dechainne 0 Report post Posted January 31 My computer (desktop) has been infected for quite some time. After one of Microsoft Wndows 10 updates that turned off all my protection the machine got infected. That was close to 2 years ago. I have been working on getting rid of the many infections manually and with a few killers. I recently ran across EEK and us4ed it and I used FRST as outlined in hopes this will finally get my desktop back in action. When fully infected I could not run anything. After I did some cleaning I was able to get into safe mode. but the infections would not allow me to change anything, delete or remove any files it presented me with an error box stating that I did not have permission to do that or when I attempted to run various malware and virus killers or start any anti-virus program. It stated it was already running. I am hoping that you can assist me in remedying my situation at hand with my desktop. I have attached the reports from EEK and FRST as outlined. I thank you in advance for your assistance. Addition.txt FRST.txt scan_190130-155741.txt Share this post Link to post Share on other sites
Kevin Zoll 276 Report post Posted February 1 Copy the below code to Notepad; Save As fixlist.txt to your Desktop.HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [cpx] => "C:\Users\BizAccnt\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION HKLM-x32\...\Run: [svcvmx] => "C:\Users\BizAccnt\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup <==== ATTENTION HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoWinKeys] 1 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoFileUrl] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoNetHood] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoFileMenu] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoSetTaskBar] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [Nosecuritytab] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoUpdateCheck] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoWindowsUpdate] 0 GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKU\S-1-5-21-1351472251-1763887738-756014443-1006\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Winsock: Catalog9 13 %windir%\system32\vsocklib.dll => No File Winsock: Catalog9 14 %windir%\system32\vsocklib.dll => No File Winsock: Catalog9-x64 13 %windir%\system32\vsocklib.dll => No File Winsock: Catalog9-x64 14 %windir%\system32\vsocklib.dll => No File HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-21-1351472251-1763887738-756014443-1006 -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL = SearchScopes: HKU\S-1-5-21-1351472251-1763887738-756014443-1007 -> DefaultScope {7A41E3E5-29C6-4A45-9357-3C292D43EE68} URL = SearchScopes: HKU\S-1-5-21-1351472251-1763887738-756014443-1007 -> {DCFD42FA-A29D-4635-9487-9E97943856CC} URL = BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll => No File Toolbar: HKU\S-1-5-21-1351472251-1763887738-756014443-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1351472251-1763887738-756014443-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1351472251-1763887738-756014443-1007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected] => not found S2 Dataup; C:\Users\BizAccnt\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION S1 cctarpcq; \??\C:\WINDOWS\system32\drivers\cctarpcq.sys [X] R5 drmkpro64; <==== ATTENTION: Locked Service <==== ATTENTION S1 drxrsqjb; \??\C:\WINDOWS\system32\drivers\drxrsqjb.sys [X] S1 ikqyktvh; \??\C:\WINDOWS\system32\drivers\ikqyktvh.sys [X] S1 opbqhbnc; \??\C:\WINDOWS\system32\drivers\opbqhbnc.sys [X] S1 oszmpycu; \??\C:\WINDOWS\system32\drivers\oszmpycu.sys [X] S1 snwwpkek; \??\C:\WINDOWS\system32\drivers\snwwpkek.sys [X] 2019-01-30 16:27 - 2019-01-30 16:27 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nxwztfjc.sys 2019-01-13 17:37 - 2019-01-30 09:28 - 000000000 ____D C:\Program Files\rempl 2019-01-30 13:11 - 2017-06-19 21:54 - 000000000 ____D C:\Users\BizAccnt\AppData\Local\ntuserlitelist 2015-04-14 08:28 - 2015-04-14 08:28 - 000001171 _____ () C:\Users\BizAccnt\AppData\Roaming\wVhDty4cZ4ikvfz7j2MRh4E0E C:\WINDOWS\system32\drivers\ndistpr64.sys ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File ContextMenuHandlers1: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll -> No File ContextMenuHandlers3: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll -> No File ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers4: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File Task: {00496BD5-4FC8-4811-9C8F-5A123EB21633} - no filepath Task: {00FA9144-2A7D-421B-A10C-DE8F45FF0A9C} - no filepath Task: {06CDD989-385B-49DA-BF87-73B4CCF77485} - no filepath Task: {0D845C21-1CB7-48C8-B8F8-8A3258ECAC9D} - no filepath Task: {0F3807CF-C051-4AD3-B615-42E61A3052AF} - no filepath Task: {0F95EA6C-1B50-4185-8361-E5F9290F8586} - no filepath Task: {149F7C26-4956-4D84-89FA-C2BAE34FFF79} - no filepath Task: {1712E2EF-0078-4A89-BD90-A93513C45D1B} - \SMW_UpdateTask_Time_34343731353930342d454a2a415034412a4a6c575a -> No File <==== ATTENTION Task: {1825E803-8D2D-423A-870B-8E07E89404C9} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1003 -> No File <==== ATTENTION Task: {1E3B3107-83EC-484B-9BB4-56B828939B9F} - no filepath Task: {1FD33E8C-4EF3-43CA-8690-A3CE00F9C869} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {20D44214-602C-497F-875D-660AE153DA75} - \HP AR Program Upload - fca025bd50b749d68da04fb1ff3b4620988a36468944423d8cce8ea4f56c99ab -> No File <==== ATTENTION Task: {2224B408-7CEA-4DEC-9173-7A77B4281877} - no filepath Task: {23693835-D5EF-4455-99C6-10819FCAAA16} - \User_Feed_Synchronization-{0C757521-BCAA-4C47-AA2A-1FC97ADE5B98} -> No File <==== ATTENTION Task: {238FC883-0B2A-4E26-9215-40F67C723E12} - \HP AR Program Upload - abecdd93a51a49afa1468ffa6ec97a090df6cb329ddd4f29bd2ce2906e114287 -> No File <==== ATTENTION Task: {27395F70-7C0C-40A4-8DA0-64B99F71702F} - no filepath Task: {2780B42C-50DF-45C6-8A23-D0747CAACECC} - no filepath Task: {30AB8F31-8A04-447F-B737-6F3FC5297F4C} - \RealDownloader Update Check -> No File <==== ATTENTION Task: {31614312-62E6-4AC5-B99B-DF9FAA8E1411} - \RealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {33B286FA-4BC0-4291-B468-836C70E38A30} - no filepath Task: {367B3E61-B2C1-40FD-BA8E-2F4B618918C3} - no filepath Task: {38910B2D-8EAA-444E-857F-2840AFFF93F7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3A31BC0B-2D97-4BD0-BEF2-25DF564A2789} - no filepath Task: {3C1625FB-9BD6-4969-8A23-B2D29B000346} - no filepath Task: {3FEF55C6-D994-46D6-BF64-2BEE5B8EEEE8} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1006 -> No File <==== ATTENTION Task: {426640AF-956A-4458-8792-527E06A441DF} - no filepath Task: {43948049-284B-4F81-9FF4-4793DB658FB3} - \RealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {47B43310-5FF6-4E53-9BAA-A36E04872F97} - no filepath Task: {48129676-308D-4A1E-AC87-070112EE6C73} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION Task: {4871FC7B-817A-4740-B2EF-8C07E84F7272} - no filepath Task: {49022CA2-1E71-4415-96CA-0E10612D3E90} - \ecab37c9-222c-407c-9032-d52647d01a76-5_user -> No File <==== ATTENTION Task: {4CEAAB17-2DA4-4704-A453-995789B5BFA2} - no filepath Task: {5260AA48-AE74-4E00-BFEC-9D2AAAC8DAD4} - \ecab37c9-222c-407c-9032-d52647d01a76-4 -> No File <==== ATTENTION Task: {53157A82-ECF9-4196-BE97-510C9A39E759} - no filepath Task: {555CF9A3-EAB4-45C5-8419-00F201A4367C} - \{8A1D12A2-D5F0-486D-9D81-BA6C4B532C9C} -> No File <==== ATTENTION Task: {5A9F2392-DE9F-4E39-819D-418759F41DAB} - \{6602A39E-3C88-434A-A69C-6876F8CF9E57} -> No File <==== ATTENTION Task: {5D88B756-74A5-4B3A-8A19-EC0AED9928A6} - \HP AR Program Upload - 312935451d694d8fbaf486308e6e7e83b5c6403402754a32b587f4f0236119d2 -> No File <==== ATTENTION Task: {5F03307C-2F03-4786-9A55-E4D36AA80341} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION Task: {5FBE5D64-3259-4156-9118-099A0DAA78CB} - \MyBrowser -> No File <==== ATTENTION Task: {61F2FC90-E9DA-4849-A1FD-76B997BE0276} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {62E54295-AC99-434E-9726-93B4079D1A58} - \HP AR Program Upload - 4755144799804597acf44ac57ed3eea40696fa3ecee64241ae0ebdae0fcaa22c -> No File <==== ATTENTION Task: {63DF04BD-40DD-4B10-94B8-3930A1D7E33A} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {6710ED2B-BA7B-4884-B60A-DFC0BC32D22B} - no filepath Task: {6714E4D5-54BE-4051-B1CC-17F88FC5F022} - no filepath Task: {6960CB8A-40C3-4EB3-8547-A554047CCA95} - \{E9BB6EEE-CEEC-4B19-886A-93411063CFC7} -> No File <==== ATTENTION Task: {69C4DD59-89FA-4698-B7C7-6702BF5E8921} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION Task: {6DF6DC7B-8781-4E61-9BF3-A8048954FC3B} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {6E5D4A92-196C-4F34-8251-0D7B76F3C674} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1006 -> No File <==== ATTENTION Task: {70A3D6F2-6664-4C8A-B120-B6DB035FD2D1} - \HP AR Program Upload - 31ef0124e0c94edca30de826854e2663949bdf7918004fa99ab0931499a8c8a1 -> No File <==== ATTENTION Task: {735E5C88-6062-4B50-A5E5-8A5985A0C811} - no filepath Task: {7AA19AB2-BB90-454E-A3E5-DCE1C83464EB} - no filepath Task: {7B7C27DC-B0EF-4087-AD2F-B56D70271697} - no filepath Task: {7B8E0C23-2A72-40F1-A58F-BFB9708C578D} - no filepath Task: {7D2516F0-5A50-4C00-9B24-CDE81A50A8E6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {830CB740-A641-478D-807B-C667D1850024} - no filepath Task: {8362FCD0-6651-4982-ACA6-50C6E16A9328} - no filepath Task: {84A8C7BF-5191-4C38-9ADD-18F781A9D537} - \ecab37c9-222c-407c-9032-d52647d01a76-5 -> No File <==== ATTENTION Task: {899CB99A-3373-4CFE-AF87-03CF7DBB5695} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION Task: {8E74EF00-7E76-4042-9441-4B2D71A1364D} - no filepath Task: {8FBE8015-04D4-47BD-9384-FF9A167C49DD} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1003 -> No File <==== ATTENTION Task: {905D7455-5CA1-488B-97D8-1F28E82E0984} - no filepath Task: {914D9F48-1CBC-4BF1-BFEA-6F62C3073A1B} - \One System Care Task -> No File <==== ATTENTION Task: {9694DE57-70E5-4190-A715-30624194CE64} - \{94F40477-69B2-49C2-B665-D9473AAFB803} -> No File <==== ATTENTION Task: {98573CC6-D97C-48FD-9775-6C675CED5825} - no filepath Task: {991A8AE6-2037-4A73-96EE-2F040EC325A7} - no filepath Task: {9A9637F0-83B4-4B4C-8E33-16CE7CB481F9} - no filepath Task: {9AF8210F-4474-4724-81CE-27310161969A} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {9D7EBC79-012F-4261-BD06-0EDEF2251C5C} - no filepath Task: {9F22B976-D33C-4E2B-A15C-662E4064EC42} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION Task: {A090690D-37F6-4F54-BAEB-9EF25B1612F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {A3C63F6E-E7B8-4E1C-B0F5-122E842E920E} - \{5BEB811E-E6D3-479B-B283-BF2D2E6BE139} -> No File <==== ATTENTION Task: {A7E7619A-C790-4407-BE82-D44408574D2A} - no filepath Task: {A87BFE47-7E81-44D0-85E7-3268CF2C114F} - no filepath Task: {AD488CB4-F5FC-49C2-B4B3-F08BE04C8C61} - no filepath Task: {ADCADCAF-2EDC-48CB-9461-5E5DDB2E9D7E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B3971B7B-828C-47ED-AD63-C94DE5128591} - no filepath Task: {B3F7B1F8-4BE6-443E-B3AE-83118F1C24D5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {B4CB5A15-A4BB-4220-92E4-D0BCE464A479} - no filepath Task: {BE596E98-FB57-4A1D-82D7-6B8C77F091F1} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {C084FA60-7325-4DB5-9BAC-97A5FFAC8980} - \User_Feed_Synchronization-{C12A274C-A839-46DD-A526-09B88AB195E1} -> No File <==== ATTENTION Task: {C4C898D3-E47F-4054-AD35-FC6C25646596} - no filepath Task: {C790DDA6-7A99-466E-BF7C-9C87C376E72E} - no filepath Task: {CFE80A2A-DADD-420D-B510-FEE7C753E194} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D124EFC9-FE72-453D-96C9-43D5AF5C5500} - \Express FilesUpdate -> No File <==== ATTENTION Task: {D13D8333-154B-481D-9768-E00D42A258CF} - \{34E815C4-3AB1-45AC-A5A6-4D16D2CA9A86} -> No File <==== ATTENTION Task: {D1609895-C9B4-4846-8DF6-FED738F7EB50} - no filepath Task: {D3453495-E813-4678-8823-26434CA88277} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {D34A5D11-1075-4660-A35D-3CF5F480BFFE} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {D3626A0E-D197-4429-B923-DEF0263A05F0} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION Task: {D7A17E60-44CD-4E69-9C5A-8E8B5A50FE6E} - no filepath Task: {D8CADC6A-D874-43F4-BB6C-C52120A2C2BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {DF038B73-EC37-4B2E-9BB5-75FE0E5638C9} - no filepath Task: {DFA64BEF-51F4-409B-86B4-7F062EBE42B1} - no filepath Task: {DFD1486E-F040-4CD3-8614-0787845E6B6C} - \HP AR Program Upload - a549b42f3930480087b876a47f516a00dbe67fb4326d43fda3d4adf4c1c4591a -> No File <==== ATTENTION Task: {E4CDE1C8-550D-4BE9-9243-293795574DE5} - no filepath Task: {E91A5D81-A317-4148-89BD-91C5AF428D01} - no filepath Task: {EDEA2C44-F6D4-464D-9926-E2625CD5E07D} - \4673 -> No File <==== ATTENTION Task: {EFF17C07-A840-4D3C-9299-549A52A83C85} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F1685CA8-93AC-4FF2-B823-3415210B92A1} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1006 -> No File <==== ATTENTION Task: {F25CCAB1-EB83-4201-B660-35E43235FE1E} - \IBUpd -> No File <==== ATTENTION Task: {F3120ED4-342D-4068-A7BA-1B538907F4AF} - no filepath Task: {F77C5132-E870-4E8E-9633-D63C9DB2AFD4} - \RocketTab Update Task -> No File <==== ATTENTION Task: {FB58D978-423C-4317-8323-FCE9E9FFA42C} - no filepath Task: {FB678467-8E8B-44AC-A72B-33008818644F} - no filepath Task: {FC479928-0556-48A8-9FE8-1572AEC355C1} - \RocketTab -> No File <==== ATTENTION Task: {FC75B954-314D-4040-A3A5-E114C9C7800F} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\Yahoo! Powered niref.job => C:\ProgramData\{FE5C3B3F-741E-B1F9-F2D8-2FBB689AA475}\tifo.txt <==== ATTENTION AlternateDataStreams: C:\WINDOWS\system32\Drivers\bssrshar.sys:changelist [448] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nxwztfjc.sys:changelist [448] AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118] MSCONFIG\Services: Dataup => FirewallRules: [{9B8878F3-FBA7-4E82-A5BC-94789C960F5A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜硹捯潨摮潲慳捲浯牡晩畳屭祍潸档湯牤獯牡潣慭楲獦浵硥e No File FirewallRules: [{BE66EF05-B66E-4213-B500-2D260586BBE5}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜硹捯潨摮潲慳捲浯牡晩畳屭祍潸档湯牤獯牡潣慭楲獦浵攮數 No File FirewallRules: [{8ED1560E-E054-4FE5-BFEA-BB46C8380323}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥硥e No File FirewallRules: [{ABF18B0F-CC94-4668-BA5B-9028FBF21262}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥硥e No File FirewallRules: [{9BBD62DA-0260-459E-A363-23D71B59A6D8}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥攮數 No File FirewallRules: [{C3532063-99DD-4B9B-875D-3D8C79A1439A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥攮數 No File FirewallRules: [{1C8E07C3-E6ED-4C32-9973-B62603E2FE08}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File FirewallRules: [{ED212BD6-6D65-4E71-B32D-9E55BE785204}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File FirewallRules: [{06361F75-50B3-4E36-975C-702BF4BF6E6E}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File FirewallRules: [{6BD27039-4739-428E-A63F-6B037736C427}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File FirewallRules: [{71182C25-1268-4476-9563-597529E598D0}] => (Allow) %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe No File FirewallRules: [{D72ADEF9-C968-46CB-8651-8F89A1B7CB77}] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsSessionAgent.exe No File FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe No File FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe No File FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe No File FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe No File FirewallRules: [WMS-Dashboard] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsDashboard.exe No File FirewallRules: [WMS-Session-Agent] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsSessionAgent.exe No File FirewallRules: [WMS-Service] => (Allow) %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe No File FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File FirewallRules: [WMS-Manager] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsManager.exe No File C:\WINDOWS\System32\Drivers\ndistpr64.sysClose Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Share this post Link to post Share on other sites
Kevin Zoll 276 Report post Posted February 6 Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread Share this post Link to post Share on other sites
