Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Computer locking up slow after sus download

This is a discussion on Computer locking up slow after sus download within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, Last night i wanted to download a pdf to jpg converter so i went to source forge & got


 
 
Thread Tools Search this Thread
Old 10-15-2015, 11:17 PM   #1
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Hi, Last night i wanted to download a pdf to jpg converter so i went to source forge & got this hxxp://sourceforge.net/projects/convertjpgtopdf/?source=directory on this page i downloaded to app where it says download. Then a multitude of programs installed & demanded firewall access. One of them netman.exe. Next thing the computer locked up. & some windows updates that modified things. Now web pages lag out & are very slow to load. Most of my programs wont respond, ccleaner wont work, sfc.scannow wont complete. I did a spybot search & destroy scan fet minor detection usual stuff 3 wouldnt delete. I did a gdata scan no detection. I will do more scans. So below are dds & attach logs. when i went to upload attach.txt the web browser find file location popup lagged to several seconds to a minute to access computer to upload it. Then i took several seconds to upload, this is unusal as i have used it before. All programs lagging locking up even start menu.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 10.55.2
Run by Gary at 13:51:23 on 2015-10-16
Microsoft Windows 10 Pro 10.0.10240.0.1252.1.1033.18.4095.1547 [GMT 8:00]
.
AV: G DATA TOTAL PROTECTION *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: G DATA TOTAL PROTECTION *Enabled/Outdated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall *Enabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\AEADISRV.EXE
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Has Apps Com\dlfxap_updater_service.exe
C:\Program Files\Has Apps Com\dlfxap.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe
C:\WINDOWS\system32\taskhostw.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\WINDOWS\System32\vds.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\System32\Taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Google Update] "C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
uRun: [KiesPDLR.exe] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [SmartSwitchPDLR.exe] C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe Run Kies4
uRun: [Dropbox Update] "C:\Users\Gary\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [OneDrive] "C:\Users\Gary\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
mRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3648c94c-571b-4217-a170-5ba36fe383f1} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{6c180abb-3d48-404f-aa22-1c6906757a72} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{dfd11378-f819-422b-9f85-14a2836adbea} : DHCPNameServer = 192.168.1.254
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe,C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe,c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe,
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\wlhtmyvs.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Users\Gary\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.safebrowsing.downloads.enabled - false
FF - user.js: browser.safebrowsing.enabled - false
FF - user.js: browser.safebrowsing.malware.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\WINDOWS\System32\drivers\GDBehave.sys [2014-9-2 55808]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-7-12 192216]
R0 mv61xx;mv61xx;C:\WINDOWS\System32\drivers\mv61xx.sys [2011-2-9 181040]
R0 TS4NT;TS4nt driver;C:\WINDOWS\System32\drivers\TS4nt.sys [2014-9-2 98760]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-12 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 gddcv;G Data DCV Driver;C:\WINDOWS\System32\drivers\gddcv64.sys [2014-9-2 59904]
R1 GDKBFlt;G Data GDKBFlt Driver;C:\WINDOWS\System32\drivers\GDKBFlt64.sys [2014-9-2 20992]
R1 GDMnIcpt;GDMnIcpt;C:\WINDOWS\System32\drivers\MiniIcpt.sys [2014-9-2 142336]
R1 gdwfpcd;G Data WFP CD;C:\WINDOWS\System32\drivers\gdwfpcd64.sys [2014-9-2 64512]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R1 GRD;G Data Rootkit Detector Driver;C:\WINDOWS\System32\drivers\GRD.sys [2014-9-2 106272]
R1 HookCentre;HookCentre;C:\WINDOWS\System32\drivers\HookCentre.sys [2014-9-2 61440]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\WINDOWS\System32\drivers\hssdrv6.sys [2012-8-2 41704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 gddcd;G Data DCD Driver;C:\WINDOWS\System32\drivers\gddcd64.sys [2014-9-2 79872]
R3 GDPkIcpt;GDPkIcpt;C:\WINDOWS\System32\drivers\PktIcpt.sys [2014-9-2 64000]
R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2012-10-26 351520]
R3 LVUVC64;@oem63.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2012-10-26 4758176]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-7-12 25816]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Legacy Controllers;C:\WINDOWS\System32\drivers\yk63x64.sys [2015-7-10 295216]
S?4 WinDivert1.1;WinDivert1.1;C:\Program Files\Has Apps Com\WinDivert64.sys [2015-10-16 38064]
S1 PCC_DSCP;Personal Communicator DSCP Driver;C:\WINDOWS\System32\drivers\PCC_DSCP_x64.sys [2013-2-21 21152]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2015-6-3 31992]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\WINDOWS\System32\drivers\ssadadb.sys [2013-4-10 38080]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-1 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 fssfltr;fssfltr;C:\WINDOWS\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-18 37344]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 htcnprot;HTC NDIS Protocol Driver;C:\WINDOWS\System32\drivers\htcnprot.sys [2013-10-17 36928]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2014-7-12 64216]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-7 934752]
S3 Revoflt;Revoflt;C:\WINDOWS\System32\drivers\revoflt.sys [2014-12-30 31800]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\System32\drivers\ssadbus.sys [2013-4-10 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\System32\drivers\ssadmdfl.sys [2013-4-10 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\System32\drivers\ssadmdm.sys [2013-4-10 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\WINDOWS\System32\drivers\ssadserd.sys [2013-4-10 158024]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-20 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-7 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-12 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-10-16 05:49:10 16148 ----a-w- C:\WINDOWS\System32\PRECIOUS_Gary_HistoryPrediction.bin
2015-10-15 16:32:25 -------- d-----w- C:\Program Files\Has Apps Com
2015-10-15 16:30:22 -------- d-----w- C:\WINDOWS\SysWow64\updtSer
2015-10-15 16:30:22 -------- d-----w- C:\Program Files (x86)\PdfToJpgConverter
2015-10-15 16:29:03 -------- d-----w- C:\Program Files (x86)\Pdf To Jpg Converter
2015-10-15 15:41:49 -------- d-----w- C:\Program Files (x86)\Jpg To Pdf Converter
2015-10-15 09:04:56 -------- d-----w- C:\Users\Gary\AppData\Local\{6B3D583E-F5D4-4762-83FC-5A77F1B184D9}
2015-10-15 04:08:00 -------- d-----w- C:\Users\Gary\AppData\Local\{BBAF2D42-D889-480B-9B53-6FE8663E8B9C}
2015-10-14 10:29:44 -------- d-----w- C:\Users\Gary\AppData\Local\{04089B28-7763-4653-A1F5-32F574D5EDD0}
2015-10-13 18:43:21 -------- d-----w- C:\Users\Gary\AppData\Local\{098E4E01-D9E2-4D60-AEB7-164ABF1C7178}
2015-10-13 05:27:17 -------- d-----w- C:\Users\Gary\AppData\Local\{5831458E-6123-4D5A-A339-85017960645F}
2015-10-12 16:02:36 -------- d-----w- C:\Users\Gary\AppData\Local\{412A83E9-FBDF-47B3-989A-759991302CA7}
2015-10-12 03:22:16 -------- d-----w- C:\Users\Gary\AppData\Local\{05853521-D56B-44EF-9480-57C48FAE6DA1}
2015-10-11 03:38:01 -------- d-----w- C:\Users\Gary\AppData\Local\{37779909-AD6D-4F10-8C5C-59BCE9177AA8}
2015-10-10 03:57:05 -------- d-----w- C:\Users\Gary\AppData\Local\{AEF9CD6D-F9A4-4BD9-99DC-D1C92B978BBD}
2015-10-09 14:25:29 -------- d-----w- C:\Users\Gary\AppData\Local\{49B36FDD-4214-446E-8821-A43FACF61FCA}
2015-10-08 18:48:10 -------- d-----w- C:\Users\Gary\AppData\Local\{DB0A3A2F-BC35-4760-8A85-ED8EA0322D8C}
2015-10-08 05:59:01 -------- d-----w- C:\Users\Gary\AppData\Local\{DEB22DD3-7BAC-48CC-B19F-9325A0353B8A}
2015-10-07 03:42:46 -------- d-----w- C:\Users\Gary\AppData\Local\{419A46DC-C82A-4932-8A61-D4ECC8232A05}
2015-10-06 03:13:19 -------- d-----w- C:\Users\Gary\AppData\Local\{2ED0030D-B233-414A-BAAA-F39360E216CF}
2015-10-05 07:30:00 -------- d-----w- C:\Users\Gary\AppData\Local\{9C9E1D8D-F87A-42BC-89C9-52FD81E337BF}
2015-10-05 04:56:53 -------- d-----w- C:\Users\Gary\AppData\Local\{940EA6D4-912A-4C82-A78C-E8AB32D28FA6}
2015-10-05 04:09:07 -------- d-----w- C:\Users\Gary\AppData\Local\{E47216B3-0BEA-4444-80D5-885488EDF73C}
2015-10-05 03:11:44 810488 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-10-05 03:11:44 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-10-04 10:40:52 -------- d-----w- C:\Users\Gary\AppData\Local\{382B21D6-EC8C-4CAF-B97D-AD94EA697923}
2015-10-04 03:48:21 -------- d-----w- C:\Users\Gary\AppData\Local\{3B2466B8-024A-4F39-A6BB-3180D765B641}
2015-10-03 12:41:16 -------- d-----w- C:\Users\Gary\AppData\Local\{053CB3D7-3897-458E-A6F3-FC8E65289C70}
2015-10-02 16:13:28 -------- d-----w- C:\Users\Gary\AppData\Local\{50E388EE-91F0-41A4-A02A-789741DD5FB0}
2015-10-01 15:32:16 -------- d-----w- C:\Users\Gary\AppData\Local\{5DA72588-0F5C-4183-AF17-CEEEB4CBC6A5}
2015-10-01 05:11:59 41472 ----a-w- C:\WINDOWS\SysWow64\Windows.Speech.Pal.dll
2015-10-01 03:31:53 -------- d-----w- C:\Users\Gary\AppData\Local\{204D610A-F779-459D-9F75-658C3B0E2A99}
2015-09-30 10:28:12 -------- d-----w- C:\Users\Gary\AppData\Local\{921E6605-E0EF-433C-AF67-E1A0A064B051}
2015-09-29 16:53:17 -------- d-----w- C:\Users\Gary\AppData\Local\{FC671868-4ED1-44F7-81F5-B9882BA51BD6}
2015-09-29 02:53:43 -------- d-----w- C:\Users\Gary\AppData\Local\{05869656-A98F-4A4F-B0B5-8FA9B9033ADA}
2015-09-28 05:27:08 -------- d-----w- C:\Users\Gary\AppData\Local\{852AAE38-D595-4930-B89A-500056085BE9}
2015-09-27 17:26:45 -------- d-----w- C:\Users\Gary\AppData\Local\{059839C3-B851-476E-850C-B688ADBC2CED}
2015-09-27 03:40:36 -------- d-----w- C:\Users\Gary\AppData\Local\{B0BDF174-684E-47D6-B201-80AE02C1E3C1}
2015-09-26 23:19:22 252648 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-09-26 17:55:44 -------- d-----w- C:\Users\Gary\AppData\Local\{F6379007-A7D8-4395-9462-6B70A4417DDD}
2015-09-26 04:08:21 -------- d-----w- C:\Users\Gary\AppData\Local\{2DB923D4-1DC3-41E2-B4D6-C9576BBD9513}
2015-09-25 15:31:51 -------- d-----w- C:\Users\Gary\AppData\Local\{D28EF519-51F4-49AE-8857-6672D48DEF5E}
2015-09-24 15:59:20 -------- d-----w- C:\Users\Gary\AppData\Local\{31F88742-2E37-437C-A5AB-592A85377DDA}
2015-09-24 03:40:24 -------- d-----w- C:\Users\Gary\AppData\Local\{66E3620B-AAB5-4D43-BF18-E904731982C4}
2015-09-23 15:48:02 -------- d-----w- C:\Users\Gary\AppData\Local\{903BA944-AA12-4579-ADEA-8AC872ABA549}
2015-09-23 03:30:09 -------- d-----w- C:\Users\Gary\AppData\Local\{1DEA3499-C8FE-4E2F-A01B-7089AE9D6165}
2015-09-22 12:00:02 -------- d-----w- C:\Users\Gary\AppData\Local\{A79BA3EE-C80B-4460-814C-D3AFAA6E3DBB}
2015-09-22 03:41:20 -------- d-----w- C:\Program Files\iTunes
2015-09-22 03:41:20 -------- d-----w- C:\Program Files\iPod
2015-09-22 03:41:20 -------- d-----w- C:\Program Files (x86)\iTunes
2015-09-22 03:39:21 -------- d-----w- C:\Program Files\Bonjour
2015-09-22 03:39:21 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-09-21 09:36:51 -------- d-----w- C:\Users\Gary\AppData\Local\{51E114B9-4023-495B-A176-0F6F5212843E}
2015-09-20 18:07:33 -------- d-----w- C:\Users\Gary\AppData\Local\{B7CE4F83-2A6F-477D-A33B-6AF2E5FE5FFA}
2015-09-20 05:35:18 -------- d-----w- C:\Users\Gary\AppData\Local\{E3F1BFDC-DE82-4AC8-9DA4-60E0732256BC}
2015-09-20 04:25:43 -------- d-----w- C:\Users\Gary\AppData\Local\{49A40252-7E7E-4051-8688-B7FA8B3E88B6}
2015-09-19 03:48:48 -------- d-----w- C:\Users\Gary\AppData\Local\{FCFD8086-2170-4EF8-BD9A-E5672A49D47B}
2015-09-18 10:39:40 -------- d-----w- C:\Users\Gary\AppData\Local\{D22747D2-8D2C-4590-9D93-E7DC4DA33405}
2015-09-17 16:18:05 -------- d-----w- C:\Users\Gary\AppData\Local\{DD5A2937-BB2A-4EAB-BC4F-45CAE4AD0147}
2015-09-17 04:17:42 -------- d-----w- C:\Users\Gary\AppData\Local\{BF816C12-2776-491A-810F-A6CA3210E2E7}
2015-09-16 18:28:26 -------- d-----w- C:\Users\Gary\AppData\Local\{EA5DC746-FFFF-4A30-84CE-DB9BA7358E19}
.
==================== Find3M ====================
.
2015-10-15 16:07:27 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-10-10 07:12:02 78528 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-10-10 06:40:43 21875712 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-10-10 06:07:47 18806272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-10-06 03:03:57 16708608 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-10-06 02:46:57 13027840 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-10-05 01:50:22 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-10-05 01:50:10 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-10-05 01:50:06 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-10-01 04:01:10 858408 ----a-w- C:\WINDOWS\System32\winresume.exe
2015-10-01 04:01:10 1018568 ----a-w- C:\WINDOWS\System32\winresume.efi
2015-10-01 04:01:03 1294352 ----a-w- C:\WINDOWS\System32\winload.efi
2015-10-01 04:01:03 1123400 ----a-w- C:\WINDOWS\System32\winload.exe
2015-10-01 04:00:07 8020320 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-10-01 03:03:36 757760 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-09-25 04:01:54 2573768 ----a-w- C:\WINDOWS\System32\msxml6.dll
2015-09-25 04:01:05 498016 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2015-09-25 03:52:05 980832 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2015-09-25 03:33:37 1997336 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2015-09-25 03:11:52 257024 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2015-09-25 03:11:49 223232 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2015-09-25 03:07:38 1276416 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-09-25 03:04:57 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-09-25 03:04:12 771072 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2015-09-25 03:03:53 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-09-25 03:03:35 796160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2015-09-25 03:02:56 689152 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.Web.Core.dll
2015-09-25 03:02:42 579072 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-09-25 03:02:37 949248 ----a-w- C:\WINDOWS\System32\kerberos.dll
2015-09-25 03:02:35 7523840 ----a-w- C:\WINDOWS\System32\Chakra.dll
2015-09-25 03:01:26 4792320 ----a-w- C:\WINDOWS\System32\jscript9.dll
2015-09-25 03:01:15 3586560 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-09-25 03:00:50 1423872 ----a-w- C:\WINDOWS\System32\UserDataService.dll
2015-09-25 03:00:40 1382400 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-09-25 03:00:07 752640 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2015-09-25 03:00:05 856576 ----a-w- C:\WINDOWS\System32\ContactApis.dll
2015-09-25 02:59:54 720896 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2015-09-25 02:59:48 685568 ----a-w- C:\WINDOWS\System32\AppointmentApis.dll
2015-09-25 02:59:48 288256 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2015-09-25 02:59:48 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-09-25 02:59:38 1205248 ----a-w- C:\WINDOWS\System32\Unistore.dll
2015-09-25 02:59:31 163840 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2015-09-25 02:59:04 590336 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll
2015-09-25 02:58:37 1871360 ----a-w- C:\WINDOWS\System32\msxml3.dll
2015-09-25 02:47:16 195584 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2015-09-25 02:47:16 172032 ----a-w- C:\WINDOWS\SysWow64\PhoneCallHistoryApis.dll
2015-09-25 02:38:45 574464 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2015-09-25 02:38:40 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-09-25 02:38:19 3580416 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2015-09-25 02:37:35 613376 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2015-09-25 02:37:19 766976 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2015-09-25 02:37:09 480256 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
2015-09-25 02:36:04 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2015-09-25 02:34:21 557568 ----a-w- C:\WINDOWS\SysWow64\ChatApis.dll
2015-09-25 02:34:19 625152 ----a-w- C:\WINDOWS\SysWow64\ContactApis.dll
2015-09-25 02:34:07 579584 ----a-w- C:\WINDOWS\SysWow64\AppointmentApis.dll
2015-09-25 02:34:03 525312 ----a-w- C:\WINDOWS\SysWow64\EmailApis.dll
2015-09-25 02:34:00 928256 ----a-w- C:\WINDOWS\SysWow64\Unistore.dll
2015-09-25 02:33:44 131072 ----a-w- C:\WINDOWS\SysWow64\CallHistoryClient.dll
2015-09-25 02:32:49 466432 ----a-w- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
2015-09-25 02:32:35 1594368 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2015-09-19 05:14:37 102304 ----a-w- C:\WINDOWS\System32\omadmapi.dll
2015-09-17 06:50:17 99664 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2015-09-17 06:50:10 2464216 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-09-17 06:50:05 1563392 ----a-w- C:\WINDOWS\System32\winmde.dll
2015-09-17 06:50:02 88384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2015-09-17 06:49:33 1563472 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2015-09-17 06:49:11 6487248 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2015-09-17 06:49:11 501008 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2015-09-17 06:49:10 894256 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys
2015-09-17 06:49:01 553808 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2015-09-17 06:47:11 1397088 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-09-17 06:44:22 781976 ----a-w- C:\WINDOWS\System32\mfds.dll
2015-09-17 06:43:40 966416 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2015-09-17 06:37:20 1168736 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2015-09-17 06:37:19 1295712 ----a-w- C:\WINDOWS\System32\wpx.dll
2015-09-17 06:28:43 2154808 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-09-17 06:28:40 5120056 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2015-09-17 06:28:38 74880 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
2015-09-17 06:28:36 1357888 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2015-09-17 06:28:29 441168 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2015-09-17 06:28:21 407608 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2015-09-17 06:27:29 1766952 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2015-09-17 06:27:16 454512 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
2015-09-17 06:26:49 434376 ----a-w- C:\WINDOWS\SysWow64\MFCaptureEngine.dll
2015-09-17 06:26:41 1895568 ----a-w- C:\WINDOWS\SysWow64\hevcdecoder.dll
2015-09-17 06:26:39 2446648 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2015-09-17 06:26:38 646672 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2015-09-17 06:26:32 508248 ----a-w- C:\WINDOWS\SysWow64\mf.dll
2015-09-17 06:26:31 428128 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2015-09-17 06:25:10 962400 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-09-17 06:21:38 658528 ----a-w- C:\WINDOWS\SysWow64\mfds.dll
2015-09-17 06:20:25 764416 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2015-09-17 06:11:07 160256 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2015-09-17 06:10:35 169984 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2015-09-17 06:09:54 269312 ----a-w- C:\WINDOWS\System32\provengine.dll
2015-09-17 06:09:50 143360 ----a-w- C:\WINDOWS\System32\provops.dll
2015-09-17 06:08:23 494592 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2015-09-17 06:08:03 26624 ----a-w- C:\WINDOWS\System32\LicenseManagerShellext.exe
2015-09-17 06:08:01 53760 ----a-w- C:\WINDOWS\System32\Windows.Speech.Pal.dll
.
============= FINISH: 13:56:39.11 ===============
Attached Files
File Type: txt attach.txt (14.3 KB, 899 views)
partybot is offline  
Sponsored Links
Advertisement
 
Old 10-16-2015, 05:52 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello partybot,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the following steps.

STEP 1

Please download AdwCleaner on to your desktop.
Close all open programs and internet browsers.
Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
Click on Scan.
After the scan is complete click on "Cleaning"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[C#].txt as well.

====================================================

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 10-16-2015, 07:32 AM   #3
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



# AdwCleaner v5.013 - Logfile created 16/10/2015 at 22:10:54
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Gary - PRECIOUS
# Running from : C:\Users\Gary\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Elex-tech
[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\ProgramData\SparkTrust
[-] Folder Deleted : C:\ProgramData\myturbopc.com
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder Deleted : C:\Users\Gary\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Gary\AppData\Roaming\Elex-tech
[-] Folder Deleted : C:\Users\Gary\AppData\Roaming\SparkTrust
[-] Folder Deleted : C:\Users\Gary\AppData\Roaming\myturbopc.com

***** [ Files ] *****

[-] File Deleted : C:\Users\FixCompter\AppData\Roaming\Mozilla\Firefox\Profiles\djl0tkk6.default\user.js
[-] File Deleted : C:\Users\FixCompter\AppData\Roaming\Mozilla\Firefox\Profiles\djl0tkk6.default\user.js
[-] File Deleted : C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\wlhtmyvs.default\user.js
[-] File Deleted : C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\wlhtmyvs.default\user.js
[-] File Deleted : C:\WINDOWS\SysNative\log\iSafeKrnlCall.log

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : SACheck
[-] Task Deleted : SAUpdate

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\SearchAssist.IEModule+IECustomContextMenuCommands
[-] Key Deleted : HKLM\SOFTWARE\Classes\SearchAssist.IEModule+IECustomCommands
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKCU\Software\MyTurboPC.com
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Elex-tech
[-] Key Deleted : HKLM\SOFTWARE\SecureDownload
[-] Key Deleted : HKLM\SOFTWARE\MyTurboPC.com
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[!] Key Not Deleted : [x64] HKCU\Software\Myfree Codec
[!] Key Not Deleted : [x64] HKCU\Software\MyTurboPC.com
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\adwareROI
[!] Key Not Deleted : HKU\S-1-5-21-222160454-479590922-3030548390-1001\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

[-] [C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : searchassist.net

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [8540 bytes] ##########
partybot is offline  
Sponsored Links
Advertisement
 
Old 10-16-2015, 07:52 AM   #4
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Attached to this post is the scan results from step 2 Farbar recovery tool
Attached Files
File Type: txt Addition.txt (74.0 KB, 23 views)
File Type: txt FRST.txt (83.6 KB, 30 views)
partybot is offline  
Old 10-17-2015, 04:46 PM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello partybot,

Thanks for the logs. Let's move on.

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

=========================================================

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

=========================================================

Please do the following steps.

STEP 1

Please go to: VirusTotal
Click the Choose File button.
Please copy/paste the following bolded text into the 'File name:' box:

c:\documents and settings\all users\application data\guhujuqtij\QeqaRkemi.dpf

Click Open then click the Scan it! button just below
This will scan the file. Please be patient.
If you get a message saying File already analyzed: click Reanalyse
Once scanned, copy and paste the URL from your browser address bar in your next reply.

STEP 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST64.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

I need to see in your next post:
  • VirusTotal Link
  • Fixlog
Attached Files
File Type: txt fixlist.txt (4.0 KB, 20 views)
__________________
tekir06 is offline  
Old 10-17-2015, 09:14 PM   #6
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Hi Tolga,
Thanks for your help. I only have utorrent on my pc to download a legal free game Tera Rising. They share the game via utorrent. I have been meaning for a long time to uninstall it.

ccleaner i only use the cleanup on it. I never use the registry cleaner i fear what could happen if i do.

I tried to do step 1 however the Virus Total web page says "The path does not exist"

So i couldnt do step 1

I decided to wait to do step 2 until i have reported this to you.

Regards & thanks again for the help!
partybot is offline  
Old 10-18-2015, 11:23 PM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello partybot,

I made a mistake. Sorry. Please use the following line and do it again the VirusTotal scan. Then please do step 2.

C:\WINDOWS\SysWOW64\updtSer\winservicej.exe
__________________
tekir06 is offline  
Old 10-19-2015, 08:12 AM   #8
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Step 1 URL

https://www.virustotal.com/en/file/7...is/1445267241/
partybot is offline  
Old 10-19-2015, 08:38 AM   #9
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Step 2 FarBar fixitlog.txt


Fix result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by Gary (2015-10-19 23:15:00) Run:1
Running from C:\Users\Gary\Desktop
Loaded Profiles: Gary & NeroMediaHomeUser.4 (Available Profiles: Gary & NeroMediaHomeUser.4 & FixCompter & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
2015-10-16 22:10 - 2011-12-31 03:21 - 00000000 ____D C:\Users\Gary\AppData\LocalLow\Yahoo!
Task: {02648FC9-6475-42B7-9D39-F6A03BAE7589} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {07BD5D47-5203-451C-90E8-CF707795BBE4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0C7C0442-A8BD-4DBE-B2B7-E47C04994430} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {17649934-0414-4A86-942E-D2D2377A854A} - \{119291B3-D647-41C2-A9DA-66D5129031FE} -> No File <==== ATTENTION
Task: {1E9C513F-0EA0-48EA-B818-149C49797A83} - \SidebarExecute -> No File <==== ATTENTION
Task: {45808B84-D169-4534-A0F2-A28231D520D8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {696B4C0D-0D62-472E-90DE-5EF6EC851AE5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {70B445CB-D2AD-4941-8DA3-D85A23753546} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7420EAE3-5F67-4F8B-945C-3B4B01D74E18} - \{88BAD266-0709-4472-B222-9790B7341B4A} -> No File <==== ATTENTION
Task: {7C467064-DE86-4451-9D1F-45F69A4C4330} - \{596B164E-43A6-4981-90D5-553A0D4875F7} -> No File <==== ATTENTION
Task: {7C65CE4E-B64D-4FAC-A0B3-37881669A409} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7CA45F7E-FED6-4423-B764-5B589B65D047} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {97A8710D-0B69-4AD6-BCB7-7CAE76B34010} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {ADC63E68-8703-4C4C-8C97-34F081641DA7} - \{29F1E5F5-6CC2-4D24-B335-596CB7E7DD88} -> No File <==== ATTENTION
Task: {AE8A0C81-5F58-476E-B10A-135F2B792B4F} - \{28AACF0A-CE1E-4EE0-9A4D-52885BDB3454} -> No File <==== ATTENTION
Task: {B37B5D18-8DF6-44E6-A525-7C0B03CF32A1} - \{04CC0832-8958-4C74-B311-955C18FB5F1B} -> No File <==== ATTENTION
Task: {B77D76CD-95B0-46F4-BAB3-D15DA1EF15F1} - \{398AEFB2-4460-4A58-B398-309F3DC37DC2} -> No File <==== ATTENTION
Task: {BAE6B264-2CB9-45C4-AAAB-691FE80B56DF} - \{4F83DC76-8365-4159-99D9-28349950FEB8} -> No File <==== ATTENTION
Task: {C726663A-F666-4AEC-A0FA-97EDCD8BB832} - \{737D54AB-D763-4D3C-B858-CFC40A0CFCFD} -> No File <==== ATTENTION
Task: {D64767F1-DE9A-49B6-A13B-FDE2FFD5EB35} - \{88246526-E849-400F-AF24-BB9F20B1A54E} -> No File <==== ATTENTION
Task: {E764249C-91BB-458A-9D93-81C6525349B6} - \{0BCBB585-4686-4205-89A4-F63699D2590B} -> No File <==== ATTENTION
Task: {F526F690-343A-425B-B714-5F158537E182} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Gary\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Gary\Desktop\FRST64(1).exe:BDU
AlternateDataStreams: C:\Users\Gary\Downloads\FRST64.exe:BDU
FirewallRules: [{073C04D8-5E83-40D3-A056-339FD987CA37}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
FirewallRules: [{E99D45DE-402C-4A9B-A2AA-BDC0DEE4FAC6}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
FirewallRules: [{1F6D7C58-4090-4712-B003-41D3FD433837}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
FirewallRules: [{7E8F97BE-F1BB-442F-B579-320DCCC407FA}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
FirewallRules: [{47F9BE71-AEF4-4DAB-9414-4700B6830A95}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
FirewallRules: [{71F75772-4E17-4D0D-83DC-6CE5BC2B76F1}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
EmptyTemp:

*****************

Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem" => key removed successfully
C:\Users\Gary\AppData\LocalLow\Yahoo! => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02648FC9-6475-42B7-9D39-F6A03BAE7589}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02648FC9-6475-42B7-9D39-F6A03BAE7589}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07BD5D47-5203-451C-90E8-CF707795BBE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07BD5D47-5203-451C-90E8-CF707795BBE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C7C0442-A8BD-4DBE-B2B7-E47C04994430}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C7C0442-A8BD-4DBE-B2B7-E47C04994430}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17649934-0414-4A86-942E-D2D2377A854A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17649934-0414-4A86-942E-D2D2377A854A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{119291B3-D647-41C2-A9DA-66D5129031FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E9C513F-0EA0-48EA-B818-149C49797A83}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E9C513F-0EA0-48EA-B818-149C49797A83}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45808B84-D169-4534-A0F2-A28231D520D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45808B84-D169-4534-A0F2-A28231D520D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{696B4C0D-0D62-472E-90DE-5EF6EC851AE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{696B4C0D-0D62-472E-90DE-5EF6EC851AE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70B445CB-D2AD-4941-8DA3-D85A23753546}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70B445CB-D2AD-4941-8DA3-D85A23753546}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7420EAE3-5F67-4F8B-945C-3B4B01D74E18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7420EAE3-5F67-4F8B-945C-3B4B01D74E18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{88BAD266-0709-4472-B222-9790B7341B4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C467064-DE86-4451-9D1F-45F69A4C4330}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C467064-DE86-4451-9D1F-45F69A4C4330}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{596B164E-43A6-4981-90D5-553A0D4875F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C65CE4E-B64D-4FAC-A0B3-37881669A409}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C65CE4E-B64D-4FAC-A0B3-37881669A409}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CA45F7E-FED6-4423-B764-5B589B65D047}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CA45F7E-FED6-4423-B764-5B589B65D047}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97A8710D-0B69-4AD6-BCB7-7CAE76B34010}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97A8710D-0B69-4AD6-BCB7-7CAE76B34010}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADC63E68-8703-4C4C-8C97-34F081641DA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADC63E68-8703-4C4C-8C97-34F081641DA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{29F1E5F5-6CC2-4D24-B335-596CB7E7DD88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE8A0C81-5F58-476E-B10A-135F2B792B4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE8A0C81-5F58-476E-B10A-135F2B792B4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28AACF0A-CE1E-4EE0-9A4D-52885BDB3454}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B37B5D18-8DF6-44E6-A525-7C0B03CF32A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B37B5D18-8DF6-44E6-A525-7C0B03CF32A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{04CC0832-8958-4C74-B311-955C18FB5F1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B77D76CD-95B0-46F4-BAB3-D15DA1EF15F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B77D76CD-95B0-46F4-BAB3-D15DA1EF15F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{398AEFB2-4460-4A58-B398-309F3DC37DC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAE6B264-2CB9-45C4-AAAB-691FE80B56DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE6B264-2CB9-45C4-AAAB-691FE80B56DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4F83DC76-8365-4159-99D9-28349950FEB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C726663A-F666-4AEC-A0FA-97EDCD8BB832}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C726663A-F666-4AEC-A0FA-97EDCD8BB832}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{737D54AB-D763-4D3C-B858-CFC40A0CFCFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D64767F1-DE9A-49B6-A13B-FDE2FFD5EB35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D64767F1-DE9A-49B6-A13B-FDE2FFD5EB35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{88246526-E849-400F-AF24-BB9F20B1A54E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E764249C-91BB-458A-9D93-81C6525349B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E764249C-91BB-458A-9D93-81C6525349B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0BCBB585-4686-4205-89A4-F63699D2590B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F526F690-343A-425B-B714-5F158537E182}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F526F690-343A-425B-B714-5F158537E182}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\Users\Gary\Desktop\AdwCleaner.exe => ":BDU" ADS removed successfully.
"C:\Users\Gary\Desktop\FRST64(1).exe" => ":BDU" ADS not found.
C:\Users\Gary\Downloads\FRST64.exe => ":BDU" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{073C04D8-5E83-40D3-A056-339FD987CA37} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E99D45DE-402C-4A9B-A2AA-BDC0DEE4FAC6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F6D7C58-4090-4712-B003-41D3FD433837} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E8F97BE-F1BB-442F-B579-320DCCC407FA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47F9BE71-AEF4-4DAB-9414-4700B6830A95} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71F75772-4E17-4D0D-83DC-6CE5BC2B76F1} => value removed successfully
EmptyTemp: => 864.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:17:47 ====
partybot is offline  
Old 10-19-2015, 11:33 PM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello partybot,

Thanks for the log. Please do the following steps. Then tell me, How is the machine behaving now? What problems do you still have?

=========================================================

STEP 1

Launch Malwarebytes Anti-Malware

On the Dashboard, click the Scan Now button.
A check for database updates will be performed.
After the update check completes, a Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

========================================================

STEP 2

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 60 from the following link

Download Free Java Software

========================================================

STEP 3

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology

Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.

I need to see in your next post:

  • MBAM Log
  • ESET Log
__________________
tekir06 is offline  
Old 10-20-2015, 10:12 AM   #11
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Hi Tolga here is scan resuts. All steps completed. The my browser mozilla firefox is now locking up from time to time. It lags out saying "not responding" for a time then comes good. This is happening without HDD activity.

It also took Mawarebytes a good 5 minutes to update before scan. It always used to be very quick.

Step 1

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/20/2015
Scan Time: 7:51 PM
Logfile: MalWearBytesScan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.20.03
Rootkit Database: v2015.10.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Gary

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 533261
Time Elapsed: 48 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Attached Files
File Type: txt EsetOnlineScan.txt (2.2 KB, 16 views)
partybot is offline  
Old 10-21-2015, 01:39 AM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Is the first problems continue? (Computer locking up slow after sus download)

By backing up your Firefox bookmarks, you can try reset the Firefox. Using the relevant instructions below, please try reset Firefox browser.

Firefox:
Reset Firefox
__________________
tekir06 is offline  
Old 10-21-2015, 02:57 AM   #13
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Hi Tolga, thanks for your help. The original problem has been solved. I will try & reset firefox as mentioned.
partybot is offline  
Old 10-21-2015, 11:45 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello partybot,

You're welcome. Glad to hear that

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn on Automatic Updates in Windows 10

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 10 here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 10-25-2015, 04:37 AM   #15
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Hi Tolga, thanks for your help. Been running good for a few days now. At one point mozilla asked for a refresh to speed things up, so I did a refresh & all systems good now.

I will get onto those programs you advised as well

Thanks for for your time & support!
partybot is offline  
Old 10-25-2015, 11:59 PM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello partybot,

You're Welcome! Thank you for your patience and cooperation.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Hacker has targeted a folder-all EXE's
This post refers to my Vista System only. The problem I am experiencing with the EXE's is that when I try to run one in my Dropbox folder or subfolders, I either get the CMD line message "Access denied - c:\users\jxx\appdata\local\temp\ztmp 'C:users\jxx\appdata\local\temp\ztemp\tmpnnnn.bat (where n...
pbone_tsf Resolved HJT Threads 40 05-22-2013 05:35 AM
internet download speed slow only on one computer
Hi, first time using this site so apologies in advance if I botch up on etiquette! I have a problem with my download speed. We have a 60Mbps download speed package from our ISP however my PC is getting nowhere near that. My PC download speed is averaging at only 3Mbps - checked on...
ismiseluke Cabling and Network Cards 9 01-31-2013 07:03 PM
How to Factory Restore your Computer
How to Factory Restore your Computer This tutorial will guide you on how to do a system restore on your Windows computer. Below make sure you read and follow only the tutorial that matches your computer. If an error occurs during the restore process, stop the process and post in the appropriate...
Masterchiefxx17 Windows XP Support 0 03-24-2012 08:11 PM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:24 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts