Solved Multiple Drives attacked by Trojens

[ronaldo9_r9]

Hi,

I have four hard drives connected to the PC, Avast notified me regarding Win32:Apanas [Trj] and Win32 :Neshta. I have run this tool already and it has removed 178 infected item but I am still getting popups from Avast regarding Apanas trojen.

I have 1 hardrive for gaming, 1 for video editing and programs and it looks like during boottime scan Avast deleted majority of files including Steam.exe, Firefox, Chrome etc. I am a webdeveloper and I use Wamp64 on local machine I had many websites on the drive and It looks like during avast scan it removed majority of plugins and wampserver.exe etc.

It has deleted many games .exe from steam directory and I have lost my work when avast deleted all .exe or plugins in wamp64 folder.

Whenever I open .exe file Avast flags it as Apanas trojen even program like Amd chip drivers.exe, spotify.exe etc.

I am not sure what other damage this has done. Doesn't matter which drive I am using if I open .exe file its infected.

I am so much stuff on all four drives its unthinkable of losing any I cannot afford too.

Please me with removing this Trojen and help me cleaning .exe or all my hardrives.

Thanks

I am attaching FRST.txt and Addition.txt as I cannot post FRST.txt due to Ngix error.

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[ronaldo9_r9]

Hi quick question I have Malwarebytes Premium Can I use that instead?

 

[Broni]

Yes

 

[ronaldo9_r9]

RKreport.txt

RogueKiller V12.11.21.0 (x64) [Oct 23 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : ronal [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/28/2017 02:09:22 (Duration : 00:20:35)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1164088789-1923042617-3614956070-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1164088789-1923042617-3614956070-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][File] C:\Users\ronal\Desktop\Ace Stream Media Center.lnk [LNK@] C:\Users\ronal\AppData\Roaming\ACEStream\engine\ace_engine.exe --onstart-webui-open-page proxy-server-main -> Found
[PUP.Gen1][File] C:\Users\ronal\Desktop\Ace Stream Media Center.lnk [LNK@] C:\Users\ronal\AppData\Roaming\ACEStream\engine\ace_engine.exe --onstart-webui-open-page proxy-server-main -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EZRX-00D8PB0 +++++
--- User ---
[MBR] 9e175bf1d6ef27da50250bf7ca0764cc
[BSP] c0d4d92c88998e83133ad6fa6165f8fd : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: KINGSTON SUV400S37120G +++++
--- User ---
[MBR] faebb284a9ef12d4ee76fac63a516635
[BSP] 256ed3b39d08bda569879e583259c94a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 113971 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10EZEX-00WN4A0 +++++
--- User ---
[MBR] b91b59089873f56d97d5042c213c6722
[BSP] fd6158abeb93fa445887e4e9396f57ad : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: MD10000-NSDW-RO +++++
--- User ---
[MBR] 4f137d77682c80d9009f2af24a86dee8
[BSP] 6066bd784c75cd8956778c56aea355e3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 83315 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 170631168 | Size: 520521 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1236658176 | Size: 350032 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

[ronaldo9_r9]

Malwarebytes Report

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/28/17
Scan Time: 2:38 AM
Log File: b1d43704-bb80-11e7-a68a-10f005399026.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3114
License: Premium

-System Information-
OS: Windows 10 (Build 16299.19)
CPU: x64
File System: NTFS
User: DESKTOP-DQUN45T\ronal

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383395
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

[ronaldo9_r9]

# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 28 01:46:20 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [3850 B] - [2017/10/26 21:48:54]
C:/AdwCleaner/AdwCleaner[C1].txt - [1278 B] - [2017/10/27 18:47:57]
C:/AdwCleaner/AdwCleaner[S0].txt - [4055 B] - [2017/10/26 21:48:19]
C:/AdwCleaner/AdwCleaner[S1].txt - [1104 B] - [2017/10/27 18:46:58]
C:/AdwCleaner/AdwCleaner[S2].txt - [1220 B] - [2017/10/28 1:44:55]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

 

[ronaldo9_r9]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by ronal (Administrator) on 28/10/2017 at 2:49:44.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (ronal) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_ronal (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_ronal.job (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/10/2017 at 2:54:27.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[ronaldo9_r9]

Thanks for helping me.

I ran Malwarebytes yesterday with custom scan scanning all drives and also used Neshta removal. This program removed 178 infected files. Malwarebytes also quarantined 50+ files and Adw also.

I also worried about what happened to my other drives, I have only Windows and Programs installed on C:\ everything else is on other drives. Thats where all games, pictures, programs like Adobe Photoshop etc are.

 

[Broni]

I just noticed that you're being helped at Bleepingcomputer: https://www.bleepingcomputer.com/forums/t/661255/netsha-apana-effecting-all-drives/
You shouldn't be doing this, posting at multiple boards and involve more than 1 person in solving your issue.
For that reason I'm closing this topic.

 

[Broni]

Reopened.
I don't see anything malicious on your computer.

To make sure Avast is not creating some false positives run this on your computer and scan all your external drives as well...

• Download Sophos Free Virus Removal Tool and save it to your desktop
• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[ronaldo9_r9]

2017-10-28 20:22:17.429 Sophos Virus Removal Tool version 2.6.1
2017-10-28 20:22:17.429 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-10-28 20:22:17.429 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-10-28 20:22:17.429 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2017-10-28 20:22:17.429 Checking for updates...
2017-10-28 20:22:17.463 Update progress: proxy server not available
2017-10-28 20:22:25.824 Option all = no
2017-10-28 20:22:25.824 Option recurse = yes
2017-10-28 20:22:25.824 Option archive = no
2017-10-28 20:22:25.824 Option service = yes
2017-10-28 20:22:25.824 Option confirm = yes
2017-10-28 20:22:25.824 Option sxl = yes
2017-10-28 20:22:25.824 Option max-data-age = 35
2017-10-28 20:22:25.824 Option vdl-logging = yes
2017-10-28 20:22:25.839 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-10-28 20:22:25.839 Machine ID: 302be78d7c074b11aa1dcb47e919acd9
2017-10-28 20:22:25.839 Component SVRTcli.exe version 2.6.1
2017-10-28 20:22:25.839 Component control.dll version 2.6.1
2017-10-28 20:22:25.839 Component SVRTservice.exe version 2.6.1
2017-10-28 20:22:25.839 Component engine\osdp.dll version 1.44.1.2286
2017-10-28 20:22:25.839 Component engine\veex.dll version 3.68.6.2286
2017-10-28 20:22:25.839 Component engine\savi.dll version 9.0.7.2286
2017-10-28 20:22:25.839 Component rkdisk.dll version 1.5.31.1
2017-10-28 20:22:25.839 Version info: Product version 2.6.1
2017-10-28 20:22:25.839 Version info: Detection engine 3.68.6
2017-10-28 20:22:25.839 Version info: Detection data 5.44
2017-10-28 20:22:25.839 Version info: Build date 19/09/2017
2017-10-28 20:22:25.839 Version info: Data files added 309
2017-10-28 20:22:25.839 Version info: Last successful update (not yet updated)
2017-10-28 20:22:27.402 Downloading updates...
2017-10-28 20:22:27.418 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-10-28 20:22:27.418 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-10-28 20:22:27.418 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-10-28 20:22:27.418 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-10-28 20:22:27.418 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I49502] sdds.data0910.xml: found supplement IDE545 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-10-28 20:22:27.418 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE545 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE545 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I49502] sdds.data0910.xml: found supplement IDE546 LATEST path= baseVersion= [included from product IDE545 LATEST path=]
2017-10-28 20:22:27.418 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE546 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE546 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product IDE546 LATEST path=]
2017-10-28 20:22:27.418 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2017-10-28 20:22:27.418 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2017-10-28 20:22:27.418 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-10-28 20:22:28.152 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-10-28 20:22:28.152 Update progress: [I19463] Product download size 174235198 bytes
2017-10-28 20:22:31.450 Update progress: [I19463] Syncing product IDE545 LATEST path=
2017-10-28 20:22:31.450 Update progress: [I19463] Product download size 2585002 bytes
2017-10-28 20:22:32.106 Update progress: [I19463] Syncing product IDE546 LATEST path=
2017-10-28 20:22:32.106 Update progress: [I19463] Product download size 2931677 bytes
2017-10-28 20:22:32.872 Update progress: [I19463] Syncing product IDE547 LATEST path=
2017-10-28 20:22:32.872 Update progress: [I19463] Syncing product IDE548 LATEST path=
2017-10-28 20:22:32.919 Installing updates...
2017-10-28 20:22:33.544 Error level 1
2017-10-28 20:22:38.685 Update successful
2017-10-28 20:22:46.499 Option all = no
2017-10-28 20:22:46.499 Option recurse = yes
2017-10-28 20:22:46.499 Option archive = no
2017-10-28 20:22:46.499 Option service = yes
2017-10-28 20:22:46.499 Option confirm = yes
2017-10-28 20:22:46.499 Option sxl = yes
2017-10-28 20:22:46.499 Option max-data-age = 35
2017-10-28 20:22:46.499 Option vdl-logging = yes
2017-10-28 20:22:46.514 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-10-28 20:22:46.514 Machine ID: 302be78d7c074b11aa1dcb47e919acd9
2017-10-28 20:22:46.514 Component SVRTcli.exe version 2.6.1
2017-10-28 20:22:46.514 Component control.dll version 2.6.1
2017-10-28 20:22:46.514 Component SVRTservice.exe version 2.6.1
2017-10-28 20:22:46.514 Component engine\osdp.dll version 1.44.1.2286
2017-10-28 20:22:46.514 Component engine\veex.dll version 3.68.6.2286
2017-10-28 20:22:46.514 Component engine\savi.dll version 9.0.7.2286
2017-10-28 20:22:46.514 Component rkdisk.dll version 1.5.31.1
2017-10-28 20:22:46.514 Version info: Product version 2.6.1
2017-10-28 20:22:46.514 Version info: Detection engine 3.68.6
2017-10-28 20:22:46.514 Version info: Detection data 5.44
2017-10-28 20:22:46.514 Version info: Build date 19/09/2017
2017-10-28 20:22:46.514 Version info: Data files added 309
2017-10-28 20:22:46.514 Version info: Last successful update 28/10/2017 21:22:38

2017-10-28 20:42:46.720 Could not open C:\pagefile.sys
2017-10-28 21:28:14.551 >>> Virus 'W32/Bloat-A' found in file C:\Program Files (x86)\AMD\CNext\CCCSlim\MOM.InstallProxy.exe
2017-10-28 21:35:29.034 >>> Virus 'W32/Bloat-A' found in file C:\Program Files (x86)\obs-studio\uninstall.exe
2017-10-28 21:36:58.438 >>> Virus 'W32/Bloat-A' found in file C:\Program Files (x86)\VulkanRT\1.0.54.0\vulkaninfo32.exe
2017-10-28 21:38:58.924 Could not open C:\swapfile.sys
2017-10-28 21:48:03.892 Could not open C:\System Volume Information\{2c09da88-b9db-11e7-9844-10f005399026}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-10-28 21:48:03.892 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-10-28 21:48:03.892 Could not open C:\System Volume Information\{7dc50ab2-ba9a-11e7-9849-10f005399026}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-10-28 21:48:03.892 Could not open C:\System Volume Information\{92efe031-ba97-11e7-9848-10f005399026}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-10-28 21:48:03.892 Could not open C:\System Volume Information\{dfae76ad-bb81-11e7-9862-10f005399026}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-10-28 21:48:03.892 Could not open C:\System Volume Information\{dfae8a03-bb81-11e7-9862-10f005399026}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-10-28 22:04:25.005 Could not open C:\Windows\System32\config\BBI
2017-10-28 22:04:25.036 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-10-28 22:04:25.036 Could not open C:\Windows\System32\config\RegBack\SAM
2017-10-28 22:04:25.036 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-10-28 22:04:25.036 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-10-28 22:04:25.036 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-10-29 00:47:51.181 Password protected file E:\Movies\DVDRips\Video Trianing\Microsfot Office\Lynda.com - Microsoft Office 2007 System Suite Training\Lynda.Com - EXCEL TRAINING\exercise files\09_Sharing_Worksheet\EatCake Inventory list5.xlsx
2017-10-29 00:47:53.884 Password protected file E:\Movies\DVDRips\Video Trianing\Microsfot Office\Lynda.com - Microsoft Office 2007 System Suite Training\Lynda.Com - POWERPOINT TRAINING\exercise files\Lesson10\ECPReview10c.pptx
2017-10-29 02:03:36.908 Could not check H:\PC Programs\Programs Folder\Nusrat Blog & Other files\Nusrat Website\College Work\Multimedia (Flash MX)\Animating Scene Elements\Theory.doc (corrupt)
2017-10-29 02:18:26.728 Could not open LOGICAL:0008:00000000
2017-10-29 02:18:26.728 Could not open I:\
2017-10-29 02:18:29.916 The following items will be cleaned up:
2017-10-29 02:18:29.916 W32/Bloat-A
2017-10-29 02:18:29.916 W32/Bloat-A
2017-10-29 02:18:29.916 W32/Bloat-A

 

[Broni]

Is Avast still being triggered by your external drives?

 

[ronaldo9_r9]

Not anymore. I have run various scans with malwarebytes, AVG and ADW. All are showing clean. I went through program Files (x86) folder it has windows nt in small caps. Is that supposed to be there?

Also I had many .exe files that were deleted by Avast. Firefox.exe was deleting I thought I lost all my favs/bookmarks but when I installed firefox again I could see all my bookmarks etc. So it looks data was not deleted only .exe file.

I have many programs like steam, Notepad++, wampserver etc having missing .exe. I am thinking of reinstalling those. I think data is still there for all missing .exe files it just needs reinstalling.

Do you have any suggestion towards this?

 

[Broni]

Reinstalling should be fine.
You should be good to go