Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Windows 7 x64 Bucket Load of Problems\Infections.


  • Please log in to reply
No replies to this topic

#1 Guest_MalcomX_*

Guest_MalcomX_*

  • Guests
  • OFFLINE
  •  

Posted 12 December 2017 - 03:38 AM

 
Hi,
 
 
 
Thanks in advance for your help.
 
 
I'm running a Lenovo Y-570 with Windows 7 x64 Home Premium. 8gb DDR3 RAM.
 
Intel Core i7-2670QM CPU @ 2.20GHz
 
Western Digital 698 GB WDC WD7500BPVT-24HXZT3 5400 RPM HDD
 
Chrome is the default browser.
 
 
The machine belongs to a friend who brought it to me out of sheer frustration. Now I'm frustrated! 
 
I know it's an older laptop but is usually only used for pretty basic browsing. It should be able to cope with that. He inherited it from a friend.
 
Recently, he clicked on a "Pop-Up." Yes, I've told him many times. As a result, he ended up with what seemed to be Norton Security on it. I'm not so sure. He was running AVG Free at the time. AVG may still be installed.
 
He reports that the machine is locking up and refusing to load Windows since the Norton thing. Also "other strange behaviour." He's not overly computer literate.
 
As I mentioned earlier, "it" has been locking him out of Windows and he claims that he's just been left looking at a screen with a large "E" on it.
 
There's definitely something not right. I installed Defender on this after a factory reset back in June/July this year. That was completely gone. After re-installing it its showing a date of 14th November when I installed it yesterday.
 
There are games installed that he hasn't installed (Easy-Bits.)
 
I found this reference in a file in his "My Documents" folder in a file called "regrun.txt" its about 500k in size so I didn't want to just paste it in: SpyHolesList Version:13.6 Build:9.40.0.640-64b 09.12.2017 9:42:15 PM Geo: AU-English
 
I ran a scan with ESET Online Scanner that grabbed a couple of things.(That's the entire content of the log below.)
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\00022604.tmp a variant of Win32/RiskWare.PEMalform.I application
C:\Program Files (x86)\Google\Update\1.3.33.7\00026851.tmp a variant of Win32/RiskWare.PEMalform.I application
 
 
I've run TFC to clear out junk.
 
 
Most of the remaining list of what I've tried are below, minus a few sundry AVG tools.
 
 
It appears he may have run ComboFix despite me advising against it.
 
 
Thanks for taking the time to have a look.
 
 
 
General Issues:
 
 
AswMbr crashes mid scan.
 
 
TDSS Detects nothing. Log available if wanted.
 
 
Malwarebytes MBAM finds nothing. Log Available. Nothing to show.
 
 
AdwCleaner Finds nothing. Logs available. Nothing in Scan Log. Maybe in Debug(?)
 
 
MS MRT detects 49,000 files infected during scan, however, on scan completion reports that no threats were found. No useful info in the logs.
 
 
Windows Defender and MSERT appear to detect the following during scans many times over in logs(Logs which I may be misreading.)
The scans finish with no infections found. No cleaning......
 
 
TEL:Trojan:O97/ProcessDoppel.A
 
ALF:Win32/Heraklez!rfn
 
#LowFi:GenericNonRtpN__
 
TEL:AGGR:HTML/PageEventFunctions.A
 
#PERSIST_PEEXEHasIOAVURL
 
SLFPER:ContextualDropEXEDesktop.B
 
SLF:HighRiskHasMotW
 
TEL:Exploit:Win32/Wintuds.B!gen
 
TEL:SIGATTR:BaitFilesBeLikeTouchMeNot
 
#SIGATTR:LowFiTouchSystemHosts
 
TEL:Exploit:Win32/Wintuds.B
 
#Lowfi:HSTR:VirTool:MSIL/GeneralPacker.H
 
TEL:HSTR:VirTool:Win32/CeeInject.gen!LJ
 
TEL:HSTR:Trojan:Win32/ServiceApisWithNetworkingCode.gen
 
Behavior:Win32/NonStdSvchostProcess.A
 
TEL:Exploit:Win32/Weedymut.Albqrq.B0021
 
#PERSIST_HSTR:SmartInstall
 
ALF:Cert_7AB5-2DF2-DA3F
 
Behavior:Win32/RootCertInstall.A
 
 
The times reported in the logs do not seem to be accurate. Neither do the dates.
 
 
FIXEXEC LOG:
 
 
FixExec by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about FixExec can be found at this link:
 
Program started at: 12/09/2017 12:38:12 PM in x64 mode.
Windows Version: Windows 7
 
Checking for processes to terminate before fixing executable associations.
 * No processes found to kill.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
  * HKLM\Software\Classes\.com\\@ has been changed to ComFile!
  * HKLM\Software\Classes\.com\\@ was reset to comfile!
 
 
Program finished at: 12/09/2017 12:38:23 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)
 
 
JRT LOG:
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Mal (Administrator) on Sat 09/12/2017 at  6:59:42.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 16 
 
Successfully deleted: C:\Users\Mal\AppData\Local\{058AA410-ACAC-4C5C-88E5-37FAF280FF09} (Empty Folder)
Successfully deleted: C:\Users\Mal\AppData\Local\{4879F023-F561-44CC-A56C-2AE8E76E40F3} (Empty Folder)
Successfully deleted: C:\Users\Mal\AppData\Local\{50A75C96-FA7C-4150-AFA1-EEF1077738B4} (Empty Folder)
Successfully deleted: C:\Users\Mal\AppData\Local\{58EE1DA5-F27F-48DB-9CD1-C18CA54B69C2} (Empty Folder)
Successfully deleted: C:\Users\Mal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OGEM529 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WBX7TYK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXMN9K7E (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4RDKWJQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I94KD7QA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMKECPQJ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OGEM529 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WBX7TYK (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXMN9K7E (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4RDKWJQ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I94KD7QA (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMKECPQJ (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/12/2017 at  7:04:49.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
MBAR LOG:
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 7459422208, free: 1767698432
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 7459422208, free: 1805996032
 
Downloaded database version: v2017.12.09.01
Downloaded database version: v2017.11.28.01
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/09/2017 12:42:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\FA723F4B6.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\avgRvrt.sys
\SystemRoot\system32\drivers\avgVmm.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\NSx64\160A000.055\SYMEFASI64.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\fbfmon.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\avgbuniva.sys
\SystemRoot\system32\drivers\avgbloga.sys
\SystemRoot\system32\drivers\avgbidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NSx64\160A000.055\ccSetx64.sys
\SystemRoot\system32\drivers\avgSP.sys
\SystemRoot\system32\drivers\avgSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\NSx64\160A000.055\Ironx64.SYS
\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\avgRdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\winioex.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20171207.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\BPntDrv.sys
\SystemRoot\system32\drivers\BOOTVID.dll
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20171206.001\BHDrvx64.sys
\SystemRoot\system32\drivers\avgbidsdrivera.sys
\SystemRoot\system32\drivers\avgbdiska.sys
\SystemRoot\system32\drivers\avgArPot.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\AcpiVpc.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\delayman.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\nvvhci.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\btwampfl.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwdpan.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\avgMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS
\SystemRoot\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS
\??\C:\windows\system32\Drivers\PROCEXP113.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\12540320.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\userenv.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.12.09.01
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008d05060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008d06b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008d06040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8008d05060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006c2f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2D5FE658
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 409600
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 411648  Numsec = 1372983296
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1373394944  Numsec = 60811264
    Partition is not bootable
 
    Partition 3 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1434206208  Numsec = 30942960
    Partition is not bootable
    Partition file system is NTFS
 
Disk Size: 750156374016 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\QBackup\index.qbs" is compressed (flags = 32769)
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\QBackup\index.qbs" is sparse (flags = 32769)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-411648-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1373394944-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-1434206208-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
Please Note:
 
MalwareBytes is installed on this computer. It's not the "Portable" version. I wasn't aware they still made a portable version.
Its used for demand scanning only.
 
 
AVG LOG:
 
Win32:Enistery [Susp]
 
 
 
Am I missing something here?

Edited by MalcomX, 12 December 2017 - 06:48 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users