Games\Watch Dogs 2\Redist\DirectX\DSETUP.dll Win32/Floxif.H virus deleted
E:\Finished\Games\Wolfenstein II - The New Colossus [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\XCOM 2 [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\00. Mass Effect Bonus\AutoRun.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\00. Mass Effect Bonus\Bonus\Docs\Guide\The Final Hours Of Mass Effect 3\Adobe Air\AdobeAIRInstaller.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\01. Mass Effect\setup.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\01. Mass Effect\Redist\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\01. Mass Effect\Redist\DirectX\DSETUP.dll Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\02. Mass Effect 2\setup.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\02. Mass Effect 2\Redist\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\02. Mass Effect 2\Redist\DirectX\DSETUP.dll Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\03. Mass Effect 3\setup.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\03. Mass Effect 3\Redist\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\03. Mass Effect 3\Redist\vcredist_x86_2008.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Mass Effect Galaxy Edition\03. Mass Effect 3\Redist\DirectX\DSETUP.dll Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Tomb Raider\setup.exe Win32/Floxif.H virus deleted
E:\Finished\Games\[R.G. Mechanics] Tomb Raider\Redist\DirectX\DSETUP.dll Win32/Floxif.H virus deleted
E:\Finished\Programs\Adobe Acrobat XI Pro 11.0.20 + Crack [Tech-Tools.ME]\Adobe Acrobat XI Pro 11.0.20 + Crack [Tech-Tools.ME].rar Win32/HackTool.Crack.FS potentially unsafe application deleted
E:\Finished\Programs\Adobe Acrobat XI Pro 11.0.20 + Crack [Tech-Tools.ME]\Adobe Acrobat XI Pro 11.0.20 + Crack [Tech-Tools.ME]\Crack\amtemu.v0.9.1-painter.exe Win32/HackTool.Crack.FS potentially unsafe application cleaned by deleting
E:\Games\ABZU\stp-abzu.exe a variant of Win32/Packed.VMProtect.ABD trojan deleted
E:\Games\ABZU\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\ABZU\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\ABZU\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\ABZU\_Redist\vcredist_x64_2013_x64.exe Win32/Floxif.H virus deleted
E:\Games\ABZU\_Redist\vcredist_x64_2015_x64.exe Win32/Floxif.H virus deleted
E:\Games\Battle for Middle Earth 2\dbghelp.dll Win32/Floxif.H virus deleted
E:\Games\Battle for Middle Earth 2\BFME2 PatchSwitcher\unins000.exe Win32/Floxif.H virus deleted
E:\Games\Battle for Middle Earth 2\BFME2 PatchSwitcher\100\extra_uninst.exe Win32/Floxif.H virus deleted
E:\Games\Battle for Middle Earth 2\BFME2 PatchSwitcher\106\extra_uninst.exe Win32/Floxif.H virus deleted
E:\Games\Battle for Middle Earth 2\Support\EasyInfo.exe Win32/Floxif.H virus deleted
E:\Games\Battle for Middle Earth 2\Support\EReg.exe Win32/Floxif.H virus deleted
E:\Games\Battle for Middle Earth 2\Support\The Battle for Middle-earth II_code.exe Win32/Floxif.H virus deleted
E:\Games\Battle for Middle Earth 2\Support\The Battle for Middle-earth II_uninst.exe Win32/Floxif.H virus deleted
E:\Games\Call of Duty - Modern Warfare 2\iw4x.dll Win32/Floxif.H virus deleted
E:\Games\Call of Duty - WWII\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Cuphead\steam_api.dll Win32/Floxif.H virus deleted
E:\Games\Cuphead\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\Cuphead\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Fallout 4\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Far Cry Primal\Redist\Net.exe Win32/Floxif.H virus deleted
E:\Games\Far Cry Primal\Redist\vcredist_2012_x64.exe Win32/Floxif.H virus deleted
E:\Games\Far Cry Primal\Redist\DirectX\DSETUP.dll Win32/Floxif.H virus deleted
E:\Games\Forts\avcodec-57.dll Win32/Floxif.H virus deleted
E:\Games\Forts\_CommonRedist\vcredist\2015\vc_redist.x64.exe Win32/Floxif.H virus deleted
E:\Games\Forts\_CommonRedist\vcredist\2015\vc_redist.x86.exe Win32/Floxif.H virus deleted
E:\Games\Halo Wars Definitive Edition\_CommonRedist\DirectX\Jun2010\DSETUP.dll Win32/Floxif.H virus deleted
E:\Games\Halo Wars Definitive Edition\_CommonRedist\vcredist\2015\vc_redist.x64.exe Win32/Floxif.H virus deleted
E:\Games\Halo Wars Definitive Edition\_CommonRedist\vcredist\2015\vc_redist.x86.exe Win32/Floxif.H virus deleted
E:\Games\Honey Select\HoneySelect_32.exe Win32/Floxif.H virus deleted
E:\Games\Honey Select\HoneyStudio_32.exe Win32/Floxif.H virus deleted
E:\Games\Honey Select\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Honey Select\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\Honey Select\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Inside\unins000.exe Win32/Floxif.H virus deleted
E:\Games\Inside\_CommonRedist\DirectX\Jun2010\DSETUP.dll Win32/Floxif.H virus deleted
E:\Games\Inside\_CommonRedist\vcredist\2010\vcredist_x64.exe Win32/Floxif.H virus deleted
E:\Games\Inside\_CommonRedist\vcredist\2010\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Games\Limbo\D3DX9_43.dll Win32/Floxif.H virus deleted
E:\Games\Mekazoo\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\Mekazoo\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Middle-Earth - Shadow of War\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\Middle-Earth - Shadow of War\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\MW3\iw5m.dll Win32/Floxif.H virus deleted
E:\Games\MW3\steam_api tekno.dll Win32/GameHack.FP potentially unsafe application cleaned by deleting
E:\Games\MW3\runtimes\DSETUP.dll Win32/Floxif.H virus deleted
E:\Games\NARUTO SHIPPUDEN Ultimate Ninja Storm 4\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\NARUTO SHIPPUDEN Ultimate Ninja Storm 4\_Redist\dotNetFx40_Full_x86_x64.exe Win32/Floxif.H virus deleted
E:\Games\NARUTO SHIPPUDEN Ultimate Ninja Storm 4\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\NARUTO SHIPPUDEN Ultimate Ninja Storm 4\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\NARUTO SHIPPUDEN Ultimate Ninja Storm 4\_Redist\vcredist_x64_2010_sp1_x64.exe Win32/Floxif.H virus deleted
E:\Games\NARUTO SHIPPUDEN Ultimate Ninja Storm 4\_Redist\vcredist_x64_2013_x64.exe Win32/Floxif.H virus deleted
E:\Games\NARUTO SHIPPUDEN Ultimate Ninja Storm 4\_Redist\vcredist_x86_2010_sp1_x86.exe Win32/Floxif.H virus deleted
E:\Games\NARUTO SHIPPUDEN Ultimate Ninja Storm 4\_Redist\vcredist_x86_2013_x86.exe Win32/Floxif.H virus deleted
E:\Games\Never Alone\steam_api.dll Win32/Floxif.H virus deleted
E:\Games\Ori and the Blind Forest\SteamworksNative.dll Win32/Floxif.H virus deleted
E:\Games\Ori and the Blind Forest\steam_api.dll Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
E:\Games\Plants vs. Zombies\Core\awc.dll Win32/Floxif.H virus deleted
E:\Games\Project CARS 2\EasyAntiCheat_x86.dll Win32/Floxif.H virus deleted
E:\Games\Project CARS 2\NoDVD\CODEX\steam_api.dll Win32/Floxif.H virus deleted
E:\Games\Project CARS 2\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\Project CARS 2\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Sid Meier's Civilization 6\Base\Binaries\Win64Steam\steam_api64.dll a variant of Win64/HackTool.Crack.H potentially unsafe application cleaned by deleting
E:\Games\SUPERHOT\GameuxInstallHelper.dll Win32/Floxif.H virus deleted
E:\Games\SUPERHOT\SH_Data\FFMPEGEncoding\ffmpeg.exe Win32/Floxif.H virus deleted
E:\Games\Terraria\CSteamworks.dll Win32/Floxif.H virus deleted
E:\Games\Terraria\Redist\dotNetFx40_Full_setup.exe Win32/Floxif.H virus deleted
E:\Games\Terraria\Redist\dotNetFx40_Full_x86_x64.exe Win32/Floxif.H virus deleted
E:\Games\Terraria\Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\Terraria\Redist\oalinst.exe Win32/Floxif.H virus deleted
E:\Games\Terraria\Redist\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Games\Total War - Warhammer\stp-tww.exe a variant of Win32/Packed.VMProtect.ABD trojan deleted
E:\Games\Total War - Warhammer\launcher\Awesomium.dll Win32/Floxif.H virus deleted
E:\Games\Total War - Warhammer\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Total War - Warhammer\NoDVD\REVOLT\stp-tww.exe a variant of Win32/Packed.VMProtect.ABD trojan deleted
E:\Games\Total War - Warhammer\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\Total War - Warhammer\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Total War - Warhammer\_Redist\vcredist_x64_2010_sp1_x64.exe Win32/Floxif.H virus deleted
E:\Games\Total War - Warhammer\_Redist\vcredist_x64_2013_x64.exe Win32/Floxif.H virus deleted
E:\Games\Total War - Warhammer 2\launcher\Awesomium.dll Win32/Floxif.H virus deleted
E:\Games\Total War - Warhammer 2\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\Total War - Warhammer 2\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\Trials Fusion - The Awesome MAX Edition\datapack\steam_api.dll a variant of Win32/HackTool.Crack.EE potentially unsafe application cleaned by deleting
E:\Games\Trials Fusion - The Awesome MAX Edition\datapack\uplay_r1_loader.dll a variant of Win32/Packed.VMProtect.ABR trojan cleaned by deleting
E:\Games\Unravel\stp-selector.exe Win32/Floxif.H virus deleted
E:\Games\Unravel\stp-unravel.exe a variant of Win32/Packed.VMProtect.ABD trojan deleted
E:\Games\Unravel\Core\Activation.dll Win32/Floxif.H virus deleted
E:\Games\Unravel\_Redist\dxwebsetup.exe Win32/Floxif.H virus deleted
E:\Games\Unravel\_Redist\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Games\WITCHKING\dbghelp.dll Win32/Floxif.H virus deleted
E:\Games\WITCHKING\Support\EasyInfo.exe Win32/Floxif.H virus deleted
E:\Games\WITCHKING\Support\EReg.exe Win32/Floxif.H virus deleted
E:\Games\WITCHKING\Support\The Lord of the Rings, The Rise of the Witch-king_code.exe Win32/Floxif.H virus deleted
E:\Games\WITCHKING\Support\The Lord of the Rings, The Rise of the Witch-king_uninst.exe Win32/Floxif.H virus deleted
E:\Games\__Installer\Cleanup.exe Win32/Floxif.H virus deleted
E:\Games\__Installer\Touchup.exe Win32/Floxif.H virus deleted
E:\Gang.Beasts.v0.5.7p1\SmartSteamEmu.dll Win32/Floxif.H virus deleted
E:\Gang.Beasts.v0.5.7p1\Redist\vcredist_x64.exe Win32/Floxif.H virus deleted
E:\Gang.Beasts.v0.5.7p1\Redist\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Halo 2 PC game MP+SP ^^nosTEAM^^\Halo 2\ImeUiRes.dll Win32/Floxif.H virus deleted
E:\Marvel VS Capcom Infinite [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Mekazoo [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\DOOM\_CommonRedist\DirectX\Jun2010\DSETUP.dll Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\DOOM\_CommonRedist\vcredist\2012\vcredist_x64.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\DOOM\_CommonRedist\vcredist\2012\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\Portal 2\portal2.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\Portal 2\bin\adminserver.dll Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\ShadowOfMordor\_CommonRedist\DirectX\Jun2010\DSETUP.dll Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\ShadowOfMordor\_CommonRedist\vcredist\2010\vcredist_x64.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\ShadowOfMordor\_CommonRedist\vcredist\2010\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\AMD Dual Core Optimizer\Setup.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\DirectX\DSETUP.dll Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\VCRedist\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\_CommonRedist\DirectX\Jun2010\DSETUP.dll Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\_CommonRedist\DotNet\4.5.2\NDP452-KB2901907-x86-x64-AllOS-ENU.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\_CommonRedist\vcredist\2012\vcredist_x64.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\_CommonRedist\vcredist\2012\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\_CommonRedist\vcredist\2013\vcredist_x64.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\_CommonRedist\vcredist\2013\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\_CommonRedist\vcredist\2015\vc_redist.x64.exe Win32/Floxif.H virus deleted
E:\SteamLibrary\steamapps\common\XCOM 2\_CommonRedist\vcredist\2015\vc_redist.x86.exe Win32/Floxif.H virus deleted
E:\SUPERHOT.MIND.CONTROL.DELETE\SUPERHOTMCD\SmartSteamEmu.dll Win32/Floxif.H virus deleted
E:\SUPERHOT.MIND.CONTROL.DELETE\SUPERHOTMCD\SHMCD_Data\FFMPEGEncoding\ffmpeg.exe Win32/Floxif.H virus deleted
E:\The Surge [FitGirl Repack]\MD5\QuickSFV.EXE Win32/Floxif.H virus deleted
E:\Vuze Downloads\Microsoft Toolkit 2.6.1 Final (Windows & Office Activator) [SadeemPC].zip a variant of MSIL/HackKMS.G potentially unsafe application deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\Set-up.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\AdobeDreamweaverWidgetsBrowser1.0-mul\AdobeAIRInstaller.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\AdobeHelp\AdobeAIRInstaller.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\AdobeHelp\arh.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\AdobeHelp\InstallAdobeHelp.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\Microsoft VC 2005 Redist (x64)\vcredist_x64.EXE Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\Microsoft VC 2005 Redist (x86)\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\Microsoft VC 2008 Redist (x64)\vcredist_x64.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\Microsoft VC 2008 Redist (x86)\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\Microsoft VC 2010 Redist (x64)\vcredist_x64.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Adobe Master Collection CS6 WORKING [ENG]- P2P\Adobe.Creative.Suite.6.Master.Collection-P2P\payloads\Microsoft VC 2010 Redist (x86)\vcredist_x86.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Microsoft Office 2016 VL ProPlus Multi-39 (x64) August 2016\Base\Office_2016_ProPlus_64Bit_English_2016.08.iso a variant of MSIL/HackKMS.G potentially unsafe application,a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application,MSIL/HackTool.IdleKMS.I potentially unsafe application deleted
E:\Vuze Downloads\Microsoft Office 2016 VL ProPlus Multi-39 (x64) August 2016\Base\PowerISO.exe Win32/Floxif.H virus deleted
E:\Vuze Downloads\Microsoft Office 2016 VL Select Edition (x64) July 2016\Office_2016_Select_64Bit_EN_07.16.iso a variant of MSIL/HackKMS.G potentially unsafe application,a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application,MSIL/HackTool.IdleKMS.I potentially unsafe application deleted
E:\Vuze Downloads\Microsoft Toolkit 2.6.1 Final (Windows & Office Activator) [SadeemPC]\Microsoft Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application cleaned by deleting
F:\ADOBE\Adobe After Effects CS6\Support Files\arh.exe Win32/Floxif.H virus deleted
F:\ADOBE\Adobe After Effects CS6\Support Files\32\ASLFoundation.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe After Effects CS6\Support Files\Plug-ins\Effects\mochaAE\(Mocha Support)\MediaIOServer\bin\CORE_RL_bzlib_.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe After Effects CS6\Support Files\Plug-ins\Effects\Synthetic Aperture\(CF3 Support)\iconv.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe After Effects CS6\Support Files\Plug-ins\Format\ProImport\Supporting Files\AAFCOAPI.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe After Effects CS6\Support Files\Required\AdobeQTServer.exe Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Audition CS6\ACE.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Bridge CS6\ACE.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Encore CS6\MFC42D.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Encore CS6\32\ASLFoundation.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Encore CS6\Required\AdobeQTServer.exe Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Extension Manager CS6\AdobePIP.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Illustrator CS6\Support Files\Contents\Windows\ACE.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\gdiplus.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Media Encoder CS6\ACE.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Media Encoder CS6\32\ASLFoundation.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Media Encoder CS6\Required\AdobeQTServer.exe Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Photoshop CS6\ACE.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Photoshop CS6\Required\Droplet Template.exe Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Prelude CS6\AAFCOAPI.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Prelude CS6\ScriptAlign\MSVCR71.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Premiere Pro CS6\arh.exe Win32/Floxif.H virus deleted
F:\ADOBE\Adobe Premiere Pro CS6\ScriptAlign\MSVCR71.dll Win32/Floxif.H virus deleted
F:\ADOBE\Adobe SpeedGrade CS6\bin\arh.exe Win32/Floxif.H virus deleted
F:\Downloads\6.08-nvidia-system-tools.exe Win32/Floxif.H virus deleted
F:\Downloads\7z1602-x64.exe Win32/Floxif.H virus deleted
F:\Downloads\AVG_Protection_Free_1606.exe Win32/Floxif.H virus deleted
F:\Downloads\BitlordSetup_VbDBr1.exe Win32/InstallCore.Gen.A potentially unwanted application cleaned by deleting
F:\Downloads\ccsetup523.exe Win32/Floxif.H virus deleted
F:\Downloads\ccsetup526.exe Win32/Floxif.H virus deleted
F:\Downloads\ChromeSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\COD-IW_patch-FIX.exe a variant of Win64/HackTool.Crack.H potentially unsafe application,a variant of Win32/HackTool.Crack.EN potentially unsafe application cleaned by deleting
F:\Downloads\ConPack2.2Patch.exe Win32/Floxif.H virus deleted
F:\Downloads\DDSViewerSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\dolphin-x64-5.0.exe Win32/Floxif.H virus deleted
F:\Downloads\DTLiteInstaller.exe Win32/Floxif.H virus deleted
F:\Downloads\Dxbx 0.5 Release setup.exe Win32/Floxif.H virus deleted
F:\Downloads\EyeFrame_Setup.exe Win32/Floxif.H virus deleted
F:\Downloads\Firefox Installer.exe Win32/Floxif.H virus deleted
F:\Downloads\FolderSize.exe Win32/Floxif.H virus deleted
F:\Downloads\forge-1.10.2-12.18.1.2011-installer-win.exe Win32/Floxif.H virus deleted
F:\Downloads\forge-1.7.2-10.12.2.1121-installer-win.exe Win32/Floxif.H virus deleted
F:\Downloads\forge-1.7.2-10.12.2.1147-installer-win.exe Win32/Floxif.H virus deleted
F:\Downloads\FreemakeVideoDownloaderSetup.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
F:\Downloads\FSResizerSetup38.exe Win32/Floxif.H virus deleted
F:\Downloads\HandBrake-0.10.5-x86_64-Win_GUI-1 (1).exe Win32/Floxif.H virus deleted
F:\Downloads\HandBrake-0.10.5-x86_64-Win_GUI-1.exe Win32/Floxif.H virus deleted
F:\Downloads\hwmonitor_1.31.exe Win32/Floxif.H virus deleted
F:\Downloads\IconPack Alienware Encounter.exe Win32/Floxif.H virus deleted
F:\Downloads\IconPack Alienware Encounter.sfx.exe Win32/Floxif.H virus deleted
F:\Downloads\IconPack Alienware.exe Win32/Floxif.H virus deleted
F:\Downloads\IconPack Alienware.sfx.exe Win32/Floxif.H virus deleted
F:\Downloads\InstallMyDriveConnect.exe Win32/Floxif.H virus deleted
F:\Downloads\JavaSetup8u101.exe Win32/Floxif.H virus deleted
F:\Downloads\jcpicker.exe Win32/Floxif.H virus deleted
F:\Downloads\KotORGC2.exe Win32/Floxif.H virus deleted
F:\Downloads\LADSPA_plugins-win-0.4.15.exe Win32/Floxif.H virus deleted
F:\Downloads\Lame_v3.99.3_for_Windows.exe Win32/Floxif.H virus deleted
F:\Downloads\mbam-setup-2.2.1.1043 (1).exe Win32/Floxif.H virus deleted
F:\Downloads\mbam-setup-2.2.1.1043.exe Win32/Floxif.H virus deleted
F:\Downloads\mkvtoolnix-64bit-9.4.0-setup.exe Win32/Floxif.H virus deleted
F:\Downloads\Mountain_Rainstorm_Animated_Wallpaper.exe Win32/Floxif.H virus deleted
F:\Downloads\MSIAfterburnerSetup420.exe Win32/Floxif.H virus deleted
F:\Downloads\npp.7.5.1.Installer.x64.exe Win32/Floxif.H virus deleted
F:\Downloads\OriginThinSetup (1).exe Win32/Floxif.H virus deleted
F:\Downloads\OriginThinSetup (2).exe Win32/Floxif.H virus deleted
F:\Downloads\OriginThinSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\pcsx2-1.4.0-setup (1).exe Win32/Floxif.H virus deleted
F:\Downloads\pcsx2-1.4.0-setup.exe Win32/Floxif.H virus deleted
F:\Downloads\pinnacle-setup.exe Win32/Floxif.H virus deleted
F:\Downloads\purevpn_setup.exe Win32/Floxif.H virus deleted
F:\Downloads\QuickTimeInstaller.exe Win32/Floxif.H virus deleted
F:\Downloads\Rainmeter-4.1.exe Win32/Floxif.H virus deleted
F:\Downloads\Redline.2009.720p.BDRip.x264.AC3-Zoo.mkv.iso a variant of Win32/Adware.YoBrowser.T application deleted
F:\Downloads\Setup_QuickBooksPremier2015.exe Win32/Floxif.H virus deleted
F:\Downloads\SkypeSetupFull.exe Win32/Floxif.H virus deleted
F:\Downloads\spotiamp-lightweight-spotify-player-0-2-1-en-win.exe Win32/Floxif.H virus deleted
F:\Downloads\SpotifySetup (1).exe Win32/Floxif.H virus deleted
F:\Downloads\SpotifySetup (2).exe Win32/Floxif.H virus deleted
F:\Downloads\SpotifySetup.exe Win32/Floxif.H virus deleted
F:\Downloads\SteamSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\SWBF2-v1.3patch-r129.exe Win32/Floxif.H virus deleted
F:\Downloads\TeamViewer_Setup_en.exe Win32/Floxif.H virus deleted
F:\Downloads\torbrowser-install-6.0.4_en-US.exe Win32/Floxif.H virus deleted
F:\Downloads\torbrowser-install-6.5.1_en-US.exe Win32/Floxif.H virus deleted
F:\Downloads\torbrowser-install-6.5.2_en-US.exe Win32/Floxif.H virus deleted
F:\Downloads\UplayInstaller.exe Win32/Floxif.H virus deleted
F:\Downloads\uslawns_request.doc a variant of Generik.LPOCEJT trojan cleaned by deleting
F:\Downloads\uTorrent.exe Win32/Floxif.H virus deleted
F:\Downloads\UxStyle_0242_x86_x64_preview.exe Win32/Floxif.H virus deleted
F:\Downloads\vcredist_x86.exe Win32/Floxif.H virus deleted
F:\Downloads\vlc-2.2.4-win32.exe Win32/Floxif.H virus deleted
F:\Downloads\vpntunnel-4.4 (1).exe Win32/Floxif.H virus deleted
F:\Downloads\vpntunnel-4.4.exe Win32/Floxif.H virus deleted
F:\Downloads\VuzeBittorrentClientInstaller.exe Win32/Floxif.H virus deleted
F:\Downloads\winamp5666_full_en-us.exe Win32/Floxif.H virus deleted
F:\Downloads\XMouseButtonControlSetup-2-14.exe Win32/Floxif.H virus deleted
F:\Downloads\YTDSetup (1).exe Win32/Floxif.H virus deleted
F:\Downloads\YTDSetup (2).exe Win32/Floxif.H virus deleted
F:\Downloads\YTDSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\Asmedia_USB3_V116351\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\Asmedia_USB3_V116351\setup.exe Win32/Floxif.H virus deleted
F:\Downloads\Intel_VGA_Win7-81-10_V2019154377_776\Intel_VGA_Win7-81-10_V2019154377_776\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\Intel_VGA_Win7-81-10_V2019154377_776\Intel_VGA_Win7-81-10_V2019154377_776\win32\DIFxAPI.dll Win32/Floxif.H virus deleted
F:\Downloads\Intel_VGA_Win7-81-10_V2019154377_776\Intel_VGA_Win7-81-10_V2019154377_776\win32\Graphics\common_clang32.dll Win32/Floxif.H virus deleted
F:\Downloads\Intel_VGA_Win7-81-10_V2019154377_776\Intel_VGA_Win7-81-10_V2019154377_776\win64\DIFxAPI.dll Win32/Floxif.H virus deleted
F:\Downloads\Intel_VGA_Win7-81-10_V2019154377_776\Intel_VGA_Win7-81-10_V2019154377_776\win64\Graphics\common_clang32.dll Win32/Floxif.H virus deleted
F:\Downloads\IRST_Win7-81-10_64bit_V14801042\IRST_Win7-81-10_64bit_V14801042\IRST\Driver\Disk\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\IRST_Win7-81-10_64bit_V14801042\IRST_Win7-81-10_64bit_V14801042\IRST\Driver\Disk\32bit\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\IRST_Win7-81-10_64bit_V14801042\IRST_Win7-81-10_64bit_V14801042\IRST\Install\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\IRST_Win7-81-10_64bit_V14801042\IRST_Win7-81-10_64bit_V14801042\IRST\Install\SetupRST.exe Win32/Floxif.H virus deleted
F:\Downloads\MEI_Consumer_V11051189\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\MEI_Consumer_V11051189\Hotfix_X64\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\MEI_Consumer_V11051189\Hotfix_X64\KB2685811\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\MEI_Consumer_V11051189\Hotfix_X86\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\MEI_Consumer_V11051189\Hotfix_X86\KB2685811\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\MEI_Consumer_V11051189\Install\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\RtlExUpd.dll Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\ACPIPatch\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\ACPIPatch\AtkSetup.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\ACPIPatch\AsSysCtrlService\AsAcpi.dll Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\ACPIPatch\AXSP\ATKEX.dll Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\ACPIPatch\Io\AsIoIns.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\DTS\DTSStudioSoundGuiPlugInInstaller.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\SonicRadar\SetupSonicPlugins_R1.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\SonicRadar\SetupSonicPlugins_R2.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\SonicSuite\SetupSonicSuite_R2.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\SVLoadSense\setup.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\SVLoadSense\WindowsInstaller3_1\WindowsInstaller-KB893803-v2-x86.exe Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\WIN32\AcpiServiceVnA.dll Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\Driver\WIN64\CX32APO.dll Win32/Floxif.H virus deleted
F:\Downloads\Realtek_Audio_V7848_20160617\NoHotfix\AsusSetup.exe Win32/Floxif.H virus deleted
F:\Misc\Microsoft Toolkit 2.5.3 Stable.exe a variant of MSIL/HackKMS.G potentially unsafe application cleaned by deleting
F:\Misc\Icons\IconPackager5_public.exe Win32/Floxif.H virus deleted
F:\Misc\Icons\Stardock IconPackager v5.0 Patch By Adrian Dennis.exe Win32/Floxif.H virus deleted
F:\Misc\Tones in Progress\Adobe Acrobat XI\Setup.exe Win32/Floxif.H virus deleted
F:\Misc\Tones in Progress\Adobe Acrobat XI\WindowsInstaller-KB893803-v2-x86.exe Win32/Floxif.H virus deleted
F:\Star Wars Battlefront II\GameData\binkw32.dll Win32/Floxif.H virus deleted
F:\Star Wars Battlefront II\GameData\v1.3patch\xdelta.exe Win32/Floxif.H virus deleted
F:\Star Wars Battlefront II\Install\LecSetup2.dll Win32/Floxif.H virus deleted
F:\Star Wars Battlefront II\_CommonRedist\DirectX\Jun2010\DSETUP.dll Win32/Floxif.H virus deleted
F:\Star Wars Battlefront II\_CommonRedist\vcredist\2013\vcredist_x64.exe Win32/Floxif.H virus deleted
F:\Star Wars Battlefront II\_CommonRedist\vcredist\2013\vcredist_x86.exe Win32/Floxif.H virus deleted


#8 jsumm52

jsumm52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 11 December 2017 - 04:56 PM

Should I stop Malwarebytes from opening on restart? 



#9 jsumm52

jsumm52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 11 December 2017 - 04:59 PM

Also, here is the MBAR system log in case you want it as well:

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.726.15063.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 4.008000 GHz
Memory total: 17090908160, free: 11945680896
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.15063 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.726.15063.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 4.008000 GHz
Memory total: 17090908160, free: 11967545344
 
Downloaded database version: v2017.12.11.04
Downloaded database version: v2017.11.28.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/11/2017 09:33:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\neo_vpn.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\e1d65x64.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\dtliteusbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\nvoclk64.sys
\SystemRoot\System32\drivers\dtlitescsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\System32\drivers\mt7612US.sys
\SystemRoot\System32\drivers\xboxgip.sys
\SystemRoot\System32\drivers\DevAuthE.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\system32\DRIVERS\BTHUSB.sys
\SystemRoot\system32\DRIVERS\bthport.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\system32\DRIVERS\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\System32\drivers\registry.sys
\??\C:\Windows\system32\Drivers\elytsxu.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\??\C:\WINDOWS\system32\drivers\44319468.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.12.11.04
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffdc036ff49060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffdc036fe7b9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffdc036ff49060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffdc036d4dbdd0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffdc036d4d13f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffdc036b6ad2f0, DeviceName: \Device\0000003e\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2206129391
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 5932b6a1-896-4e01-8810-45e02235959f
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2206129391
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 5932b6a1-896-4e01-8810-45e02235959f
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 5d7d9346-c9b4-49e5-aaeb-c9d667a85849
    FirstLBA 2048  Last LBA 923647
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 458d2a0f-220a-40e0-92b9-a5dc9cb364b1
    FirstLBA 923648  Last LBA 1126399
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b92355c6-333e-447b-989-c25bf05a7754
    FirstLBA 1126400  Last LBA 1159167
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f251584e-228d-49b5-9610-2ecb6c7afd47
    FirstLBA 1159168  Last LBA 975018816
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID c6f49c8f-68d8-48fb-8fe8-dc60a6f4ccc
    FirstLBA 975020032  Last LBA 976771071
    Attributes 1
    Partition Name                                     
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffdc036ff48060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffdc036fe799f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffdc036ff48060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffdc036d4db540, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffdc036d5c9040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffdc036b6b0060, DeviceName: \Device\0000003f\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1633951824
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid b140572-41bb-449d-b0bf-a9525ff2915
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1633951824
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid b140572-41bb-449d-b0bf-a9525ff2915
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8de8a6f4-d524-44c1-9f7b-f7d9a4a68fd9
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 8b907722-283e-4848-8ac3-a17e29a7b7ce
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 3000592982016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffdc036ff47060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffdc036fe779f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffdc036ff47060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffdc036d4d6c30, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffdc036d5c9e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffdc036d4d5060, DeviceName: \Device\00000040\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2544006464
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid f0044074-d838-4a1d-b452-f5c6656b171e
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2544006464
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid f0044074-d838-4a1d-b452-f5c6656b171e
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 4d9c8410-d1d0-437c-a2d2-1b4435f15844
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 337a2157-79bf-4c4e-a5a0-6951b5b9e85c
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 3000592982016 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Program Files (x86)\Bonjour\GDl32.dll --> [Trojan.Floxif.AppFlsh]
Infected: C:\Program Files (x86)\Bonjour\OLE23.dll --> [Trojan.Floxif.AppFlsh]
Infected: C:\Program Files (x86)\Bonjour\PSAPl.dll --> [Trojan.Floxif.AppFlsh]
Infected: C:\Windows\SysWOW64\dlcoer.dll --> [Trojan.Floxif.AppFlsh]
Infected: C:\Users\Jon\AppData\Local\Temp\conres.dll --> [Trojan.Floxif.AppFlsh]
File "C:\Users\Jon\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished


#10 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:35 PM

Posted 11 December 2017 - 05:29 PM

That is one heck of log from MBAR. Often, when so much is found, it is best to rerun to be sure the scan caught all that it is capable of.

 

You can stop Malwarebytes from starting during boot. Then rerun AdwCleaner and be sure to click on clean when scan finishes. Let's

see if it will remove those last two items.

 

After doing the above and posting the results...do this:

 

 

  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 jsumm52

jsumm52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 11 December 2017 - 06:32 PM

Here is the AdwCleaner log that appeared after rebooting without Malwarebytes opening on restart:

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 11 23:27:02 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [3356 B] - [2017/12/11 16:58:33]
C:/AdwCleaner/AdwCleaner[C1].txt - [1407 B] - [2017/12/11 21:45:27]
C:/AdwCleaner/AdwCleaner[S0].txt - [3493 B] - [2017/12/11 16:56:24]
C:/AdwCleaner/AdwCleaner[S1].txt - [1245 B] - [2017/12/11 21:32:53]
C:/AdwCleaner/AdwCleaner[S2].txt - [1383 B] - [2017/12/11 23:25:58]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########
 
Now I will do the Security Check you mentioned and post those results. Also I'd just like to say THANK YOU! I really appreciate you taking the time to work with me on this. Hopefully with your help we can defeat this thing. 


#12 jsumm52

jsumm52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 11 December 2017 - 06:35 PM

The log from the security check.

 

SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 11.12.2017 16:33:05
Path starting: C:\Users\Jon\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Jon
VersionXML: 4.78is-11.12.2017
___________________________________________________________________________
 
Windows 10(6.3.15063) (x64) Core Release: 1703 Lang: English(0409)
Installation date OS: 22.08.2017 23:29:26
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16StandardVL_KMS_Client edition Volume activation will expire : 258807 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [464.4 Gb] Used: [389.5 Gb] Free: [74.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.726.15063.0
User Account Control enabled (Level 3)
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2016 x64 v.16.0.4266.1001
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Malwarebytes (disabled and up to date)
ESET NOD32 Antivirus (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
ESET NOD32 Antivirus (enabled and up to date)
Malwarebytes (disabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Security v.11.0.154.0
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.3.1.2183 v.3.3.1.2183
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.02 (x64) v.16.02 Warning! Download Update
Uninstall old version and install new one.
TeamViewer 13 v.13.0.5640
VLC media player v.2.2.6 Warning! Download Update
--------------------------------- [ P2P ] ---------------------------------
Vuze v.5.7.3.0 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 144 (64-bit) v.8.0.1440.1 Warning! Download Update
Uninstall old version and install new one (jre-8u152-windows-x64.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.7.0.166 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime v.7.60.92.0 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service has stopped
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.3.1.0.4880 Warning! Download Update
Adobe Acrobat XI Pro v.11.0.20 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 57.0 (x64 en-US) v.57.0 Warning! Download Update
Google Chrome v.62.0.3202.94 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.62.0.3202.94
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\ESET\ESET Security\egui.exe v.10.2.158.0
ESET Service (ekrn) - The service is running
C:\Program Files\ESET\ESET Security\ekrn.exe v.10.2.158.0
Malwarebytes Service (MBAMService) - The service has stopped
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service has stopped
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------


#13 jsumm52

jsumm52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 11 December 2017 - 06:46 PM

I just ran the MBAR scan again and it didn't find anything so no cleanup is required. Does that mean it's gone? 



#14 jsumm52

jsumm52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 11 December 2017 - 06:49 PM

I just ran the AdwCleaner and it also found nothing. Can I try opening Malwarebytes Premium to see if it picks up anything or are there more steps I should take first?



#15 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:35 PM

Posted 11 December 2017 - 08:38 PM

You can start Malwarebytes.

 

Uninstall these programs:

Vuze v.5.7.3.0 (This is likely where the malware came from...downloading free software, movies and music...more than half will contain malware)

Java 8 Update 144 (Or update...most users don't need Java)

QuickTime v.7.60.92.0

Adobe AIR v.3.1.0.4880

Adobe Acrobat XI Pro v.11.0.20  (Or update..often a target of malware when not updated)

If you decide to not purchase Eset it is best to shut it down and boot into safe mode to run its uninstaller.

 

If you don't have an ad blocker installed in your browsers I suggest using Adblock Plus.

Adblock Plus - Chrome Web Store   Adblock Plus :: Add-ons for Firefox

 

Block third party cookies from installing in your browsers. Those are ad and tracking cookies.

Once they are blocked.....run CCleaner to remove the existing ones.

How to disable third-party cookies in all major web browsers

 

You should run MBAR, Malwarebytes and AdwCleaner again in a couple of days. Don't install any new software before then.

Especially free stuff.

 

You're welcome....of course.

 

If you don't see any other problem relating to malware or adware....I think you are good to go after completing the above.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users