Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome opening itself and spam tabs opening


  • Please log in to reply
16 replies to this topic

#1 jokey420

jokey420

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 22 December 2017 - 04:15 PM

Recently, my Google Chrome has been opening on ts won and some random spam/advertising tabs will open.

I tried everything I could like running the scan. Removing the malicious files. Remove any unwanted program from control panel programs.

But nothing seems to work.

I read on here about installing adw cleaner and td skiller. I've downloaded both of them but Windows won't allow me to install them. The message says "blocked for your safety by administrator". I tried running it as an administrator but the same message appears.

It's so annoying because these tabs will come on top of anything and everything I'm doing on my system. Kindly help.

Thanks in advance.


Edited by hamluis, 22 December 2017 - 05:04 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:57 PM

Posted 22 December 2017 - 10:12 PM

G'day again jokey420,

 

 

I hope you're getting ready for Christmas?

 

 

 

We'll take a quick look at your P.C.

 

 

Let's start relatively simply.....

 

 

 

Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:

(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)

 

Save it to your Desktop so you can easily locate it.

 

(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)

 

 

RKill.exe                              <<== Try this first.

 

RKill as iExplore.exe         <<== Try this one if option one doesn't work.

 

  • Right Click RKill and Select "Run As Administrator."
  • Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
  • When RKill has finished it will Open a Report in Notepad.
  • RKill will also save a copy of its log to your Desktop called "RKill.log"
  • After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
  • Please Copy and Paste the contents of the Report into your Next Reply.
  • If the RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.

 

NOTES:

 

Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.

 

If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.

 

 

Then.......

 

 

Please download Security Check (by screen317) from HERE & save it to your Desktop.

 

 

  • Right Click SecurityCheck and Select "Run As Administrator."
  • Follow the Prompts in the Black Box which opens on your screen.
  • When the program is complete a Notepad Document called Checkup.txt should open Automatically in Notepad.
  • Please Copy & Paste the Contents of Checkup.txt into your Next Reply.

 

Please Note the Following:

 

If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.

Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.

 

Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.

It is not uncommon for Security Check to generate "false positives" from  some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.

 

 

Then.......

 

 

Now I'd like you to download the JRT (Junkware Removal Tool)HERE

Save it to your Desktop so it's handy.

 

  • Right click on the JRT.exe Icon and select "Run as Administrator."
  • A black box will open and ask you if you want to continue. Do so. (Hit Enter I believe.)
  • The tool will do some work. Just be patient please.
  • When it's finished, a report should pop up in Notepad.
  • Please copy and paste the contents of the report into your Reply.

 

Ignore any warnings about the tool containing viruses etc.

 

 

Then.......

 

 

Download and run the ESET Free Online Virus Scanner from:  HERE

​(If you had to restart for any reason between running RKill and this step,

​Please re-run Rkill.)

 

  • Turn off your antivirus program. See here how to do this.
  • Accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating Memory, Autostart Locations and drive(s) C:\ D:\ etc., to be scanned
    • Click Start to begin the Scan.
  • The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txt. Include the contents of this report in your next reply.
  • CLEAN any THREATS found.
  • Click Back, then Finish to exit ESET Online Scanner.
  • ​Do NOT delete the ESET scanner at this stage please.

Please re-enable your antivirus when the scan is complete.

 

Let me know if you encounter any problems.

 

 

After you've finished the ESET Online scan:

  • Please ensure you've saved the Log File to your desktop.
  • Post the Log File contents in your Reply, assuming there was one.
  • Close down any other open programs.
  • Reboot.

 

​I'll look over your log file(s.)

 

Log back in to your thread for further instructions please.

 

We're in different time zones, so there may be a delay.

If I don't respond in 48 hours Please Personally Message Me.

If you don't hear back after 3 days, please post in the Topic at the "Top of the Am I Infected..." Forum.

 

Please be aware that I am Extremely Busy at the moment.

 

I am a Volunteer and do my best to be here. This is sometimes interrupted by sleep, eating, outages.......

 

 

 

Cheers,

 

 

 

Kilt :thumbup2: 

 

 

:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#3 jokey420

jokey420
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 23 December 2017 - 03:27 AM

Hello. Thanks very much for step by step guide. Really appreciate the help. Here are the files you asked to paste.

 

Rkill

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/23/2017 11:14:16 AM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\miss\AppData\Local\Temp\f9e9e9707e0e48ee9f2699074349ffd7\KhIo8vUSHjDU.exe (PID: 6828) [UP-HEUR]
 * C:\ProgramData\7065a1a7ecc743318af94152df515fc9\w6U4LHn.exe (PID: 1056) [AU-HEUR]
 * C:\Users\miss\AppData\Roaming\gplyra\gplyra.exe (PID: 12760) [UP-HEUR]
 * C:\Users\miss\AppData\Roaming\tenoxwgj43f\os4mvyvyo54.exe (PID: 33204) [UP-HEUR]
 * C:\Users\miss\AppData\Local\Temp\is-CSRK7.tmp\os4mvyvyo54.tmp (PID: 9944) [UP-HEUR]
 * C:\Users\miss\AppData\Local\39ead239a7fc42d9b56c0c5cd3cebc59\ILJIYLTXWE.exe (PID: 24000) [UP-HEUR]
 * C:\Users\miss\AppData\Local\3d22f80338654a60bb5d1e7592d03348\FPGIQQQMAD.exe (PID: 44232) [UP-HEUR]
 * C:\Users\miss\AppData\Local\Temp\f9e9e9707e0e48ee9f2699074349ffd7\KhIo8vUSHjDU.exe (PID: 11844) [UP-HEUR]
 * C:\ProgramData\7065a1a7ecc743318af94152df515fc9\w6U4LHn.exe (PID: 17132) [AU-HEUR]
 
9 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 wemsofts.com
  127.0.0.1 bongadoom.com
  127.0.0.1 wepcmainsystem.com
  127.0.0.1 internalcampaigntargets.com
  127.0.0.1 bongadoom.com
  127.0.0.1 getthefilenow.com
  127.0.0.1 bigpicturepop.com
  127.0.0.1 wizzcaster.com
  127.0.0.1 bestoffersfortoday.com
  127.0.0.1 wepcmainsystem.com
  127.0.0.1 agent.wizztrakys.com
  127.0.0.1 csdimonetize.com
  127.0.0.1 dl.azalee.site
  127.0.0.1 titiaredh.com
  127.0.0.1 wepcdisplaysystem.com
  127.0.0.1 wepcanalyticsystem.com
  127.0.0.1 healthydownload.com
  127.0.0.1 leading2download.com
  127.0.0.1 dwl0.wizzlabs.com
  127.0.0.1 dwl1.wizzlabs.com
 
  20 out of 29 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 12/23/2017 11:19:24 AM
Execution time: 0 hours(s), 5 minute(s), and 7 seconds(s)
 
 
Checkup
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (63.0.3239.84) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MSASCuiL.exe   
 Microleaves Online Application Version 2.6.0 Online-Guardian.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
After that I downloaded JRT and tried running it as an administrator but the warning popped up saying "This app has been blocked for your protection"

 

Please advise further.

Thanks



#4 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:57 PM

Posted 23 December 2017 - 03:32 AM

Howdy,

 

 

For now just skip JRT and move on.

 

We might try to run it again later.

 

Was it SmartScreen that warned you or did it look like an unusual warning?

 

Cheers.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 jokey420

jokey420
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 23 December 2017 - 11:05 AM

Hi there again.

 

This is the scan result:

 

C:\Program Files\Reference Assemblies\NTCHINKGNE\VCNIPPRXOL.exe a variant of MSIL/GenKryptik.ALP trojan
C:\Program Files\Total Clock\Total Clock.dll a variant of Win64/Wdfload.M trojan
C:\Program Files\Windows Portable Devices\DBXKDNGQEP\KJTEZZPBOU.exe a variant of MSIL/GenKryptik.ALP trojan
C:\Program Files\Windows Portable Devices\DBXKDNGQEP\QUFOXWJCMH.exe a variant of MSIL/GenKryptik.ALP trojan
C:\Program Files\Windows Portable Devices\DBXKDNGQEP\UVPLQXETKA.exe a variant of MSIL/GenKryptik.ALP trojan
C:\Program Files\Windows Sidebar\XFCSWRPWBQ\HHBYHELMNN.exe a variant of MSIL/GenKryptik.ALP trojan
C:\Program Files\Windows Sidebar\XFCSWRPWBQ\IJNINCZKSA.exe a variant of MSIL/GenKryptik.ALP trojan
C:\Program Files\Windows Sidebar\XFCSWRPWBQ\OYVAQFKMAN.exe a variant of MSIL/GenKryptik.ALP trojan
C:\Program Files (x86)\Common Files\Redtouch\uninstall.exe a variant of Win32/Toolbar.Linkury.AA potentially unwanted application
C:\Users\miss\AppData\Local\7a5a004ba7684e03b4395becd78146fe\RHRLFWXRQA.exe a variant of MSIL/Agent.RPJ trojan
C:\Users\miss\AppData\Local\Temp\AE6E471C\NOvwGfPpGp.exe a variant of Win32/Adware.Neoreklami.DY application
C:\Users\miss\AppData\Local\Temp\puxdoq1l.yil\hhueiqpii.exe a variant of Win32/Adware.Neoreklami.DY application
C:\Users\miss\AppData\Roaming\f3942175b44544988d3f06154fea3c85\EHQJWPUXLQ.exe a variant of MSIL/GenKryptik.ALP trojan
C:\Users\miss\AppData\Roaming\ThreatDataBase\tdget.exe a variant of MSIL/Adware.OxyPumper.AC application
C:\Users\miss\Downloads\Compressed\installer.zip a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Users\miss\Downloads\Programs\FFSetup4.1.0.0.exe Win32/FusionCore.L potentially unwanted application,Win32/FusionCore.N potentially unwanted application
 
 
I think the issue is solved because no new random tabs are opening anymore.
 
Please advise further.
Thanks


#6 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:57 PM

Posted 23 December 2017 - 11:45 AM

Hi,

 

 

Will you please re-run RKill and post the new logs.

 

I think, due to the types of threats that were detected, we should run a few more tests before we sing too loudly.

 

 

Thank you.

 

 

Kilt   :thumbup2: 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#7 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:57 PM

Posted 23 December 2017 - 12:01 PM

Once we are done with cleaning, it would be a very good idea to have a look through these Articles:

 

 

I'll have a good look through your logs and see what else we may need to do.

 

I would be cautious using that computer for any banking, purchase or related activity.

​Ensure that you change your Passwords to all sites, email etc.

​Check your banking details for unusual activity.

 

Some of the items tended to indicate that someone may have had Remote Access to you device or was trying to get it.

 

Please read this article for now:  How to remove a Trojan, Virus, Worm, or other Malware

It will give you a little more information about what has happened to your computer.

(Particularly read the sections toward the bottom of the page.)

 

I would also strongly suggest that you read this article when the computer is as clean as we can get it:

Simple and easy ways to keep your computer safe and secure on the Internet

 

 

 

Thank you.

 

 

 

 

Kilt   :thumbup2:

 

 

 

:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:

 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#8 jokey420

jokey420
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 23 December 2017 - 12:13 PM

Oh man, now I'm afraid by what you just told me. I will definitely go through them articles. Here's the log result from Rkill

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/23/2017 08:05:35 PM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 wemsofts.com
  127.0.0.1 bongadoom.com
  127.0.0.1 wepcmainsystem.com
  127.0.0.1 internalcampaigntargets.com
  127.0.0.1 bongadoom.com
  127.0.0.1 getthefilenow.com
  127.0.0.1 bigpicturepop.com
  127.0.0.1 wizzcaster.com
  127.0.0.1 bestoffersfortoday.com
  127.0.0.1 wepcmainsystem.com
  127.0.0.1 agent.wizztrakys.com
  127.0.0.1 csdimonetize.com
  127.0.0.1 dl.azalee.site
  127.0.0.1 titiaredh.com
  127.0.0.1 wepcdisplaysystem.com
  127.0.0.1 wepcanalyticsystem.com
  127.0.0.1 healthydownload.com
  127.0.0.1 leading2download.com
  127.0.0.1 dwl0.wizzlabs.com
  127.0.0.1 dwl1.wizzlabs.com
 
  20 out of 29 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 12/23/2017 08:09:11 PM
Execution time: 0 hours(s), 3 minute(s), and 36 seconds(s)
 
 
Advise further
Thanks


#9 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:57 PM

Posted 23 December 2017 - 12:41 PM

It does look as though we have some more work to do.

 

 

 

Download Malwarebytes Anti-Rootkit (MBAR) on to your desktop.

 

From Here: Malwarebytes Anti-Rootkit

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"



NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

 (My Thanks to Broni, Bleeping Computer Advisor for the use of the above, mostly pilfered without notice, MBAR Notes.

 

 

Then......

 

 

Finally, grab a copy of Malwarebytes(V. 3.3.1.2183.)

 

If you have Malwarebytes installed on your Machine, please do the following:

(Otherwise download Malwarebytes: HERE  and install it.)
 
*Note: It is not necessary to activate the trial unless you want to activate auto-scanning and extra features.
  • Start the Malwarebytes Application.
  • Open the Malwarebytes Dashboard.
  • Ensure that Malwarebytes is Updated to the Most Recent Definitions and Version.(Version Update may require license or Trial.)
 
 
Click Settings, then Application:
 
Enable the Following Options If Not Enabled:
(If you do not have a license or trial activated some options will not be able to be set.)
 
  • Automatically download and install application updates
  • Notify me when full version updates are available
  • Show Malwarebytes notifications in the Windows System Tray
  • Show Notifications when Real Time Protection settings are turned off
  • Set Manual Scans have high priority
  • Configure Proxy Server if you use one. (If you don't know what this means you likely don't. If in doubt, CHECK!)
 
 
Now switch to the Protection Tab and where possible Enable:
(The same license note as above applies here too.)
  • Web Protection
  • Exploit Protection
  • Malware Protection
  • Ransomware Protection
  • Scan for Rootkits.
  • Scan within Archives.
  • Use Signature-Less anomaly detection for increased protection
  • Always detect PUPs
  • Always detect PUMs
  • Automatically check for updates (Select Check every 15 Mins.)
  • Notify if time since last update exceeds 24 hours
  • Start Malwarebytes at Windows Startup
  • Enable Self Protection Module
  • Enable Self Protection Early Start
  • Automatically Quarantine detected Malware
 
I suggest, when in this situation, using Threat Scan. Select Scans Tab. Select all Drives(C: D: etc.,) and ensure scanning for Rootkits is enabled. (The Rootkit option MAY not be available to you if you haven't activated Trial, or, don't have a license.)
 
  • If you'd rather not Use Threat Scan, Return to Dashboard and Click Scan Now.
  • Once Scan is complete, please Ensure any Threats found are Selected and Removed.
  • Please obtain a copy of your Scan Report from the Reports section and Paste in to your Next Reply.
 

After that, I'd like you to run this Reporting Tool please:

 

 

Download MiniToolBox(By FARBAR) to your Desktop:  HERE

 

 

Right Click the Blue\Black MiniToolBox Icon and Select "Run as Administrator."

(The Tool will show Version: 17-06-2016 in the title bar.)

 

 

Select the following Check-boxes:

 

 

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings (Make sure IE is closed first please.)
  • Report FF Proxy Settings
  • Reset FF Proxy Settings (Make sure Firefox is closed first please.)
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (DO NOT change any settings for this - Only "Problems" should be set by Default.)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

 

Click the "Go" Button.

 

  • Report should Pop-Up on your Screen in Notepad after a short wait.
  • Please Copy an Paste the Report Contents into your Next Reply.

(If you accidentally "kill" the Notepad Report, all is not lost, it should be saved on your Desktop as MTB.txt)

 

 

​Then another Run of RKill with report please!

 

 

Would you mind letting me know if the text above is too small on your monitor please?

I'm just running a test to see how it turns out at your end. If you need me to re-post that's

not a problem.

 

 

I look forward to the results.

 

 

 

 

Kilt    :thumbup2: 

 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#10 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:57 PM

Posted 23 December 2017 - 01:55 PM

When you're done with pasting in the current scans, you need to do the things below to help prevent re-infection.

 

If you get stuck with any of the things I've outlined below, please post back here and I'll do my best to help.

 

Both the below suggestions are external links. The one for Chrome should take you to Chrome Support(Google.)

The one for the Hosts File should take you to a Microsoft Guide.

 

Here's a link to a guide on how to Reset Chromehttps://support.google.com/chrome/answer/3296214?hl=en

 

I reckon you're going to need to do it. Just make sure to ensure you've read all the details BEFORE you

perform the Reset. Ensure you've backed up any data you may risk losing if it's important to you.

As this is an external link, neither myself nor Bleeping Computer can accept any responsibility for

the advice given on that link. You assume all liability by accessing the link.

 

 

​I would also recommend that you Reset your Hosts File. Here is a link: How to reset the Hosts file back to the default - Microsoft Support

 

​I believe it's necessary as I've just checked some of the entries in your Hosts file on

issues. Several entries in your Hosts file indicate that it may cause your computer to

​be re-infected. You assume all liability by accessing the external links.

 

​Here's a link to one of the URLs I scanned in VirusTotal from your Hosts File: 

https://www.virustotal.com/#/url/9e455f0fdbc823e6f35c1781ad25ecd088df91187a6c9c70b9ead853c5c297e8/details

 

 

​Once you've successfully reset Chrome and Hosts I'd like you to Run RKill one more time

to ensure we've cleaned out all that we can. Please post the results back here.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#11 jokey420

jokey420
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 23 December 2017 - 05:09 PM

So I downloaded MBar and tried running it as an administrator but the same warning message appears saying it's blocked for hour protection. Message on a red screen, kind of warning message from windows I suppose. Btw I'm using windows 10.
So I logged in as an administrator and run it again and it is working and scan is goin on. So far 10 malware has been found. I'll post the result and will follow the procedure as you've instructed.
Many thanks, sir, once again for your kind help and guidance.

#12 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:57 PM

Posted 23 December 2017 - 05:15 PM

It's my pleasure to help out.

 

I look forward to the next batch of logs.

 

Just so you're aware, I'm going to have to take a break soon.

 

I'll try to hold on for MBAR logs at the least. So please post those before the remainder.

 

 

:thumbup2: 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#13 jokey420

jokey420
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 23 December 2017 - 06:43 PM

Hello again,

 

Here are the logs of the MBAR you asked for.

 

mbar-log-2017-12-24 (01-00-59)

 

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.12.23.11
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.1944.14393.0
Administrator :: ABDULLAH [administrator]
 
12/24/2017 1:00:59 AM
mbar-log-2017-12-24 (01-00-59).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 294340
Time elapsed: 52 minute(s), 33 second(s)
 
Memory Processes Detected: 8
C:\Applications\Service.exe (RiskWare.BitCoinMiner) -> 5480 -> Delete on reboot. [53b4ab823d6d8bab07f1c4537988c739]
C:\Applications\websock.exe (RiskWare.BitCoinMiner) -> 38204 -> Delete on reboot. [b94e5cd1b2f89f973a568b7f8d7448b8]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 35032 -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 42924 -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 44504 -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 22928 -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 21932 -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 34648 -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 132
HKLM\SOFTWARE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} (Adware.NeoBar) -> Delete on reboot. [83844ce1f6b4072f7978019c758c58a8]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} (Adware.NeoBar) -> Delete on reboot. [83844ce1f6b4072f7978019c758c58a8]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} (Adware.NeoBar) -> Delete on reboot. [83844ce1f6b4072f7978019c758c58a8]
HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} (Adware.NeoBar) -> Delete on reboot. [83844ce1f6b4072f7978019c758c58a8]
HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} (Adware.NeoBar) -> Delete on reboot. [83844ce1f6b4072f7978019c758c58a8]
HKLM\SOFTWARE\Texttotalk (Adware.Tuto4PC) -> Delete on reboot. [31d66dc0a6044de99677a04a6799d729]
HKLM\SOFTWARE\MICROSOFT\APreSam (Adware.Tuto4PC) -> Delete on reboot. [ab5cb677f1b93cfa8e5ee8eb867b1de3]
HKLM\SOFTWARE\MICROSOFT\MPrForShutT (Adware.Tuto4PC) -> Delete on reboot. [5cab5ad37238ad89a2ddb02358a9c53b]
HKLM\SOFTWARE\MICROSOFT\NSaveA (Adware.Tuto4PC) -> Delete on reboot. [6a9dff2e9a10f73ff49bbc182dd48f71]
HKLM\SOFTWARE\MICROSOFT\PrAmNP (Adware.Tuto4PC) -> Delete on reboot. [37d08f9ee4c665d1522a9935bc4519e7]
HKLM\SOFTWARE\MICROSOFT\PrIncub (Adware.Tuto4PC) -> Delete on reboot. [3acd61cc25850b2bd9581fb59968ff01]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3dcae04dddcd15210bc23e6e01007d83]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f5125dd02e7c51e56c91149ce71aac54]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [25e2c26ba703d5612300f5b8b948e21e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [759236f7affbeb4bfa98bcf2d1306799]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ab5c9a933d6dc670be94505eff02837d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7790210ca802171f4bc10ca306fb639d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [46c1c16ca406270f70681b95ff02d42c]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4bbcb27bc9e1c3732afca30d986909f7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [36d1e14c0e9c23139d9b6448f50c43bd]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ee192607802a47ef09bdad013cc58d73]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4abda9845b4fea4c14397b353fc22cd4]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [31d641ec25850b2b4a149c145ba67b85]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9b6c9895a307da5c09c3c7e5c53cdf21]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [74932508e8c2c373dc48ddd30df420e0]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [91763feedcced0669cf359561fe2f010]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [24e3c26b406aab8bf880a10ca65bd52b]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [37d0999402a880b6727e6e40798860a0]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [39ce9f8ed3d74aecab0748678c756c94]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fa0dcb62adfd10266521307f45bc09f7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [65a2c5682387999deaa71698da27b14f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ec1b5ad3cddd34024aee129f47baf30d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a562c06d7733d066faada7078d74d62a]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [49bee44901a953e3c21df9b559a829d7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2ed9e746bdedfd3962520ba558a9fd03]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b7508f9e921842f43b53bcf451b0c937]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [48bfa489a208e353fe537a34de23b050]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [000744e90f9be056357cd1de9b663cc4]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9f6830fd624866d01d1e4b649c65669a]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [887fc26bb5f51c1a3e852888f20f0cf4]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30d7b9744268d6605ae2cce32dd401ff]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d037fa33d5d5ca6cfa81e4cce51c8c74]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d23559d45e4c73c30549a20d758ccc34]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9a6d1b127733d462afcd565a3bc63fc1]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b255230ad2d886b09641298743be20e0]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [59ae74b903a7b58138df169be21f7888]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [63a4d15c0f9b80b6d5b958575ea3d828]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30d78e9fccde0e28f2d7ebc4e819ce32]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [60a73bf245651323a149832de41d6799]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7691ca63f5b51521a9bbf1bd4fb2ef11]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4dba39f41d8da690031f119d31d0ac54]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [af58121b941644f2021f4566c53c2ad6]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4fb81c1117937cba0ab7d3da47baef11]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [62a5d15c5951c67039b9852af60b9769]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3dcab07de6c40d29e045c9e7cc35966a]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [45c224094b5fdb5bd3e02a85679a59a7]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{124FDC8F-1861-4C17-A4D4-16573351F402} (Trojan.FakeGoogle) -> Delete on reboot. [dc2bc568b3f7a492fb0203b2bb45b64a]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{231F11C8-DC6B-4598-A2A3-2F982A31A5E5} (Trojan.FakeGoogle) -> Delete on reboot. [52b561ccbceee74f6796d6dfba46dc24]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7107D945-0982-43CD-83D2-2513DEA7B673} (Trojan.FakeGoogle) -> Delete on reboot. [d730919c8f1bc07619e45c59dc24cc34]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7C7EB869-C086-4247-9AFB-8530CF1AAA8B} (Trojan.FakeGoogle) -> Delete on reboot. [a85fed402189b38346b77f360ef219e7]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8B99F04E-FD3B-4EBD-9108-2EED9F4E767D} (Trojan.FakeGoogle) -> Delete on reboot. [39ce5bd2406a7bbbf00db0057c842bd5]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8DEB4702-799C-492A-B37D-E2FE4FBA4585} (Trojan.FakeGoogle) -> Delete on reboot. [f80fa984426820168b72f2c325dbf60a]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ABF9C5F8-A244-44DB-BF62-D2A0AE5A87AE} (Trojan.FakeGoogle) -> Delete on reboot. [7592bb72bfeb072fb4499c1930d0b14f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C39272FC-3658-400D-B997-724A57C16046} (Trojan.FakeGoogle) -> Delete on reboot. [c93e97963d6da096e914516423dd6d93]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E3117A8D-43F9-4E53-B159-23C2391E9485} (Trojan.BitCoinMiner) -> Delete on reboot. [6a9d07263e6cc076b6b3417a57aac23e]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E895D807-55B4-41C8-AB91-960F8B04CA17} (Trojan.FakeGoogle) -> Delete on reboot. [eb1cc667dad0c27437c62a8b17e9cc34]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F312547A-7DED-4151-BCB5-56BEAD9E6832} (Trojan.FakeGoogle) -> Delete on reboot. [d43330fda1091d19cf2ea015c937a858]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F53A0D20-7265-40BD-8A93-F3F0EC58C0B6} (Trojan.FakeGoogle) -> Delete on reboot. [828556d77f2bd95d7b829520ec140ef2]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_GG (Trojan.FakeGoogle) -> Delete on reboot. [e126a18cc6e4cf6762c6c9eba06022de]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_HI (Trojan.FakeGoogle) -> Delete on reboot. [dc2b7eaf09a168ce0a1ee3d1857bc53b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_KH (Trojan.FakeGoogle) -> Delete on reboot. [61a639f4a50591a5b2763d776d93df21]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_KK (Trojan.FakeGoogle) -> Delete on reboot. [0dfa919c75351a1c76b26b4919e74cb4]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_KW (Trojan.FakeGoogle) -> Delete on reboot. [ab5cf53811996ccaa781249042be0bf5]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_LT (Trojan.FakeGoogle) -> Delete on reboot. [f710220b9416d85e1117eaca32ce4db3]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_MY (Trojan.FakeGoogle) -> Delete on reboot. [ae59181551597abcca5ea60e45bb07f9]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_RJ (Trojan.FakeGoogle) -> Delete on reboot. [a166c5687c2e1d19c068d5df78887a86]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_TB (Trojan.FakeGoogle) -> Delete on reboot. [cb3cde4fc0ea70c645e35064db25b749]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_VH (Trojan.FakeGoogle) -> Delete on reboot. [15f21617802aab8b51d7d3e1d42c837d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_WV (Trojan.FakeGoogle) -> Delete on reboot. [66a179b46941cc6aab7d7b395ba5e917]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ShadowsocksS (Trojan.BitCoinMiner) -> Delete on reboot. [18eff8359c0e1323ac90e1240ef3b34d]
HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application (Adware.OnlineIO) -> Delete on reboot. [e126f03d6c3e95a1dab0df9f18e97789]
HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application (Adware.OnlineIO) -> Delete on reboot. [c4430b22d9d176c06228295508f9f60a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c641bd70f5b52c0a6c613478a06155ab]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [798e06271f8b2610bd40cee228d9619f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8e7945e84f5b4cea7fa48429da27b947]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4dbafe2f604af14581115d5143bed828]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [db2cc26bd5d513236ce6f0beb74ac937]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [689f69c4664434020903e5ca45bcfe02]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [db2c16175f4bf93d1cbc9e12728f41bf]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e12647e601a92016d452d1df17ea50b0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e72087a6b6f4201691a79517a55cf40c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1fe8e04d46641f1783437539ae5360a0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c5428ba2307a54e2e568efc14ab708f8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3ec9af7edccefd391e407d337a873cc4]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e027e34ab0fa0a2ca626b6f680816e92]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [97706dc05159241233f15d5358a9bf41]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [18efb87595159e98eaa5ebc47c85f709]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [40c73cf12b7fd46296e2a607e1204bb5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [50b7260736744aec648cb2fcfa0725db]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7c8b4fdec3e7ce68d7db842bdc2530d0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f710a489ecbe9a9c3c4a248b818009f7]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d13672bbefbb191df39e26887e833bc5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [50b783aa416955e1a98f169be120b54b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [62a50f1eddcd3bfb396ebcf2f30ee31d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ba4d83aadad0fe38766927874bb63fc1]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [996edb520b9f35012f851898a25f6e92]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3ec90d20595174c2bfcf723ef11032ce]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4cbb002d01a9b680123ff6b87d841ce4]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8b7c0726a307c373ddd4812eba47bc44]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5aadb37a78322a0c7bc08a25798843bd]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [000764c90f9bb5812f94951b42bf6b95]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1aedde4fcdddf34386b6327d827f25db]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9077220b09a166d0bcbfb000f50cdc24]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4dbab37adcce84b2212dffb038c97888]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b453df4e4763191d7dffc2ee7e83817f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [17f050ddc6e49d99f8df357b877af709]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [917674b9b6f49d999c7b58596c95ee12]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fc0ba18cedbd7eb84648bff0c0411fe1]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ea1d939af4b62b0b3d8ce0cf12ef2bd5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [31d6909d1b8f92a4f4f61f91ec15f907]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ac5bef3ee9c183b364009a14966b08f8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [da2dcf5e555566d058ca7c329869f808]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0bfc4fde3a70bd790021c4e74eb3d42c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fa0d49e409a1122404bdf0bdb34ec33d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [63a4f33a505a79bd51a15b54ed14728e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [eb1c49e42981d066aa7b565a55acf50b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [986ff637bceee55190234f60cc35a858]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564 (Adware.DNSUnlocker.ACMB2) -> Delete on reboot. [d037cf5ed1d990a6d8a14d5f9868a45c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507} (Adware.MultiPlug) -> Delete on reboot. [fb0ca588c5e514226720e549c23f718f]
HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\MPrForShutT (Adware.Tuto4PC) -> Delete on reboot. [a06781acd2d83bfb43f83cbf7d85a55b]
HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\BIGTIME (Adware.Tuto4PC) -> Delete on reboot. [87809598feac9b9b5b9a3259010042be]
HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\EWMON (Adware.Tuto4PC) -> Delete on reboot. [4bbccd6063473600ce6433ad20e2f50b]
 
Registry Values Detected: 15
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{124FDC8F-1861-4C17-A4D4-16573351F402}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_WV -> Delete on reboot. [dc2bc568b3f7a492fb0203b2bb45b64a]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{231F11C8-DC6B-4598-A2A3-2F982A31A5E5}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_HI -> Delete on reboot. [52b561ccbceee74f6796d6dfba46dc24]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7107D945-0982-43CD-83D2-2513DEA7B673}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_LT -> Delete on reboot. [d730919c8f1bc07619e45c59dc24cc34]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7C7EB869-C086-4247-9AFB-8530CF1AAA8B}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_GG -> Delete on reboot. [a85fed402189b38346b77f360ef219e7]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8B99F04E-FD3B-4EBD-9108-2EED9F4E767D}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_KH -> Delete on reboot. [39ce5bd2406a7bbbf00db0057c842bd5]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8DEB4702-799C-492A-B37D-E2FE4FBA4585}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_KW -> Delete on reboot. [f80fa984426820168b72f2c325dbf60a]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ABF9C5F8-A244-44DB-BF62-D2A0AE5A87AE}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_VH -> Delete on reboot. [7592bb72bfeb072fb4499c1930d0b14f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C39272FC-3658-400D-B997-724A57C16046}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_TB -> Delete on reboot. [c93e97963d6da096e914516423dd6d93]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E3117A8D-43F9-4E53-B159-23C2391E9485}|Path (Trojan.BitCoinMiner) -> Data: \ShadowsocksS -> Delete on reboot. [6a9d07263e6cc076b6b3417a57aac23e]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E895D807-55B4-41C8-AB91-960F8B04CA17}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_KK -> Delete on reboot. [eb1cc667dad0c27437c62a8b17e9cc34]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F312547A-7DED-4151-BCB5-56BEAD9E6832}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_MY -> Delete on reboot. [d43330fda1091d19cf2ea015c937a858]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F53A0D20-7265-40BD-8A93-F3F0EC58C0B6}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_RJ -> Delete on reboot. [828556d77f2bd95d7b829520ec140ef2]
HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\BIGTIME|partner (Adware.Tuto4PC) -> Data: marketator -> Delete on reboot. [87809598feac9b9b5b9a3259010042be]
HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\EWMON|partner (Adware.Tuto4PC) -> Data: ya3tek nam w 7arra 3dham w hani n3allem fik fi sab ya mnayek ya far5 le7ram -> Delete on reboot. [4bbccd6063473600ce6433ad20e2f50b]
HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|479636 (Adware.Tuto4PC.Generic) -> Data: "C:\Users\miss\AppData\Roaming\tenoxwgj43f\os4mvyvyo54.exe" /VERYSILENT -> Delete on reboot. [769174b9604a23133c0f784cf11026da]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 16
C:\Program Files (x86)\Microleaves\Online Application (Adware.OnlineIO) -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0 (Adware.OnlineIO) -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves (Adware.OnlineIO) -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Users\miss\AppData\Roaming\f3942175b44544988d3f06154fea3c85 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [fe097eafeac0eb4bf7cdd3eb22dffa06]
C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [1cebfd30ddcdb482c3018e304fb24bb5]
C:\Users\miss\AppData\Local\39ead239a7fc42d9b56c0c5cd3cebc59 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [08ffd558c5e56ec8604f9b2a6e93a759]
C:\Users\miss\AppData\Local\3d22f80338654a60bb5d1e7592d03348 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [1fe866c7f4b6ca6c426df4d15da447b9]
C:\Users\miss\AppData\Local\7a5a004ba7684e03b4395becd78146fe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c04748e51892d0660ea104c1b051659b]
C:\Users\miss\AppData\Roaming\Microleaves (Adware.OnlineIO) -> Delete on reboot. [90775ad3c0ea53e3c61c9ae721e011ef]
C:\Users\miss\AppData\Roaming\Microleaves\Online Application 2.7.0 (Adware.OnlineIO) -> Delete on reboot. [90775ad3c0ea53e3c61c9ae721e011ef]
C:\Users\miss\AppData\Roaming\Microleaves\Online Application 2.7.0\install (Adware.OnlineIO) -> Delete on reboot. [90775ad3c0ea53e3c61c9ae721e011ef]
C:\Users\miss\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1 (Adware.OnlineIO) -> Delete on reboot. [90775ad3c0ea53e3c61c9ae721e011ef]
C:\ProgramData\Microleaves (Adware.OnlineIO) -> Delete on reboot. [4cbb022b5b4f3ff702e01e630ef3966a]
C:\ProgramData\Microleaves\Online Application (Adware.OnlineIO) -> Delete on reboot. [4cbb022b5b4f3ff702e01e630ef3966a]
C:\ProgramData\Microleaves\Online Application\updates (Adware.OnlineIO) -> Delete on reboot. [4cbb022b5b4f3ff702e01e630ef3966a]
C:\Program Files (x86)\Common Files\Redtouch (Adware.Linkury.TskLnk) -> Delete on reboot. [b156cf5ed1d95dd954f727d0b54bff01]
 
Files Detected: 48
C:\Applications\Service.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [53b4ab823d6d8bab07f1c4537988c739]
C:\Applications\websock.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [b94e5cd1b2f89f973a568b7f8d7448b8]
C:\Program Files\Total Clock\Total Clock.Vdll (Trojan.Wdfload.TskLnk) -> Delete on reboot. [808799942585c571bcd9a70dde2236ca]
C:\Users\miss\AppData\Local\Temp\is-6A0CD.tmp\os4mvyvyo54.tmp (Trojan.Agent) -> Delete on reboot. [798ec96468421026a39510b1020035cb]
C:\Users\miss\AppData\Local\Temp\is-CSRK7.tmp\os4mvyvyo54.tmp (Trojan.Agent) -> Delete on reboot. [d631fd30e2c87cbaee4aa71aed156898]
C:\Users\miss\AppData\Local\Temp\is-MH1OJ.tmp\os4mvyvyo54.tmp (Trojan.Agent) -> Delete on reboot. [fa0deb42109a4de976c25b6639c9dd23]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_GG (Trojan.FakeGoogle) -> Delete on reboot. [0afdca6307a31c1a98d4981c907009f7]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_HI (Trojan.FakeGoogle) -> Delete on reboot. [77901b122783e6503a32b7fd2cd404fc]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_KH (Trojan.FakeGoogle) -> Delete on reboot. [bd4a5cd1feac53e36a02f7bdad539b65]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_KK (Trojan.FakeGoogle) -> Delete on reboot. [25e219144565270fcaa26a4a6a96f709]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_KW (Trojan.FakeGoogle) -> Delete on reboot. [6b9ce34a5f4b53e3e587575dba4651af]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_LT (Trojan.FakeGoogle) -> Delete on reboot. [e225be6f6446b68075f7e3d136cae21e]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_MY (Trojan.FakeGoogle) -> Delete on reboot. [a85fc6674b5f44f2abc1c1f324dce020]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_RJ (Trojan.FakeGoogle) -> Delete on reboot. [c14664c9f8b282b427455a5a13ed33cd]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_TB (Trojan.FakeGoogle) -> Delete on reboot. [1fe864c926843ff7175505afca36817f]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_VH (Trojan.FakeGoogle) -> Delete on reboot. [50b715187c2ecd699eced6de2cd41de3]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_WV (Trojan.FakeGoogle) -> Delete on reboot. [ed1ae7465a5036008ede7a3a38c835cb]
C:\WinSys\sysConfig.bat (Trojan.BitCoinMiner) -> Delete on reboot. [16f160cd9c0ec76f94e38bb0ef129e62]
C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe (Adware.OnlineIO) -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini (Adware.OnlineIO) -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url (Adware.OnlineIO) -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url (Adware.OnlineIO) -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk (Adware.OnlineIO) -> Delete on reboot. [66a19697c6e437ff204d5529c140b14f]
C:\Windows\System32\Tasks\ShadowsocksS (Trojan.BitCoinMiner) -> Delete on reboot. [d43384a97535e254d844803922df9868]
C:\Users\miss\AppData\Roaming\f3942175b44544988d3f06154fea3c85\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [fe097eafeac0eb4bf7cdd3eb22dffa06]
C:\Users\miss\AppData\Roaming\f3942175b44544988d3f06154fea3c85\EHQJWPUXLQ.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [fe097eafeac0eb4bf7cdd3eb22dffa06]
C:\Users\miss\AppData\Roaming\f3942175b44544988d3f06154fea3c85\EHQJWPUXLQ.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [fe097eafeac0eb4bf7cdd3eb22dffa06]
C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [1cebfd30ddcdb482c3018e304fb24bb5]
C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85\IDRSOAURUE.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [1cebfd30ddcdb482c3018e304fb24bb5]
C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85\IDRSOAURUE.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [1cebfd30ddcdb482c3018e304fb24bb5]
C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85\IDRSOAURUE.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [1cebfd30ddcdb482c3018e304fb24bb5]
C:\Users\miss\AppData\Local\39ead239a7fc42d9b56c0c5cd3cebc59\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [08ffd558c5e56ec8604f9b2a6e93a759]
C:\Users\miss\AppData\Local\39ead239a7fc42d9b56c0c5cd3cebc59\ILJIYLTXWE.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [08ffd558c5e56ec8604f9b2a6e93a759]
C:\Users\miss\AppData\Local\39ead239a7fc42d9b56c0c5cd3cebc59\ILJIYLTXWE.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [08ffd558c5e56ec8604f9b2a6e93a759]
C:\Users\miss\AppData\Local\3d22f80338654a60bb5d1e7592d03348\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [1fe866c7f4b6ca6c426df4d15da447b9]
C:\Users\miss\AppData\Local\3d22f80338654a60bb5d1e7592d03348\FPGIQQQMAD.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [1fe866c7f4b6ca6c426df4d15da447b9]
C:\Users\miss\AppData\Local\3d22f80338654a60bb5d1e7592d03348\FPGIQQQMAD.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [1fe866c7f4b6ca6c426df4d15da447b9]
C:\Users\miss\AppData\Local\7a5a004ba7684e03b4395becd78146fe\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c04748e51892d0660ea104c1b051659b]
C:\Users\miss\AppData\Local\7a5a004ba7684e03b4395becd78146fe\RHRLFWXRQA.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c04748e51892d0660ea104c1b051659b]
C:\Users\miss\AppData\Local\7a5a004ba7684e03b4395becd78146fe\RHRLFWXRQA.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c04748e51892d0660ea104c1b051659b]
C:\Windows\System32\drivers\vtuiso.sys (PUP.Optional.MirageISO) -> Delete on reboot. [b005c812951996b8450883a5d61fcfef]
C:\Users\Public\Desktop\Download 2016 Crack Ful...lnk (Trojan.Agent.Trace) -> Delete on reboot. [828557d67238b77f87e453329a68bc44]
C:\Users\miss\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi (Adware.OnlineIO) -> Delete on reboot. [90775ad3c0ea53e3c61c9ae721e011ef]
C:\ProgramData\Microleaves\Online Application\updates\basic_updates.aiu (Adware.OnlineIO) -> Delete on reboot. [4cbb022b5b4f3ff702e01e630ef3966a]
C:\Program Files (x86)\Common Files\Redtouch\InstallationConfiguration.xml (Adware.Linkury.TskLnk) -> Delete on reboot. [b156cf5ed1d95dd954f727d0b54bff01]
C:\Program Files (x86)\Common Files\Redtouch\uninstall.dat (Adware.Linkury.TskLnk) -> Delete on reboot. [b156cf5ed1d95dd954f727d0b54bff01]
C:\Program Files (x86)\Common Files\Redtouch\uninstall.ico (Adware.Linkury.TskLnk) -> Delete on reboot. [b156cf5ed1d95dd954f727d0b54bff01]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
system-log
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.14393 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.1944.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 4194488320, free: 638033920
 
Downloaded database version: v2017.12.23.11
Downloaded database version: v2017.11.28.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/24/2017 01:00:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\HalExtIntcLpioDma.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\SeLow_x64.sys
\SystemRoot\system32\drivers\vtuiso.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\cnnctfy2.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6387ED10-2910-41D2-935E-DBE049378E8F}\MpKslad54936a.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\Neo_VPN.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\iaLPSSi_GPIO.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\iaLPSSi_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\DellRbtn.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\system32\drivers\DDDriver64Dcsa.sys
\SystemRoot\system32\drivers\DellProf.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\SynRMIHID.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET Security\Modules\em000k_64\1012\em000k_64.dll
\??\C:\Program Files\ESET\ESET Security\Modules\em006_64\1169\em006_64.dll
\??\C:\Program Files\ESET\ESET Security\Modules\em018k_64\1515\em018k_64.dll
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0CEE8712-8CB9-4451-A001-9CF8ACA8792F}\MpKsl24bc285a.sys
\SystemRoot\System32\cdd.dll
\??\C:\WINDOWS\system32\drivers\5626A1CF.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.12.23.11
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffac8043ffd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffac8043ffdae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffac8043ffd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffac8042981e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffac80429807c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffac8041fea060, DeviceName: \Device\00000033\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 807146C5
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3135705781
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 4578536f-4349-4ba5-91f1-9555afae3274
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3135705781
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 4578536f-4349-4ba5-91f1-9555afae3274
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID a5326e08-13c9-4fd1-81ea-1ba55e9bf4c1
    FirstLBA 2048  Last LBA 1026047
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965
    Partition ID 72927b90-a483-4681-989e-31a53f7ad26f
    FirstLBA 1026048  Last LBA 1107967
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 53a4cfcf-6a32-4a29-ac5d-f89b876ddcd
    FirstLBA 1107968  Last LBA 1370111
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a7caa83f-487b-43a6-b9a1-a84a583de86
    FirstLBA 1370112  Last LBA 2906111
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 8698a72d-5c01-498b-8e9b-91eb5566296d
    FirstLBA 2906112  Last LBA 960817151
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f7873918-f78e-4e47-81d1-4846749e43b2
    FirstLBA 960817152  Last LBA 961738751
    Attributes 1
    Partition Name                                     
 
    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID ffbe8fd1-9158-4450-a91d-145eafe89935
    FirstLBA 961738752  Last LBA 976771119
    Attributes 1
    Partition Name         Microsoft recovery partition
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Applications\Service.exe --> [RiskWare.BitCoinMiner]
Infected: C:\Applications\Service.exe --> [RiskWare.BitCoinMiner]
Infected: C:\Applications\websock.exe --> [RiskWare.BitCoinMiner]
Infected: C:\Applications\websock.exe --> [RiskWare.BitCoinMiner]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: C:\Program Files\Total Clock\Total Clock.Vdll --> [Trojan.Wdfload.TskLnk]
Infected: C:\Users\miss\AppData\Local\Temp\is-6A0CD.tmp\os4mvyvyo54.tmp --> [Trojan.Agent]
Infected: C:\Users\miss\AppData\Local\Temp\is-CSRK7.tmp\os4mvyvyo54.tmp --> [Trojan.Agent]
Infected: C:\Users\miss\AppData\Local\Temp\is-MH1OJ.tmp\os4mvyvyo54.tmp --> [Trojan.Agent]
File "C:\Users\miss\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-2D07FA51A7B2DF950BC2DA0E5457EBC9D5BE87D9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-2D07FA51A7B2DF950BC2DA0E5457EBC9D5BE87D9.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-2D07FA51A7B2DF950BC2DA0E5457EBC9D5BE87D9.bin.83" is compressed (flags = 1)
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_GG --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_HI --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_KH --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_KK --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_KW --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_LT --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_MY --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_RJ --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_TB --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_VH --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_WV --> [Trojan.FakeGoogle]
Infected: C:\WinSys\sysConfig.bat --> [Trojan.BitCoinMiner]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0 --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves --> [Adware.OnlineIO]
Infected: C:\Windows\System32\Tasks\ShadowsocksS --> [Trojan.BitCoinMiner]
Infected: C:\Users\miss\AppData\Roaming\f3942175b44544988d3f06154fea3c85\chipset.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Roaming\f3942175b44544988d3f06154fea3c85 --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Roaming\f3942175b44544988d3f06154fea3c85\EHQJWPUXLQ.cmd --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Roaming\f3942175b44544988d3f06154fea3c85\EHQJWPUXLQ.exe.config --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85\chipset.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85 --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85\IDRSOAURUE.cmd --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85\IDRSOAURUE.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\bc6b0307b21c4327a1069196e6f0ee85\IDRSOAURUE.exe.config --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\39ead239a7fc42d9b56c0c5cd3cebc59\chipset.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\39ead239a7fc42d9b56c0c5cd3cebc59 --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\39ead239a7fc42d9b56c0c5cd3cebc59\ILJIYLTXWE.cmd --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\39ead239a7fc42d9b56c0c5cd3cebc59\ILJIYLTXWE.exe.config --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\3d22f80338654a60bb5d1e7592d03348\chipset.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\3d22f80338654a60bb5d1e7592d03348 --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\3d22f80338654a60bb5d1e7592d03348\FPGIQQQMAD.cmd --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\3d22f80338654a60bb5d1e7592d03348\FPGIQQQMAD.exe.config --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\7a5a004ba7684e03b4395becd78146fe\chipset.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\7a5a004ba7684e03b4395becd78146fe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\7a5a004ba7684e03b4395becd78146fe\RHRLFWXRQA.cmd --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\miss\AppData\Local\7a5a004ba7684e03b4395becd78146fe\RHRLFWXRQA.exe.config --> [Trojan.BitCoinMiner.TskLnk]
File C:\Windows\System32\drivers\vtuiso.sys will be destroyed
Infected: C:\Windows\System32\drivers\vtuiso.sys --> [PUP.Optional.MirageISO]
Infected: C:\Users\Public\Desktop\Download 2016 Crack Ful...lnk --> [Trojan.Agent.Trace]
Infected: HKLM\SOFTWARE\Texttotalk --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\APreSam --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\MPrForShutT --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\NSaveA --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\PrAmNP --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\PrIncub --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{124FDC8F-1861-4C17-A4D4-16573351F402}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{124FDC8F-1861-4C17-A4D4-16573351F402} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{231F11C8-DC6B-4598-A2A3-2F982A31A5E5}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{231F11C8-DC6B-4598-A2A3-2F982A31A5E5} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7107D945-0982-43CD-83D2-2513DEA7B673}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7107D945-0982-43CD-83D2-2513DEA7B673} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7C7EB869-C086-4247-9AFB-8530CF1AAA8B}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7C7EB869-C086-4247-9AFB-8530CF1AAA8B} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8B99F04E-FD3B-4EBD-9108-2EED9F4E767D}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8B99F04E-FD3B-4EBD-9108-2EED9F4E767D} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8DEB4702-799C-492A-B37D-E2FE4FBA4585}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8DEB4702-799C-492A-B37D-E2FE4FBA4585} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ABF9C5F8-A244-44DB-BF62-D2A0AE5A87AE}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ABF9C5F8-A244-44DB-BF62-D2A0AE5A87AE} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C39272FC-3658-400D-B997-724A57C16046}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C39272FC-3658-400D-B997-724A57C16046} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E3117A8D-43F9-4E53-B159-23C2391E9485}|Path --> [Trojan.BitCoinMiner]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E3117A8D-43F9-4E53-B159-23C2391E9485} --> [Trojan.BitCoinMiner]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E895D807-55B4-41C8-AB91-960F8B04CA17}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E895D807-55B4-41C8-AB91-960F8B04CA17} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F312547A-7DED-4151-BCB5-56BEAD9E6832}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F312547A-7DED-4151-BCB5-56BEAD9E6832} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F53A0D20-7265-40BD-8A93-F3F0EC58C0B6}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F53A0D20-7265-40BD-8A93-F3F0EC58C0B6} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_GG --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_HI --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_KH --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_KK --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_KW --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_LT --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_MY --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_RJ --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_TB --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_VH --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_WV --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ShadowsocksS --> [Trojan.BitCoinMiner]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application --> [Adware.OnlineIO]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application --> [Adware.OnlineIO]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564 --> [Adware.DNSUnlocker.ACMB2]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507} --> [Adware.MultiPlug]
Infected: HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\MPrForShutT --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\BIGTIME|partner --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\BIGTIME --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\EWMON|partner --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\EWMON --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-583949156-2147811715-4202427005-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|479636 --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\miss\AppData\Roaming\Microleaves --> [Adware.OnlineIO]
Infected: C:\Users\miss\AppData\Roaming\Microleaves\Online Application 2.7.0 --> [Adware.OnlineIO]
Infected: C:\Users\miss\AppData\Roaming\Microleaves\Online Application 2.7.0\install --> [Adware.OnlineIO]
Infected: C:\Users\miss\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1 --> [Adware.OnlineIO]
Infected: C:\Users\miss\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi --> [Adware.OnlineIO]
Infected: C:\ProgramData\Microleaves --> [Adware.OnlineIO]
Infected: C:\ProgramData\Microleaves\Online Application --> [Adware.OnlineIO]
Infected: C:\ProgramData\Microleaves\Online Application\updates --> [Adware.OnlineIO]
Infected: C:\ProgramData\Microleaves\Online Application\updates\basic_updates.aiu --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Common Files\Redtouch\InstallationConfiguration.xml --> [Adware.Linkury.TskLnk]
Infected: C:\Program Files (x86)\Common Files\Redtouch --> [Adware.Linkury.TskLnk]
Infected: C:\Program Files (x86)\Common Files\Redtouch\uninstall.dat --> [Adware.Linkury.TskLnk]
Infected: C:\Program Files (x86)\Common Files\Redtouch\uninstall.ico --> [Adware.Linkury.TskLnk]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action reg.exe...
Success!
Queuing an action reg.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Queuing an action reg.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
Just FYI, when the option of clean appeared at the end of MBAR result there was one option of "create restore point"and it was checked so I didn't change it and went on with it.

 

Now I'm gonna go to the next step of downloading Malwarebytes like you instructed earlier.



#14 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:57 PM

Posted 23 December 2017 - 07:09 PM

I'll go over your logs again once I've had some rest.

 

I wouldn't say you're clean by any means.

 

Please remove any "Torrent" or similar software. That is likely the source of the infections.

 

Also ensure that any Keygens, Cracks, Pirated software or similar is removed!!

 

I would minimize your time online until I've had time to assess your situation further. That may not be until after my Christmas which starts in 14 hours +/-

 

Do not under any circumstances even consider using that computer for any Financial Transactions or Banking.

Try to only come online to check for replies here.

 

Have a Great Christmas in case I don't get back to you beforehand.

 

Cheers,

 

 

Kilt    :thumbup2: 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#15 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:57 PM

Posted 23 December 2017 - 07:14 PM

In  the meantime, please read the article below:

 

 

How Malware Spreads - How your system gets infected

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users