Advaicha 0 Report post Posted March 4, 2018 I have followed the instructions you provided and it asked to post remaining items here. Thanks for your help. a2scan_180304-012901.txt Addition.txt FRST.txt Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 4, 2018 Quote ??? Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 6, 2018 Hello, The EEK scan shows what looks to be several detections on the part of the BitDefender scan engine. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 GroupPolicy\User: Restriction <==== ATTENTION BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File FF Extension: (Avast SafePrice) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\midzfgqd.default\Extensions\[email protected] [2018-03-03] FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\midzfgqd.default\Extensions\[email protected] [2018-03-03] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X] R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-03] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-03] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-03] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-03] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-03] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-03-03] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-03] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-03] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-03] (AVAST Software) R0 AswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-03] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-03] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-03] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-03] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-03] (AVAST Software) 2018-03-03 20:10 - 2018-03-04 01:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2018-03-03 20:10 - 2018-03-03 20:10 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2018-03-03 20:10 - 2018-03-03 20:09 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-03-03 20:10 - 2018-03-03 20:09 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdf047a84f4977926.tmp 2018-03-03 20:10 - 2018-03-03 20:09 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw90c8df472fe28d14.tmp 2018-03-03 20:10 - 2018-03-03 20:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-03-03 20:10 - 2018-03-03 20:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\asweb5455ed957d79ca.tmp 2018-03-03 20:10 - 2018-03-03 20:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\asw516e23bf5343d706.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-03-03 20:09 - 2018-03-03 20:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw40efb510218d273b.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 5ac67d32c877653.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-03-03 20:09 - 2018-03-03 20:09 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6062c59b02a94479.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1b9073c46d4753ee.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-03-03 20:09 - 2018-03-03 20:09 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa0e58f1548e7adc8.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw36ca59503d7244a4.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-03-03 20:09 - 2018-03-03 20:09 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb48f564c23a28013.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\asw633f452f1cfbbb37.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-03-03 20:09 - 2018-03-03 20:09 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa2e0684860a02317.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1b88f799cd22136b.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-03-03 20:09 - 2018-03-03 20:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe6c885968f121b51.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw753abbc460563984.tmp 2018-03-03 20:09 - 2018-03-03 20:09 - 000000000 ____D C:\Program Files\Common Files\AVAST Software 2018-03-03 20:09 - 2018-03-03 20:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-03-03 20:09 - 2018-03-03 20:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw39248663ecd2c5db.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1b8e291208c5234c.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf1f4697e880de45b.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-03-03 20:09 - 2018-03-03 20:08 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7e6fc7db4e94da2a.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf756a9e3914cc9d7.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-03-03 20:09 - 2018-03-03 20:08 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\asw ba4e8e8132ecb.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-03-03 20:09 - 2018-03-03 20:08 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswfe000c8c9c0da683.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc112bb5262ad66f8.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdcc522e073449aef.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-03-03 20:09 - 2018-03-03 20:08 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\asw98251f8b9c8cfebd.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-03-03 20:09 - 2018-03-03 20:08 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2cda71055680455a.tmp 2018-03-03 20:09 - 2018-03-03 20:08 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 1477885b7caf7c3.tmp 2018-03-03 20:08 - 2018-03-03 20:08 - 000000000 ____D C:\Program Files\AVAST Software 2018-03-03 20:07 - 2018-03-03 20:09 - 000000000 ____D C:\ProgramData\AVAST Software ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => -> No File ContextMenuHandlers2-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers6-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File ContextMenuHandlers6-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File Task: {95826717-F303-49EC-9B9E-D47A72C07F69} - System32\Tasks\MRT => C:\Users\user\AppData\Local\Temp\csrss\mrt.exe <==== ATTENTION Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe C:\Users\user\AppData\Local\Temp\csrss\mrt.exe C:\Users\user\AppData\Local\Temp\csrss Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 6, 2018 That is the requested file from you. Thanks for your helps. Fixlog.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 7, 2018 Let's take a fresh look. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 8, 2018 It's done. But new things came out. :-/ FRST.txt scan_180308-005657.txt Addition.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 9, 2018 Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: F - F:\Lenovo_Suite.exe HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {08d8fca9-cbd5-11e7-9126-eca86b5a4742} - F:\Lenovo_Suite.exe HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {4eeade74-3bf9-11e7-8619-eca86b5a4742} - F:\Lenovo_Suite.exe HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {ccea3de9-1637-11e7-aa4b-eca86b5a4742} - G:\CDCheck.exe HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {ccea3ded-1637-11e7-aa4b-eca86b5a4742} - H:\CDCheck.exe HKU\S-1-5-21-4174119814-2480342670-4214301898-1000\...\MountPoints2: {dccd81d6-03e3-11e7-aab5-eca86b5a4742} - F:\autorun.exe 2018-02-27 00:18 - 2018-02-27 00:18 - 000000000 ___HD C:\Windows\rss 2018-02-27 00:18 - 2018-02-27 00:18 - 001527488 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\dbghelp.dll 2018-02-27 00:18 - 2018-02-27 00:18 - 000167616 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\symsrv.dll ContextMenuHandlers2-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File ContextMenuHandlers6-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File Task: {79DB3115-5B38-40A8-A907-4BDC66ED160F} - \Avast Software\Overseer -> No File <==== ATTENTION AlternateDataStreams: C:\Users\Public\AppData:CSM [462] C:\Users\user\AppData\Roaming\Passware C:\Users\user\AppData\Local\Temp\48414660 C:\Users\user\AppData\Local\Temp\nsi9127.tmp C:\Users\user\AppData\Local\Temp\wup C:\Users\user\Downloads\cod-ww2-reloaded-crack-only.zip C:\Windows\rss\csrss.exe Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 9, 2018 This is requested file. Thank you for your help. Fixlog.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 10, 2018 Let's take a fresh look. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 10, 2018 There are the last scan files. Thank you for your attention. scan_180310-042638.txt Addition.txt FRST.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 12, 2018 Copy the below code to Notepad; Save As fixlist.txt to your Desktop. S1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [35072 2018-02-27] () [File not signed] 2018-02-27 00:19 - 2018-02-27 00:19 - 000035072 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys 2018-02-27 00:19 - 2018-02-27 00:19 - 000009352 _____ C:\Windows\system32\Drivers\Winmon.sys 2018-02-27 00:18 - 2018-02-27 00:18 - 000000000 ____D C:\Users\user\AppData\Roaming\Microleaves 2018-02-27 00:18 - 2018-02-27 00:18 - 000000000 ____D C:\Users\user\AppData\Local\AdvinstAnalytics ContextMenuHandlers6-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File C:\Windows\System32\Drivers\WinmonProcessMonitor.sys C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0T6ZQ0H\5a93f056b5f11_ua[1].exe C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0T6ZQ0H\cpSetup[1].exe Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 14, 2018 I deleted first fixlog.txt file wrongly. But i ran the fix one more time and added the new fixlog.txt file. Then i did eek and frst scans. That files added too. Thank you so much. Addition.txt Fixlog.txt scan_180314-000249.txt FRST.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 14, 2018 Copy the below code to Notepad; Save As fixlist.txt to your Desktop. S3 Winmon; \??\C:\Windows\System32\drivers\Winmon.sys [X] 2017-06-02 12:48 - 2017-06-02 12:48 - 000000269 _____ () C:\ProgramData\fontcacheev1.dat 2017-06-02 12:10 - 2017-06-02 12:10 - 000000000 _____ () C:\Users\user\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat 2016-12-25 00:33 - 2016-12-25 00:33 - 000000033 _____ () C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat 2016-10-19 21:46 - 2016-11-09 23:01 - 000000828 _____ () C:\Users\user\AppData\Roaming\USER-BILGISAYAR.MTBF.txt 2016-10-19 21:46 - 2016-11-09 23:11 - 000000892 _____ () C:\Users\user\AppData\Roaming\__AvidCloudManager.log 2016-10-19 21:46 - 2016-10-29 21:20 - 000000395 _____ () C:\Users\user\AppData\Roaming\__AvidCloudManagerPrevious.log 2016-08-31 23:01 - 2016-08-31 23:01 - 000007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg 2017-03-18 00:24 - 2017-03-18 00:24 - 000000552 _____ () C:\Users\user\AppData\Local\TroubleshooterConfig.json ContextMenuHandlers2-x32: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2018-03-04] (Emsisoft Ltd) ContextMenuHandlers2-x32: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2018-03-04] (Emsisoft Ltd) ContextMenuHandlers3-x32: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2018-03-04] (Emsisoft Ltd) ContextMenuHandlers3-x32: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2018-03-04] (Emsisoft Ltd) ContextMenuHandlers6-x32: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2018-03-04] (Emsisoft Ltd) ContextMenuHandlers6-x32: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2018-03-04] ContextMenuHandlers6-x32-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 17, 2018 There are all files. Thanks for all. scan_180317-004118.txt Fixlog.txt FRST.txt Addition.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 17, 2018 Copy the below code to Notepad; Save As fixlist.txt to your Desktop. 2018-03-16 01:46 - 2018-03-16 01:46 - 000000180 _____ () C:\Users\user\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll 2018-03-16 01:47 - 2018-03-16 01:47 - 000000017 _____ () C:\Users\user\AppData\Local\Temp\c0d13d4a83dca5f1ae6fcf4f5f92f277.dll ContextMenuHandlers2-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File ContextMenuHandlers6-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File Reg: reg delete "HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\SOFTWARE\CONDUIT" /f Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 18, 2018 All files attached. Thnx a lot. Fixlog.txt FRST.txt Addition.txt scan_180318-131936.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 19, 2018 Changing tools. Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop. • Double-click on setup.exe to install RogueKiller. Close all programs and disconnect any USB or external drives before running the tool. • Right-click RogueKiller.exe and select Run As Administrator to run the tool. • Once the Prescan has finished, click Scan. • Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 20, 2018 That's the scan file that you requested. Thanks. scan file.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 20, 2018 Close all programs and disconnect any USB or external drives before running the tool. Double-click RogueKiller.exe to run the tool again (Vista/7/8/10 users: Right-click and select Run As Administrator). Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished".Select the following items:[PUP.OnlineIO] (X86) HKEY_LOCAL_MACHINE\Software\Microleaves -> Bulundu [PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\Conduit -> Bulundu [PUP.EpicNet] (X64) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\EpicNet Inc. -> Bulundu [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\OCS -> Bulundu [PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\Conduit -> Bulundu [PUP.EpicNet] (X86) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\EpicNet Inc. -> Bulundu [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4174119814-2480342670-4214301898-1000\Software\OCS -> Bulundu [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Bulundu [Tr.Gen|Hj.Name] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F4E9B959-3310-457A-8A38-AAC8892F52CA} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\rss\csrss.exe|Name=csrss| [x] -> Bulundu [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Bulundu [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Bulundu [PUP.Gen0|PUP.Gen1][Klasör] C:\ProgramData\Solvusoft -> Bulundu [Tr.Winmon][Dosya] C:\Windows\System32\drivers\WinmonFS.sys -> Bulundu [PUP.EpicNet][Klasör] C:\Users\user\AppData\Roaming\EpicNet Inc -> Bulundu [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Bulundu [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Bulundu [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Bulundu [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Bulundu [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Bulundu [PUP.uTorrentAds][Dosya] C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Bulundu [PUP.Gen0|PUP.Gen1][Klasör] C:\ProgramData\Solvusoft -> Bulundu Click the Delete button. Attach the RogueKiller report to your next reply.The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex.txt) The highest number of [X], is the most recent Delete log. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 22, 2018 These are requested files. Thnx Last scan file.txt After Deleting Report.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 22, 2018 How are things running? Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 22, 2018 I ran the roguekiller again. Threat count decreased. Thanks Last Scan.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 22, 2018 Run a fresh scan with FRST, attach the new FRSTscan reports to your reply. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 23, 2018 FRST scan files. Thanks FRST.txt Addition.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 23, 2018 Copy the below code to Notepad; Save As fixlist.txt to your Desktop. S3 WinmonFS; \??\C:\Windows\System32\drivers\WinmonFS.sys [X] C:\Windows\System32\drivers\WinmonFS.sys 2018-03-18 21:23 - 2018-03-18 21:23 - 000000180 _____ () C:\Users\user\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll 2018-03-18 21:23 - 2018-03-18 21:36 - 000000017 _____ () C:\Users\user\AppData\Local\Temp\c0d13d4a83dca5f1ae6fcf4f5f92f277.dll 2018-03-20 03:08 - 2018-03-18 12:59 - 001665384 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\dllnt_dump.dll 2018-03-22 00:05 - 2018-03-22 00:05 - 001857024 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210523231.dll 2018-03-22 00:05 - 2018-03-22 00:05 - 001857024 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210524449.dll 2018-03-22 00:05 - 2018-03-22 00:05 - 001857024 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210525243.dll 2018-03-22 00:05 - 2018-03-22 00:05 - 001857024 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210555743.dll 2018-03-22 00:06 - 2018-03-22 00:06 - 002153984 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180321210626608.dll AlternateDataStreams: C:\Users\Public\AppData:CSM [478] Reg: reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinmonFS" /f Reg: reg delete "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinmonFS" /f Reg: reg delete "HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinmonFS" /f Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 24, 2018 I ran the scan one more time. And these are the files.. Thnx Addition.txt Fixlog.txt FRST.txt Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 24, 2018 Your FRST logs look fine. Looks like everything is gone. How are things running? Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 24, 2018 Everything is good for me. Again thank you sir, for all your help.. I hope you always in good progress. Goodbye for now Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 26, 2018 Unless you are having problems, it is time to do the final steps. Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to:Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK Run Windows Update and update your Windows Operating System. Articles to Read:How to Protect Your Computer From MalwareHow to keep you and your Windows PC happyWeb, email, chat, password and kids safetyHow Did I Get Infected? That should take care of everything. Safe Surfing! Share this post Link to post Share on other sites
Advaicha 0 Report post Posted March 27, 2018 Ok, all done! Thank you so much for everything Share this post Link to post Share on other sites
Kevin Zoll 278 Report post Posted March 27, 2018 You are welcome, happy to be of assistance. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread. Share this post Link to post Share on other sites
