GMER Scan – csrss.exe? – Virus, Trojan, Spyware, and Malware Removal Help


Hello, Welcome to BleepingComputer.

I’m nasdaq and will be helping you.

 

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

===

 

No malware was found in your logs.

 

Why did you execute the GMER program?

This program is no longer supported and should not be used.

<<<>>>

 

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.

 

start
 
CreateRestorePoint:
CloseProcesses:
 
HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION
Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect32.dll [No File]
U3 kfrdyaob; C:UsersindexAppDataLocalTempkfrdyaob.sys [56584 2021-10-15] (GMEREK Systemy Komputerowe Przemyslaw Gmerek -> GMER) [File not signed] <==== ATTENTION
S3 MpKsl96d46665; ??C:ProgramDataMicrosoftWindows DefenderDefinition Updates{D2831937-169C-46CA-A77A-68594282892B}MpKslDrv.sys [X]
 
CustomCLSID: HKUS-1-5-21-3647044211-270998057-1447843332-1001_ClassesCLSID{2F81B25E-7507-4844-BFF2-77D2CC24CED4}localserver32 -> "C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKUS-1-5-21-3647044211-270998057-1447843332-1001_ClassesCLSID{e8c77137-e224-5791-b6e9-ff0305797a13}InprocServer32 -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [Library Location] -> -{3dad6c5d-2167-4cae-9914-f99e41c12cfa} =>  -> No File
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: Off)
FirewallRules: [TCP Query User{CE16DF46-9FF3-49BB-B546-E322DD674AD5}C:program files (x86)tilted phoquesharborharbor.exe] => (Allow) C:program...

Source…