Recommended Posts

I am having harrowing time with these malwares which no AV or Anti-malware softwares seem to remove, slowing down my already slow system. It keeps on coming back and have to rescan restart with no end in sight. Until I came across emsisoft and after scaning and trying to quarntine it says removing them will pose high risk of crashing the system during automatic cleaning, as the threat is deeply embedded and it refered to the online support for quidance for removal. Following the instruction at "START HERE' I managed to attach the requisite files. Plz kindly help which will be highly valued. Thanking you.

FRST_10-05-2018 14.14.12.txt

Addition_10-05-2018 14.14.12.txt

scan_180510-131930.txt

Share this post


Link to post
Share on other sites

Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in.

Start::
    HKLM-x32\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    S1 aciyfxysz.sys; C:\WINDOWS\system32\drivers\aciyfxysz.sys [15424 2017-06-25] () [File not signed]
    R1 hxzmdgdcj.sys; C:\WINDOWS\system32\drivers\hxzmdgdcj.sys [1319352 2018-05-10] ()
    S1 izgjfazpt.sys; C:\WINDOWS\system32\drivers\izgjfazpt.sys [1319352 2018-05-10] ()
    S1 zmftdvdxb.sys; C:\WINDOWS\system32\drivers\zmftdvdxb.sys [15440 2018-05-10] (Acer Laboratories Inc.)
    S1 aafjdfdea.sys; \??\C:\WINDOWS\system32\drivers\aafjdfdea.sys [X]
    S1 ewuomiudg.sys; \??\C:\WINDOWS\system32\drivers\ewuomiudg.sys [X]
    S1 fykhvpzkf.sys; \??\C:\WINDOWS\system32\drivers\fykhvpzkf.sys [X]
    S1 ibvpzttsa.sys; \??\C:\WINDOWS\system32\drivers\ibvpzttsa.sys [X]
    U3 idsvc; no ImagePath
    S1 jojgaxzrp.sys; \??\C:\WINDOWS\system32\drivers\jojgaxzrp.sys [X]
    S1 kuwqnyevg.sys; \??\C:\WINDOWS\system32\drivers\kuwqnyevg.sys [X]
    S1 lsbitrjak.sys; \??\C:\WINDOWS\system32\drivers\lsbitrjak.sys [X]
    S1 opalduexn.sys; \??\C:\WINDOWS\system32\drivers\opalduexn.sys [X]
    S1 rnxxhrzhg.sys; \??\C:\WINDOWS\system32\drivers\rnxxhrzhg.sys [X]
    S1 srtqxhwpz.sys; \??\C:\WINDOWS\system32\drivers\srtqxhwpz.sys [X]
    S1 wurknrbob.sys; \??\C:\WINDOWS\system32\drivers\wurknrbob.sys [X]
    S1 zqvazsaiq.sys; \??\C:\WINDOWS\system32\drivers\zqvazsaiq.sys [X]
    2018-05-10 13:08 - 2018-05-10 13:08 - 001319352 _____ C:\WINDOWS\system32\Drivers\izgjfazpt.sys
    2018-05-10 13:08 - 2018-05-10 13:08 - 000015440 _____ (Acer Laboratories Inc.) C:\WINDOWS\system32\Drivers\zmftdvdxb.sys
    2018-05-10 11:56 - 2018-05-10 13:07 - 001319352 _____ C:\WINDOWS\system32\Drivers\hxzmdgdcj.sys
    2018-05-09 23:13 - 2018-05-10 13:56 - 001852699 _____ C:\WINDOWS\system32\r6lstmp4.dat
    2018-05-09 09:13 - 2018-05-09 09:13 - 000000000 ____L C:\WINDOWS\system32\Drivers\mrefvnpvh.sys
    2018-05-09 09:13 - 2018-05-09 09:13 - 000000000 ____L C:\WINDOWS\system32\Drivers\gzbjhfiu.sys
    2018-05-08 19:14 - 2018-05-08 19:14 - 000000000 ____L C:\WINDOWS\system32\Drivers\khivwnvfy.sys
    2018-05-08 19:14 - 2018-05-08 19:14 - 000000000 ____L C:\WINDOWS\system32\Drivers\hwsudepr.sys
    2018-05-07 10:35 - 2018-05-10 09:11 - 000000000 ____D C:\WINDOWS\SysWOW64\%Report%
    2018-05-01 09:52 - 2018-05-01 09:52 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\eknufxbj.sys
    2018-04-30 18:51 - 2018-04-30 18:51 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\btvpilaf.sys
    2018-04-26 11:23 - 2018-04-26 11:23 - 000623616 _____ (Sony Corporation) C:\WINDOWS\system32\snymsico.dll
    2017-09-18 16:52 - 2017-09-18 17:52 - 000003089 _____ () C:\Users\Administrator\AppData\Roaming\droid4xinstaller.log
    2017-06-21 23:16 - 2017-06-21 23:16 - 000001658 _____ () C:\Users\Administrator\AppData\Roaming\NT90GJ2.exe.config
    2017-06-07 23:13 - 2017-06-07 23:13 - 000140800 _____ () C:\Users\Administrator\AppData\Local\installer.dat
    2016-12-19 12:42 - 2016-12-19 12:42 - 000000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
    2016-12-14 17:46 - 2016-11-23 19:37 - 000000570 _____ () C:\Users\Administrator\AppData\Local\TroubleshooterConfig.json
    2016-05-07 13:15 - 2016-05-07 13:15 - 000000000 _____ () C:\Users\Administrator\AppData\Local\{4B381DFC-AAE9-42EA-8D19-0B6A7999C323}
    C:\Windows\System32\Drivers\gzbjhfiu.sys
    C:\Windows\System32\Drivers\hwsudepr.sys
    C:\Windows\System32\Drivers\khivwnvfy.sys
    C:\Windows\System32\Drivers\mrefvnpvh.sys
    C:\WINDOWS\system32\drivers\hxzmdgdcj.sys -> Access Denied <======= ATTENTION
    C:\WINDOWS\system32\drivers\izgjfazpt.sys -> Access Denied <======= ATTENTION
    C:\WINDOWS\System32\Drivers\hxzmdgdcj.sys
    C:\WINDOWS\System32\Drivers\izgjfazpt.sys
    ContextMenuHandlers1: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
    ContextMenuHandlers1: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} =>  -> No File
    ContextMenuHandlers1: [JZContextMenuExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} =>  -> No File
    ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
    ContextMenuHandlers2: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} =>  -> No File
    ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
    ContextMenuHandlers4: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} =>  -> No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
    Task: {18C0F3E4-7C64-4450-B166-3355F0B1BDCA} - System32\Tasks\TweakBit\PCSuite\Start PCSuite оn Administrator logon => C:\Program Files (x86)\TweakBit\PCSuite\PCSuite.exe [2014-01-13] (TweakBit) <==== ATTENTION
    Task: {768B3383-8BF9-4FDC-984F-CF0FF827FD5E} - \IQOptionUpdateTask -> No File <==== ATTENTION
    Task: {78ECFBB8-2B87-47CB-9E0E-DD41786B0826} - System32\Tasks\iMonitor => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\iMonitor\iMonitor.dll",YjCaTtru <==== ATTENTION
    Task: {7E729575-597B-4541-B42E-52708E34A083} - \KMSAuto -> No File <==== ATTENTION
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\btvpilaf.sys:changelist [452]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\eknufxbj.sys:changelist [1462]
    HKU\S-1-5-21-2727615601-3806827788-3798140316-500\...\StartupApproved\Run: => "EAYEPTYFUK.exe"
    HKU\S-1-5-21-2727615601-3806827788-3798140316-500\...\StartupApproved\Run: => "iiBç0nMHHd.exe"
End::

 

Share this post


Link to post
Share on other sites

RUn a fresh scan with FRST, make sure the additon.txt and shortcuts.txt are selected.  There should be 2 logs on the Desktop after FRST finishes its scan.  FRST.txt, Additions.txt, and Shortcuts.txt.

Attach all 3 logs to your reply.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.