Advaicha

CLOSED Not removed malware

Recommended Posts

Hello,

The EEK scan shows what looks to be several detections on the part of the BitDefender scan engine.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
GroupPolicy\User: Restriction <==== ATTENTION
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
FF Extension: (Avast SafePrice) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\midzfgqd.default\Extensions\[email protected] [2018-03-03]
FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\midzfgqd.default\Extensions\[email protected] [2018-03-03]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-03] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-03] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-03] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-03] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-03] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-03-03] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-03] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-03] (AVAST Software)
R0 AswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-03] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-03] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-03] (AVAST Software)
2018-03-03 20:10 - 2018-03-04 01:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-03-03 20:10 - 2018-03-03 20:10 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-03-03 20:10 - 2018-03-03 20:09 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-03 20:10 - 2018-03-03 20:09 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdf047a84f4977926.tmp
2018-03-03 20:10 - 2018-03-03 20:09 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw90c8df472fe28d14.tmp
2018-03-03 20:10 - 2018-03-03 20:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-03 20:10 - 2018-03-03 20:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\asweb5455ed957d79ca.tmp
2018-03-03 20:10 - 2018-03-03 20:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\asw516e23bf5343d706.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-03 20:09 - 2018-03-03 20:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw40efb510218d273b.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 5ac67d32c877653.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-03 20:09 - 2018-03-03 20:09 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6062c59b02a94479.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1b9073c46d4753ee.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-03 20:09 - 2018-03-03 20:09 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa0e58f1548e7adc8.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw36ca59503d7244a4.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-03 20:09 - 2018-03-03 20:09 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb48f564c23a28013.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\asw633f452f1cfbbb37.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-03 20:09 - 2018-03-03 20:09 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa2e0684860a02317.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1b88f799cd22136b.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-03 20:09 - 2018-03-03 20:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe6c885968f121b51.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw753abbc460563984.tmp
2018-03-03 20:09 - 2018-03-03 20:09 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-03-03 20:09 - 2018-03-03 20:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-03 20:09 - 2018-03-03 20:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw39248663ecd2c5db.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1b8e291208c5234c.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf1f4697e880de45b.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-03-03 20:09 - 2018-03-03 20:08 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7e6fc7db4e94da2a.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf756a9e3914cc9d7.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-03-03 20:09 - 2018-03-03 20:08 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\asw   ba4e8e8132ecb.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-03 20:09 - 2018-03-03 20:08 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswfe000c8c9c0da683.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc112bb5262ad66f8.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdcc522e073449aef.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-03-03 20:09 - 2018-03-03 20:08 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\asw98251f8b9c8cfebd.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-03-03 20:09 - 2018-03-03 20:08 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2cda71055680455a.tmp
2018-03-03 20:09 - 2018-03-03 20:08 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 1477885b7caf7c3.tmp
2018-03-03 20:08 - 2018-03-03 20:08 - 000000000 ____D C:\Program Files\AVAST Software
2018-03-03 20:07 - 2018-03-03 20:09 - 000000000 ____D C:\ProgramData\AVAST Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} =>  -> No File
ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} =>  -> No File
ContextMenuHandlers2-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} =>  -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers6-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} =>  -> No File
Task: {95826717-F303-49EC-9B9E-D47A72C07F69} - System32\Tasks\MRT => C:\Users\user\AppData\Local\Temp\csrss\mrt.exe <==== ATTENTION
Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Users\user\AppData\Local\Temp\csrss\mrt.exe
C:\Users\user\AppData\Local\Temp\csrss

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: F - F:\Lenovo_Suite.exe
HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {08d8fca9-cbd5-11e7-9126-eca86b5a4742} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {4eeade74-3bf9-11e7-8619-eca86b5a4742} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {ccea3de9-1637-11e7-aa4b-eca86b5a4742} - G:\CDCheck.exe
HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {ccea3ded-1637-11e7-aa4b-eca86b5a4742} - H:\CDCheck.exe
HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {dccd81d6-03e3-11e7-aab5-eca86b5a4742} - F:\autorun.exe
2018-02-27 00:18 - 2018-02-27 00:18 - 000000000 ___HD C:\Windows\rss
2018-02-27 00:18 - 2018-02-27 00:18 - 001527488 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\dbghelp.dll
2018-02-27 00:18 - 2018-02-27 00:18 - 000167616 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\symsrv.dll
ContextMenuHandlers2-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} =>  -> No File
ContextMenuHandlers6-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} =>  -> No File
Task: {79DB3115-5B38-40A8-A907-4BDC66ED160F} - \Avast Software\Overseer -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [462]
C:\Users\user\AppData\Roaming\Passware
C:\Users\user\AppData\Local\Temp\48414660
C:\Users\user\AppData\Local\Temp\nsi9127.tmp
C:\Users\user\AppData\Local\Temp\wup
C:\Users\user\Downloads\cod-ww2-reloaded-crack-only.zip
C:\Windows\rss\csrss.exe

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

S1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [35072 2018-02-27] () [File not signed]
2018-02-27 00:19 - 2018-02-27 00:19 - 000035072 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2018-02-27 00:19 - 2018-02-27 00:19 - 000009352 _____ C:\Windows\system32\Drivers\Winmon.sys
2018-02-27 00:18 - 2018-02-27 00:18 - 000000000 ____D C:\Users\user\AppData\Roaming\Microleaves
2018-02-27 00:18 - 2018-02-27 00:18 - 000000000 ____D C:\Users\user\AppData\Local\AdvinstAnalytics
ContextMenuHandlers6-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} =>  -> No File
C:\Windows\System32\Drivers\WinmonProcessMonitor.sys
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0T6ZQ0H\5a93f056b5f11_ua[1].exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0T6ZQ0H\cpSetup[1].exe

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

S3 Winmon; \??\C:\Windows\System32\drivers\Winmon.sys [X]
2017-06-02 12:48 - 2017-06-02 12:48 - 000000269 _____ () C:\ProgramData\fontcacheev1.dat
2017-06-02 12:10 - 2017-06-02 12:10 - 000000000 _____ () C:\Users\user\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat
2016-12-25 00:33 - 2016-12-25 00:33 - 000000033 _____ () C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat
2016-10-19 21:46 - 2016-11-09 23:01 - 000000828 _____ () C:\Users\user\AppData\Roaming\USER-BILGISAYAR.MTBF.txt
2016-10-19 21:46 - 2016-11-09 23:11 - 000000892 _____ () C:\Users\user\AppData\Roaming\__AvidCloudManager.log
2016-10-19 21:46 - 2016-10-29 21:20 - 000000395 _____ () C:\Users\user\AppData\Roaming\__AvidCloudManagerPrevious.log
2016-08-31 23:01 - 2016-08-31 23:01 - 000007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2017-03-18 00:24 - 2017-03-18 00:24 - 000000552 _____ () C:\Users\user\AppData\Local\TroubleshooterConfig.json
ContextMenuHandlers2-x32: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2018-03-04] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2018-03-04] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2018-03-04] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2018-03-04] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2018-03-04] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2018-03-04]
ContextMenuHandlers6-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} =>  -> No File

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

2018-03-16 01:46 - 2018-03-16 01:46 - 000000180 _____ () C:\Users\user\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-03-16 01:47 - 2018-03-16 01:47 - 000000017 _____ () C:\Users\user\AppData\Local\Temp\c0d13d4a83dca5f1ae6fcf4f5f92f277.dll
ContextMenuHandlers2-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} =>  -> No File
ContextMenuHandlers6-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} =>  -> No File
Reg: reg delete "HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\SOFTWARE\CONDUIT" /f

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Changing tools.

Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop.

• Double-click on setup.exe to install RogueKiller.

Close all programs and disconnect any USB or external drives before running the tool.

• Right-click RogueKiller.exe and select Run As Administrator to run the tool.
• Once the Prescan has finished, click Scan.
• Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.

Share this post


Link to post
Share on other sites

Close all programs and disconnect any USB or external drives before running the tool.

  • Double-click RogueKiller.exe to run the tool again (Vista/7/8/10 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished".
    • Select the following items:
      [PUP.OnlineIO] (X86) HKEY_LOCAL_MACHINE\Software\Microleaves -> Bulundu
      [PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\Conduit -> Bulundu
      [PUP.EpicNet] (X64) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\EpicNet Inc. -> Bulundu
      [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\OCS -> Bulundu
      [PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\Conduit -> Bulundu
      [PUP.EpicNet] (X86) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\EpicNet Inc. -> Bulundu
      [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\OCS -> Bulundu
      [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Bulundu
      [Tr.Gen|Hj.Name] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F4E9B959-3310-457A-8A38-AAC8892F52CA} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\rss\csrss.exe|Name=csrss| [x] -> Bulundu
      [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Bulundu
      [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Bulundu
      [PUP.Gen0|PUP.Gen1][Klasör] C:\ProgramData\Solvusoft -> Bulundu
      [Tr.Winmon][Dosya] C:\Windows\System32\drivers\WinmonFS.sys -> Bulundu
      [PUP.EpicNet][Klasör] C:\Users\user\AppData\Roaming\EpicNet Inc -> Bulundu
      [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Bulundu
      [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Bulundu
      [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Bulundu
      [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Bulundu
      [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Bulundu
      [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Bulundu
      [PUP.Gen0|PUP.Gen1][Klasör] C:\ProgramData\Solvusoft -> Bulundu
    • Click the Delete button.

  • Attach the RogueKiller report to your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex.txt)
    • The highest number of [X], is the most recent Delete log.


Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

S3 WinmonFS; \??\C:\Windows\System32\drivers\WinmonFS.sys [X]
C:\Windows\System32\drivers\WinmonFS.sys
2018-03-18 21:23 - 2018-03-18 21:23 - 000000180 _____ () C:\Users\user\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-03-18 21:23 - 2018-03-18 21:36 - 000000017 _____ () C:\Users\user\AppData\Local\Temp\c0d13d4a83dca5f1ae6fcf4f5f92f277.dll
2018-03-20 03:08 - 2018-03-18 12:59 - 001665384 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
2018-03-22 00:05 - 2018-03-22 00:05 - 001857024 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210523231.dll
2018-03-22 00:05 - 2018-03-22 00:05 - 001857024 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210524449.dll
2018-03-22 00:05 - 2018-03-22 00:05 - 001857024 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210525243.dll
2018-03-22 00:05 - 2018-03-22 00:05 - 001857024 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210555743.dll
2018-03-22 00:06 - 2018-03-22 00:06 - 002153984 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210626608.dll
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
Reg: reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinmonFS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinmonFS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinmonFS" /f

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Download Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
  • Click the Run button.

When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad.

Empty the Recycle Bin

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK

Run Windows Update and update your Windows Operating System.

Articles to Read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
How Did I Get Infected?

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

You are welcome, happy to be of assistance.

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only.  Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.  Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.