Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Windows 10 NDISTPR64.SYS

This is a discussion on Windows 10 NDISTPR64.SYS within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello folks, I recently believe I have gotten a Trojan on my HP Envy DV7 running Windows 10. When I


Closed Thread
 
Thread Tools Search this Thread
Old 07-16-2017, 04:28 PM   #1
Registered Member
 
Join Date: Jul 2017
Location: San Diego
Posts: 8
OS: Windows 10



Hello folks,
I recently believe I have gotten a Trojan on my HP Envy DV7 running Windows 10. When I login it'll function properly for 2-5 minutes then go to a blue screen with an error stop code. It then tells me that NDISTPR64.sys failed. I currently have my hard drive out of the computer because I can't do any troubleshooting running my computer. I have my hard drive connected to a Windows Surface Pro via a usb adapter. Right now I am a scan on the hard drive with Malwarebytes. I was wondering if anyone has anymore advice that will help me correct my issue.
datnip2010 is offline  
Sponsored Links
Advertisement
 
Old 07-16-2017, 09:26 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



https://www.techsupportforum.com/foru...ta-452654.html
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-16-2017, 10:56 PM   #3
Registered Member
 
Join Date: Jul 2017
Location: San Diego
Posts: 8
OS: Windows 10



I got my computer running again. Running a scan with the Malwarebyte program helped. I just need to do some further cleaning on it now.
datnip2010 is offline  
Sponsored Links
Advertisement
 
Old 07-17-2017, 05:33 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Even though you marked the thread as resolved, are you sure you don't need further help here? Let us know.

I can guide you to make sure the issue is gone. As you mentioned, there may still be remnants on your machine.

------------------------------------------------------

Some questions first...

Is this a 32- or 64-bit machine?

Does the BSOD Stop Code say 'DRIVER_IRQL_NOT_LESS_OR_EQUAL'?

Do you know exactly when(date/time) the problem started, and what you were doing when the issue started?

Is the HDD still out of the original machine and still connected to the Surface Pro?

Or, is the HDD back in the original machine? Was the HDD back in the machine before the MBAM scan?

What did MBAM find? If possible, please post the latest MBAM log in your next reply. Thanks.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-17-2017, 07:49 PM   #5
Registered Member
 
Join Date: Jul 2017
Location: San Diego
Posts: 8
OS: Windows 10


Chemist, I'm unable to post the information you need today. I currently serve in the US Navy and I have to stay at my duty station over night. I will be able to get you the information tomorrow evening.
datnip2010 is offline  
Old 07-17-2017, 10:09 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, datnip2010. Thank you for your service! My dad was in the Coast Guard.

No hurry. Post when able.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-18-2017, 06:43 PM   #7
Registered Member
 
Join Date: Jul 2017
Location: San Diego
Posts: 8
OS: Windows 10



Chemist,

My computer is a 64-bit machine,
The BSOD Stop Code did say DRIVER_IRQL_NOT_LESS_OR_EQUAL'
The issue began in the morning of 15JUL2017
I also have attached the exported Txt file of my Malwarebytes scan report.
As for the HDD it is back in the original machine after I ran the Malwarebytes scan on the Surface Pro.
Also I have notice that my task bar does not want to respond unless I right click on it.

If you need more info just let me know.
Attached Files
File Type: txt HP Envy DV7.txt (4.8 KB, 12 views)
datnip2010 is offline  
Old 07-18-2017, 07:58 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, datnip2010.

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-18-2017, 09:17 PM   #9
Registered Member
 
Join Date: Jul 2017
Location: San Diego
Posts: 8
OS: Windows 10



Chemist,

The results from AdwCleaner:
# AdwCleaner 7.0.0.0 - Logfile created on Wed Jul 19 03:41:23 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\globalUpdate
Deleted: C:\Users\Danny\AppData\Local\globalUpdate
Deleted: C:\ProgramData\speedbrowser
Deleted: C:\ProgramData\Application Data\speedbrowser
Deleted: C:\Users\All Users\speedbrowser
Deleted: C:\Program Files (x86)\Bench
Deleted: C:\ProgramData\Ascentive
Deleted: C:\ProgramData\Application Data\Ascentive
Deleted: C:\Users\All Users\Ascentive
Deleted: C:\Program Files (x86)\S5
Deleted: C:\Program Files (x86)\AnonymizerGadget
Deleted: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
Deleted: C:\Users\Danny\AppData\Roaming\Compete
Deleted: C:\Users\Danny\AppData\Local\Conduit
Deleted: C:\Users\Danny\AppData\LocalLow\Conduit
Deleted: C:\Users\Danny\AppData\Local\llssoft
Deleted: C:\Users\Danny\AppData\Local\AppTrailers
Deleted: C:\Users\Danny\AppData\Roaming\AppTrailers
Deleted: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
Deleted: C:\Users\Danny\AppData\Local\cool_mirage
Deleted: C:\Users\Danny\AppData\Roaming\BROWSERMODULE
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Deleted: C:\Program Files (x86)\ProxyGate
Deleted: C:\ProgramData\InternetUpdater
Deleted: C:\ProgramData\Application Data\InternetUpdater
Deleted: C:\Users\All Users\InternetUpdater
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\ProgramData\SuperbApp
Deleted: C:\ProgramData\Application Data\SuperbApp
Deleted: C:\Users\All Users\SuperbApp
Deleted: C:\Program Files (x86)\WebConnect
Deleted: C:\ProgramData\DSearchLink
Deleted: C:\ProgramData\Application Data\DSearchLink
Deleted: C:\Users\All Users\DSearchLink
Deleted: C:\Users\Danny\AppData\Local\WeatherAlerts


***** [ Files ] *****

Deleted: C:\Users\All Users\Desktop\eBay.lnk
Deleted: C:\Users\Public\Desktop\eBay.lnk
Deleted: C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
Deleted: C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Optimizer Pro
Deleted: [Key] - HKCU\Software\Optimizer Pro
Deleted: [Key] - HKLM\SOFTWARE\SpeedBrowser
Deleted: [Key] - HKLM\SOFTWARE\SPPDCOM
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Appscion
Deleted: [Key] - HKCU\Software\Appscion
Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\eSupport.com
Deleted: [Key] - HKCU\Software\eSupport.com
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\GlobalUpdate
Deleted: [Key] - HKCU\Software\GlobalUpdate
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\powerpack
Deleted: [Key] - HKCU\Software\powerpack
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\SoftSuma
Deleted: [Key] - HKCU\Software\SoftSuma
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZSearch
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Updater
Deleted: [Value] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Updater
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AppTrailers
Deleted: [Value] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|perkda
Deleted: [Value] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SearchProtect
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|SearchProtectAll
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\Layers\SPVC32LDR
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\Compete
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\Compete
Deleted: [Key] - HKLM\SOFTWARE\CompeteInc
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\ConsumerInput
Deleted: [Key] - HKCU\Software\ConsumerInput
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKLM\SOFTWARE\Iminent
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppTrailers
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\AppDataLow\Software\AppTrailers
Deleted: [Key] - HKCU\Software\AppDataLow\Software\AppTrailers
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\MeSafe
Deleted: [Key] - HKCU\Software\MeSafe
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\mesafe
Deleted: [Key] - HKCU\Software\mesafe
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\1ClickDownload
Deleted: [Key] - HKCU\Software\1ClickDownload
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\System Healer
Deleted: [Key] - HKCU\Software\System Healer
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\DriverRestore
Deleted: [Key] - HKCU\Software\DriverRestore
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\MICROSOFT\wewewe
Deleted: [Key] - HKCU\Software\MICROSOFT\wewewe
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Browser
Deleted: [Key] - HKCU\Software\Browser
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted: [Key] - HKLM\SOFTWARE\WebConnect
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Deleted: [Key] - HKLM\SOFTWARE\Browser Champion
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB
Deleted: [Key] - HKLM\SOFTWARE\AdvertisingSupport
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Deleted: [Key] - HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKLM\SOFTWARE\Linksicle
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\Interstat
Deleted: [Key] - HKCU\Software\Interstat
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted: [Key] - HKLM\SOFTWARE\TornTv Downloader
Deleted: [Key] - HKU\.DEFAULT\Software\TornTv Downloader
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\TornTv Downloader
Deleted: [Key] - HKU\S-1-5-18\Software\TornTv Downloader
Deleted: [Key] - HKCU\Software\TornTv Downloader
Deleted: [Key] - HKU\S-1-5-21-3202762594-1396796749-2674158668-1001\Software\InstallCore
Deleted: [Key] - HKCU\Software\InstallCore


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: AOL - aol.com
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: AVG Secure Search - mysearch.avg.com
SearchProvider deleted: Ask - ask.com
SearchProvider deleted: Ask - ask.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [16360 B] - [2017/7/19 3:37:59]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
-----------------------------------------------
I can't the the Fabar Recovery Tool exe to run.
datnip2010 is offline  
Old 07-18-2017, 09:47 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



https://www.bleepingcomputer.com/down...an-tool/dl/82/
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-18-2017, 11:36 PM   #11
Registered Member
 
Join Date: Jul 2017
Location: San Diego
Posts: 8
OS: Windows 10



Chemist,

I'm having issues producing the txt documents. I attached a picture of the pop up notifications I get. I get blank notepads and those notifications. What do I need to do.
Attached Thumbnails
Click image for larger version

Name:	issues.jpg
Views:	63
Size:	39.8 KB
ID:	310113  
datnip2010 is offline  
Old 07-19-2017, 12:35 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, datnip2010. Sorry you are having trouble.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Windows\System32\drivers\ndistpr64.sys

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------

FRST64 should not be in a FRST folder on your desktop. FRST64 should be on the desktop. Did you create the FRST folder on your desktop and then download FRST to that FRST folder?

See if FRST.txt and Addition.txt are on the desktop, not in the desktop FRST folder.

If you still have trouble, do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    FRST.txt
    Addition.txt
    FRST64.exe
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-19-2017, 08:42 PM   #13
Registered Member
 
Join Date: Jul 2017
Location: San Diego
Posts: 8
OS: Windows 10



Chemist,

Attach is a Paint picture of the issue I have with VirusTotal.
As for Farbar it doesn't populate the FRST.txt nor the Addition.txt.
I just download the FRST64 executable and the RST folder saves in my local disk (C:).
Attached Thumbnails
Click image for larger version

Name:	VirusTotal.png
Views:	67
Size:	121.8 KB
ID:	310193  
datnip2010 is offline  
Old 07-19-2017, 09:18 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Please run SystemLook_x64 as per the instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-20-2017, 08:01 PM   #15
Registered Member
 
Join Date: Jul 2017
Location: San Diego
Posts: 8
OS: Windows 10



Chemist,

I know I may be making things difficult but I honestly can't get the Fabar recovery tool to work. I don't know if you have any other methods or programs you may want to try. I do apologize if I am making this process difficult for you.
datnip2010 is offline  
Old 07-20-2017, 08:15 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



It appears you are looking for the logs in the FRST folder. They are saved to your desktop, not the FRST folder.

The logs should also open once FRST64 completes its run. Do you see the FRST64 icon on your desktop? Or you may find the FRST64 executable in your Downloads folder. Just double-click it and follow the prompts. Sorry, FRST is all we have for Win10.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Local Area Connection, doesn't have a valid IP configuration
A little preface before I get into my problem. Last night my friend and I were looking to play a game together. After some research and so forth, we determined that Hamachi was the way to play. So we installed and began to play. Fast forward to this morning, and suddenly my ethernet cable no longer...
TTunnell Networking Support 26 05-22-2014 12:04 AM
Help..xp bsod when i run virus scan.
Hi, this is Troy, i have windows xp with sp3 and i everytime i run a virus scan and have run multiple kinds from windows to maleware bytes...you name it. I get to a point in the scan where i get a blue screen and then computer shuts down. When i run it with out doing a scan the computer stays on....
sootherlol Virus/Trojan/Spyware Help 0 02-18-2013 05:31 PM
Happili Virus Redirect
Hello: I've been hit with the Happili virus where it redirects me when I conduct a google search. Attached is the GMER and TDSS files. Your help is greatly appreciated. Thank you. -ttvr4
ttvr4 Resolved HJT Threads 14 05-15-2012 11:47 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:47 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts