Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have a rootkit?


  • This topic is locked This topic is locked
6 replies to this topic

#1 shadowstriker

shadowstriker

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 13 December 2017 - 01:53 PM

When I tried running a Malwarebytes scan on my computer, a messaged popped up saying that, (paraphrasing) a rootkit feature was unable to be updated, which meant there could potentially be a rootkit on my system, and asked me if I wanted to restart, which I did.

 

Of course, my computer hasn't been able to boot up normally since I restarted, only takes me to Startup Repair screen, and to make this issue even more frustrating, I'm not able to run Safe Mode, all that amounts to is rerouting me back to the Startup Repair screen. Can someone please help me?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by SYSTEM on MININT-3IU45OH (13-12-2017 20:14:55)
Running from f:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-02] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [9926112 2016-03-10] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Zach\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\Zach\...\Run: [GalaxyClient] => D:\GalaxyClient\GalaxyClient.exe [5358664 2017-12-08] (GOG.com)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 GalaxyClientService; D:\GalaxyClient\GalaxyClientService.exe [532552 2017-12-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8345672 2017-12-08] (GOG.com)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-17] (NVIDIA Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-17] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-17] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-12-13] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-06-17] (NVIDIA Corporation)
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-18] (Scarlet.Crush Productions)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-13 19:49 - 2017-12-13 20:14 - 000000000 ____D C:\FRST
2017-12-09 02:14 - 2017-12-09 02:14 - 000000000 ____D C:\Users\Zach\AppData\Local\GOG.com
2017-12-04 13:26 - 2017-12-04 13:26 - 000000000 ____D C:\Users\Zach\AppData\Roaming\The Creative Assembly
2017-11-29 13:30 - 2017-11-29 13:30 - 000059702 _____ C:\Users\Zach\Documents\VirtualFile.pdf
2017-11-29 13:24 - 2017-11-29 13:24 - 000637846 _____ C:\Users\Zach\Documents\PDFForm.pdf
2017-11-14 22:13 - 2017-10-17 23:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2017-11-14 22:13 - 2017-10-17 22:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-14 22:13 - 2017-10-17 18:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-11-14 22:13 - 2017-10-17 18:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2017-11-14 22:13 - 2017-10-17 18:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2017-11-14 22:13 - 2017-10-17 18:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-11-14 22:13 - 2017-10-17 18:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-11-14 22:13 - 2017-10-17 18:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-11-14 22:13 - 2017-10-17 18:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-11-14 22:13 - 2017-10-16 15:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2017-11-14 22:13 - 2017-10-16 14:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-11-14 22:13 - 2017-10-16 13:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-14 22:13 - 2017-10-14 00:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-11-14 22:13 - 2017-10-14 00:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2017-11-14 22:13 - 2017-10-14 00:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2017-11-14 22:13 - 2017-10-14 00:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-11-14 22:13 - 2017-10-14 00:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2017-11-14 22:13 - 2017-10-14 00:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-11-14 22:13 - 2017-10-14 00:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2017-11-14 22:13 - 2017-10-14 00:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2017-11-14 22:13 - 2017-10-14 00:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2017-11-14 22:13 - 2017-10-14 00:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-11-14 22:13 - 2017-10-14 00:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2017-11-14 22:13 - 2017-10-14 00:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2017-11-14 22:13 - 2017-10-14 00:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2017-11-14 22:13 - 2017-10-14 00:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-11-14 22:13 - 2017-10-14 00:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2017-11-14 22:13 - 2017-10-14 00:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2017-11-14 22:13 - 2017-10-14 00:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2017-11-14 22:13 - 2017-10-13 23:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2017-11-14 22:13 - 2017-10-13 23:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2017-11-14 22:13 - 2017-10-13 23:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2017-11-14 22:13 - 2017-10-13 23:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-11-14 22:13 - 2017-10-13 23:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2017-11-14 22:13 - 2017-10-13 23:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2017-11-14 22:13 - 2017-10-13 23:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-11-14 22:13 - 2017-10-13 23:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-11-14 22:13 - 2017-10-13 23:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2017-11-14 22:13 - 2017-10-13 23:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2017-11-14 22:13 - 2017-10-13 23:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-11-14 22:13 - 2017-10-13 23:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-11-14 22:13 - 2017-10-13 23:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-11-14 22:13 - 2017-10-13 23:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2017-11-14 22:13 - 2017-10-13 23:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-11-14 22:13 - 2017-10-13 23:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-11-14 22:13 - 2017-10-13 23:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-14 22:13 - 2017-10-13 23:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-11-14 22:13 - 2017-10-13 23:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-14 22:13 - 2017-10-13 22:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2017-11-14 22:13 - 2017-10-13 22:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-14 22:13 - 2017-10-13 22:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-14 22:13 - 2017-10-13 22:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-14 22:13 - 2017-10-13 22:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-14 22:13 - 2017-10-13 22:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-14 22:13 - 2017-10-13 22:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-14 22:13 - 2017-10-13 22:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-14 22:13 - 2017-10-13 22:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-14 22:13 - 2017-10-13 22:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-14 22:13 - 2017-10-13 22:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-14 22:13 - 2017-10-13 22:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-14 22:13 - 2017-10-13 22:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-14 22:13 - 2017-10-13 22:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-14 22:13 - 2017-10-13 22:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-14 22:13 - 2017-10-13 22:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-14 22:13 - 2017-10-13 22:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-14 22:13 - 2017-10-13 22:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-14 22:13 - 2017-10-13 22:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-14 22:13 - 2017-10-13 22:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-14 22:13 - 2017-10-13 22:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-14 22:13 - 2017-10-13 22:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-14 22:13 - 2017-10-13 22:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-14 22:13 - 2017-10-13 22:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-14 22:13 - 2017-10-13 22:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-14 22:13 - 2017-10-13 22:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-14 22:13 - 2017-10-13 22:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-14 22:13 - 2017-10-13 22:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-14 22:13 - 2017-10-13 22:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-14 22:13 - 2017-10-13 22:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-14 22:13 - 2017-10-11 16:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2017-11-14 22:13 - 2017-10-11 16:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\System32\Query.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\System32\mssph.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\mssitlb.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2017-11-14 22:13 - 2017-10-11 16:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2017-11-14 22:13 - 2017-10-11 16:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2017-11-14 22:13 - 2017-10-11 16:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-14 22:13 - 2017-10-11 16:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2017-11-14 22:13 - 2017-10-11 16:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2017-11-14 22:13 - 2017-10-11 16:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2017-11-14 22:13 - 2017-10-11 16:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-14 22:13 - 2017-10-11 16:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-14 22:13 - 2017-10-11 16:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-14 22:13 - 2017-10-11 16:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-14 22:13 - 2017-10-11 16:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-14 22:13 - 2017-10-11 16:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-14 22:13 - 2017-10-11 16:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-14 22:13 - 2017-10-11 16:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-14 22:13 - 2017-10-11 16:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-14 22:13 - 2017-10-11 16:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-14 22:13 - 2017-10-11 16:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2017-11-14 22:13 - 2017-10-11 16:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2017-11-14 22:13 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2017-11-14 22:12 - 2017-10-17 18:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2017-11-14 22:12 - 2017-10-17 18:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-11-14 22:12 - 2017-10-15 14:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2017-11-14 22:12 - 2017-10-04 05:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2017-11-14 22:12 - 2017-10-04 05:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-11-14 22:12 - 2017-10-04 05:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2017-11-14 22:12 - 2017-10-04 05:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-11-14 22:12 - 2017-10-04 05:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2017-11-14 22:12 - 2017-10-04 05:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2017-11-14 22:12 - 2017-10-04 05:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-11-13 03:48 - 2017-11-13 03:48 - 002220872 _____ C:\Users\Zach\Downloads\winrar-x64-550.exe
2017-11-13 03:46 - 2017-11-13 03:46 - 004864230 _____ C:\Users\Zach\Downloads\fmd_0.9.126.0.7z
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-13 12:47 - 2017-02-05 13:16 - 000000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-12-13 12:02 - 2009-07-13 20:45 - 000027184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-13 12:02 - 2009-07-13 20:45 - 000027184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-13 00:11 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2017-12-12 11:44 - 2016-04-18 03:49 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-12 11:44 - 2016-04-18 03:49 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 11:44 - 2016-04-18 03:49 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-12 11:44 - 2016-04-18 03:49 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-12 11:44 - 2016-04-18 03:49 - 000000000 ____D C:\Windows\System32\Macromed
2017-12-11 19:27 - 2016-01-30 19:01 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-11 05:19 - 2014-08-19 08:59 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-11 02:21 - 2009-07-13 21:13 - 000006242 _____ C:\Windows\System32\PerfStringBackup.INI
2017-12-11 02:15 - 2014-05-06 16:15 - 000000000 ___RD C:\Users\Zach\Google Drive
2017-12-11 02:15 - 2013-10-22 17:00 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-11 02:15 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-09 16:27 - 2014-05-06 16:14 - 000002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-12-09 16:27 - 2014-05-06 16:14 - 000002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-12-09 16:27 - 2014-05-06 16:14 - 000002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-12-09 13:00 - 2013-11-08 20:57 - 000000000 ____D C:\Users\Zach\Documents\My Games
2017-12-08 03:09 - 2013-10-30 16:12 - 000000000 ____D C:\Windows\System32\MRT
2017-12-08 03:01 - 2017-10-11 02:04 - 127017032 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2017-12-08 03:00 - 2013-10-30 16:12 - 127017032 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-12-04 13:26 - 2015-01-24 12:04 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-20 12:32 - 2010-11-20 19:27 - 000545440 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2017-11-15 13:03 - 2009-07-13 20:45 - 000411728 _____ C:\Windows\System32\FNTCACHE.DAT
2017-11-15 13:01 - 2014-12-10 00:33 - 000000000 ____D C:\Windows\System32\appraiser
2017-11-14 02:20 - 2013-10-22 17:05 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 02:20 - 2013-10-22 17:05 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 03:48 - 2017-04-20 12:52 - 000000000 ____D C:\Program Files\WinRAR
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16288.37 MB
Available physical RAM: 15084.98 MB
Total Virtual: 16286.57 MB
Available Virtual: 15087.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:1.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1659.5 GB) NTFS
Drive e: (Cowboy_Bebop_D3) (CDROM) (Total:40.87 GB) (Free:0 GB) UDF
Drive f: (Lexar) (Removable) (Total:7.32 GB) (Free:5.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8B1FACCE)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FB1AD951)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
 
LastRegBack: 2017-12-09 20:23
 
==================== End of FRST.txt ============================
Edit: Forgot to include the FRST log.

Edited by shadowstriker, 13 December 2017 - 08:23 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:17 AM

Posted 14 December 2017 - 02:41 PM

Welcome. :)

 

Please download the attached file [attachment=200512:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

  • Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
  • Option 3: Boot to recovery media.
  • Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

 

Restart in Normal Mode.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 shadowstriker

shadowstriker
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 14 December 2017 - 04:36 PM

Here's the fixlog.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by SYSTEM (14-12-2017 16:34:11) Run:1
Running from f:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-12-13] () <==== ATTENTION (zero byte File/Folder)
 
*****************
 
"HKLM\System\ControlSet001\Services\MBAMSwissArmy" => removed successfully
MBAMSwissArmy => service removed successfully
 
==== End of Fixlog 16:34:11 ====


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:17 AM

Posted 14 December 2017 - 06:38 PM

Are you able to boot in Normal Mode?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 shadowstriker

shadowstriker
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 14 December 2017 - 08:04 PM

Yes, everything seems to be working normally. I ran a scan with Malwarebytes and it hasn't found any malicious software.



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:17 AM

Posted 15 December 2017 - 01:13 PM

I believe it also, congratulations.

 

Always keep your antivirus active and updated.

 

Best regards. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:17 AM

Posted 15 December 2017 - 01:13 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users