User Tag List

malware !!!

This is a discussion on malware !!! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello first sorry for my English it's not my mother language so lately I've been noticing problems with my laptop


 
 
Thread Tools Search this Thread
Old 03-06-2017, 03:33 PM   #1
Registered Member
 
Join Date: Mar 2017
Posts: 6
OS: Windows 10


Mistake

Hello

first sorry for my English it's not my mother language

so lately I've been noticing problems with my laptop, when ever i start a video or a picture it takes so much time to open(the program opens but waiting to load). i'm not an expert when it comes to tech so i tried my best and no luck until one day i opened Task manager and saw Windows Command Processor and console windows host hundreds of them are working here's a picture of it:
Imgur: The most awesome images on the Internet
Imgur: The most awesome images on the Internet

so i don't know what is going on, tried everything i can think of but no luck.

Thank you.
ilxXMeMoXxli is offline  
Sponsored Links
Advertisement
 
Old 03-06-2017, 04:22 PM   #2
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,796
OS: Windows 7 Professional SP1

My System


Hi, and welcome to TSF.

Quote:
Originally Posted by jenae View Post
Hi, this is an indication that you are infected with malware, please post on our virus malware forum, please follow the "new Instructions" before posting:-

Virus/Trojan/Spyware Help
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 03-07-2017, 12:31 PM   #3
Registered Member
 
Join Date: Mar 2017
Posts: 6
OS: Windows 10



Sorry i forgot to post these files
Attached Files
File Type: txt attach.txt (6.5 KB, 10 views)
File Type: txt dds.txt (38.9 KB, 8 views)
ilxXMeMoXxli is offline  
Sponsored Links
Advertisement
 
Old 03-07-2017, 07:06 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-08-2017, 10:10 AM   #5
Registered Member
 
Join Date: Mar 2017
Posts: 6
OS: Windows 10



Here's all the logs you asked for.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by prize (administrator) on DESKTOP-DAGDISO (08-03-2017 21:05:53)
Running from C:\Users\prize\Desktop
Loaded Profiles: prize (Available Profiles: defaultuser0 & prize)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(TunnelBear) C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
() C:\Program Files (x86)\GreedyTorrent\GTor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(BitTorrent Inc.) C:\Users\prize\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\prize\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\prize\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347680 2015-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-2771706925-750451717-2446422887-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4019312 2017-02-13] (Tonec Inc.)
HKU\S-1-5-21-2771706925-750451717-2446422887-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-2771706925-750451717-2446422887-1001\...\Run: [GreedyTorrent] => C:\Program Files (x86)\GreedyTorrent\GTor.exe [2526661 2007-03-08] ()
HKU\S-1-5-21-2771706925-750451717-2446422887-1001\...\Run: [uTorrent] => C:\Users\prize\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-04] (BitTorrent Inc.)
HKU\S-1-5-21-2771706925-750451717-2446422887-1001\...\Run: [GoogleChromeAutoLaunch_74B6E39CFF42E949A040736C40957421] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\Users\prize\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-12-17]
ShortcutTarget: Curse.lnk -> C:\Users\prize\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{197780fd-bb3a-4b8b-878a-8e7bf69776af}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{39853d8b-53c0-4a59-b2c1-5a58ad095171}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)

FireFox:
========
FF DefaultProfile: g505mhjv.default
FF ProfilePath: C:\Users\prize\AppData\Roaming\Mozilla\Firefox\Profiles\g505mhjv.default [2017-03-08]
FF Homepage: Mozilla\Firefox\Profiles\g505mhjv.default -> hxxps://www.google.com.sa/webhp?hl=en&sa=X&ved=0ahUKEwjfxNSv463QAhUK2hoKHfsUA6QQPAgD&gws_rd=cr&ei=F5QsWLyJBofhaIGkn8AL
FF Extension: (Browsec) - C:\Users\prize\AppData\Roaming\Mozilla\Firefox\Profiles\g505mhjv.default\Extensions\[email protected] [2016-12-04]
FF Extension: (MEGA) - C:\Users\prize\AppData\Roaming\Mozilla\Firefox\Profiles\g505mhjv.default\Extensions\[email protected] [2017-03-02]
FF Extension: (Adblock Plus) - C:\Users\prize\AppData\Roaming\Mozilla\Firefox\Profiles\g505mhjv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\prize\AppData\Roaming\Mozilla\Firefox\Profiles\g505mhjv.default\features\{0039685e-f771-404a-bf8e-27b101530f90}\[email protected] [2017-03-03]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-2771706925-750451717-2446422887-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2771706925-750451717-2446422887-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\prize\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\prize\AppData\Roaming\IDM\idmmzcc5 [2017-03-08] [not signed]
FF HKU\S-1-5-21-2771706925-750451717-2446422887-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default [2017-03-08]
CHR Extension: (Google Slides) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-17]
CHR Extension: (Google Docs) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-17]
CHR Extension: (Google Drive) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-17]
CHR Extension: (YouTube) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-17]
CHR Extension: (Video Downloader professional) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-11-22]
CHR Extension: (Google Sheets) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-17]
CHR Extension: (Kaspersky Protection) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-18]
CHR Extension: (AdBlock) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-26]
CHR Extension: (DotVPN — a better way to VPN) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2017-02-17]
CHR Extension: (IDM Integration Module) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-12-26]
CHR Extension: (Gmail) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-17]
CHR Extension: (Chrome Media Router) - C:\Users\prize\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144096 2015-12-31] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [38272 2016-12-16] (TunnelBear)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 huawei_update; C:\WINDOWS\System32\drivers\ew_hwupgrade.sys [22016 2010-09-26] (Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\WINDOWS\System32\drivers\ew_cdcacm.sys [121728 2013-10-23] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-12-26] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-26] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-26] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2017-03-03] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-03-03] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2017-03-03] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2017-03-03] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2017-03-03] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-26] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_856a7de13f8d0ce0\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [19616 2014-09-08] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [44760 2015-08-13] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R3 SAlphaPS2; C:\WINDOWS\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2015-02-11] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 21:05 - 2017-03-08 21:06 - 00020349 _____ C:\Users\prize\Desktop\FRST.txt
2017-03-08 21:02 - 2017-03-08 21:00 - 00001011 _____ C:\Users\prize\Desktop\AdwCleaner[C0].txt
2017-03-08 20:58 - 2017-03-08 20:59 - 02423808 _____ (Farbar) C:\Users\prize\Desktop\FRST64.exe
2017-03-08 13:51 - 2017-03-08 21:00 - 00000000 ____D C:\AdwCleaner
2017-03-08 13:49 - 2017-03-08 13:50 - 04031440 _____ C:\Users\prize\Desktop\AdwCleaner.exe
2017-03-08 13:48 - 2017-03-08 13:51 - 00000127 _____ C:\Users\prize\Desktop\ckfiles.txt
2017-03-08 13:45 - 2017-03-08 13:45 - 00468480 _____ () C:\Users\prize\Desktop\CKScanner.exe
2017-03-07 23:42 - 2017-03-07 23:42 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-03-06 01:09 - 2017-03-08 21:05 - 00000000 ____D C:\FRST
2017-03-05 22:10 - 2017-03-06 00:08 - 00000222 _____ C:\Users\prize\Desktop\Yu-Gi-Oh! Legacy of the Duelist.url
2017-03-03 13:25 - 2017-03-03 13:25 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-03-03 12:20 - 2017-03-03 12:20 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-03-03 12:12 - 2017-03-08 21:01 - 00000000 ____D C:\Users\prize\AppData\LocalLow\uTorrent
2017-03-03 12:11 - 2017-03-03 12:11 - 00245512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-03-03 12:10 - 2017-03-03 12:10 - 00218920 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-03-03 12:10 - 2017-03-03 12:10 - 00164888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-03-03 12:10 - 2017-03-03 12:10 - 00104720 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-03-03 11:54 - 2017-03-03 11:54 - 00001457 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2017-03-03 11:54 - 2017-03-03 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-03-03 11:53 - 2017-03-08 21:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-03-03 11:53 - 2017-03-07 23:42 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-03 11:53 - 2017-03-03 11:54 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-03-03 11:53 - 2017-03-03 11:53 - 00002166 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2017-03-03 11:53 - 2017-03-03 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2017-03-03 11:53 - 2016-12-26 22:03 - 01019616 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-03-03 11:53 - 2016-12-26 22:03 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-03-03 11:53 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-03-03 11:53 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2017-03-03 11:45 - 2017-03-03 11:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-03-01 22:19 - 2017-03-01 22:19 - 00000000 ___HD C:\OneDriveTemp
2017-02-13 20:14 - 2016-10-17 18:35 - 00223464 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2017-02-10 04:17 - 2017-02-10 04:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 04:17 - 2016-09-09 21:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-10 04:17 - 2016-09-09 21:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-10 04:17 - 2016-09-09 21:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-10 04:17 - 2016-09-09 21:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-07 15:30 - 2017-02-07 15:30 - 00027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 21:01 - 2016-12-17 02:15 - 00000000 ____D C:\Users\prize\AppData\Roaming\Curse Client
2017-03-08 21:01 - 2016-11-18 04:10 - 00000000 ____D C:\Users\prize\AppData\Roaming\uTorrent
2017-03-08 21:01 - 2016-11-17 06:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-08 21:01 - 2016-11-17 06:02 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-08 21:01 - 2016-11-17 06:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 21:01 - 2016-11-16 19:38 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-08 21:01 - 2016-11-16 19:31 - 00000000 ____D C:\Users\prize\AppData\LocalLow\Mozilla
2017-03-08 21:01 - 2016-11-16 19:18 - 00000000 ___RD C:\Users\prize\OneDrive
2017-03-08 21:01 - 2016-11-16 19:17 - 00000000 __SHD C:\Users\prize\IntelGraphicsProfiles
2017-03-08 21:00 - 2016-11-19 02:00 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B87896E2-ED00-4E6D-B034-C59CA553BE4C}
2017-03-08 21:00 - 2016-11-17 05:41 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-08 21:00 - 2016-11-16 19:14 - 00000000 ____D C:\Users\prize
2017-03-08 20:57 - 2016-11-17 06:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 13:52 - 2016-11-16 23:57 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-08 13:46 - 2016-11-16 19:34 - 00000000 ____D C:\Users\prize\AppData\Roaming\IDM
2017-03-07 23:40 - 2016-11-18 04:01 - 00000000 ____D C:\KMPlayer
2017-03-07 23:32 - 2016-11-17 06:08 - 01045532 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-07 23:26 - 2016-11-17 05:48 - 00000000 ____D C:\Program Files (x86)\Razer
2017-03-07 23:24 - 2016-11-16 19:34 - 00000000 ____D C:\Users\prize\AppData\Roaming\DMCache
2017-03-07 22:28 - 2016-11-17 05:44 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-06 01:27 - 2016-11-16 19:34 - 00000000 ____D C:\Users\prize\Downloads\Video
2017-03-06 00:08 - 2016-11-16 23:56 - 00000000 ____D C:\Users\prize\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-05 07:47 - 2016-11-16 19:34 - 00000000 ____D C:\Users\prize\Downloads\Compressed
2017-03-04 17:15 - 2016-11-17 05:44 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-03 17:26 - 2016-12-26 23:29 - 00000000 ____D C:\Users\prize\AppData\Roaming\TunnelBear
2017-03-03 13:25 - 2016-11-17 05:43 - 00000000 ____D C:\WINDOWS\INF
2017-03-03 11:53 - 2016-11-17 05:44 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-03 11:53 - 2016-11-17 05:41 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-03 00:31 - 2016-11-17 05:44 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 22:18 - 2016-11-17 05:44 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-28 14:38 - 2016-11-16 23:11 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-27 21:47 - 2016-12-26 23:29 - 00000000 ____D C:\Program Files (x86)\TunnelBear
2017-02-25 14:18 - 2017-01-06 23:32 - 00000000 ____D C:\Users\prize\AppData\Local\CrashDumps
2017-02-24 12:01 - 2016-11-26 10:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-24 11:51 - 2016-11-17 12:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 11:49 - 2016-11-17 12:50 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 17:42 - 2016-12-26 09:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 17:42 - 2016-11-16 19:34 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-02-22 08:20 - 2016-11-17 05:41 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-18 04:56 - 2016-12-06 23:00 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-18 04:56 - 2016-11-16 19:18 - 00002373 _____ C:\Users\prize\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-15 03:55 - 2016-11-17 05:44 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 03:55 - 2016-11-17 05:44 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-07 03:51 - 2016-11-17 03:34 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 03:51 - 2016-11-17 03:34 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 22:48 - 2016-11-17 05:45 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 22:48 - 2016-11-17 05:45 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-06 13:09

==================== End of FRST.txt ============================
Attached Files
File Type: txt ckfiles.txt (127 Bytes, 9 views)
File Type: txt AdwCleaner[C0].txt (1,011 Bytes, 9 views)
File Type: txt FRST.txt (29.2 KB, 17 views)
File Type: txt Addition.txt (31.4 KB, 9 views)
ilxXMeMoXxli is offline  
Old 03-08-2017, 02:49 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello ilxXMeMoXxli. I see no sign of infection in your logs.

Are you aware that your System Restore is disabled?

Did you disable it? Are you able to turn System Restore back on?

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-09-2017, 03:29 AM   #7
Registered Member
 
Join Date: Mar 2017
Posts: 6
OS: Windows 10



i only have MBAM Log but ESET Online Scanner says no Threats found.
Attached Files
File Type: txt MBAM Log.txt (1.5 KB, 10 views)
ilxXMeMoXxli is offline  
Old 03-09-2017, 02:58 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ilxXMeMoXxli. It appears your problems are beyond malware.

What browser do you use? Does the problem happen using Firefox and Chrome?

------------------------------------------------------

You didn't address the System Restore question. Were you able to enable System Restore?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-10-2017, 09:20 AM   #9
Registered Member
 
Join Date: Mar 2017
Posts: 6
OS: Windows 10



i use both Firefox an chrome. The problem isn't showing now but you got me worried. Yeah System Restore is disable now i can ture it on the is no problem there.
ilxXMeMoXxli is offline  
Old 03-11-2017, 06:14 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hi. I would post back in your previous thread and let them know you were cleared of malware.

https://www.techsupportforum.com/foru...r-1183785.html
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Android Malware Hides as Microsoft Word File, Steals and Emails User Data to Attacker
Android Malware Hides as Microsoft Word File, Steals and Emails User Data to Attacker - Softpedia
JMH3143 Computer Security News 0 10-30-2015 10:39 PM
Jun27 New Banking Malware Uses Network Sniffing for Data Theft
New Banking Malware Uses Network Sniffing for Data Theft | Security Intelligence Blog | Trend Micro
JMH3143 Computer Security News 0 06-28-2014 05:37 PM
Police arrest three over ransom malware attacks
The UK’s Police Central e-Crime Unit (PCeU) has announced the arrest of three of three people in connection with alleged ransom malware attacks against PC users. In what counts as the first significant arrests for this type of malware made in the UK, the two men and a woman were picked up in...
Glaswegian Computer Security News 0 12-13-2012 01:00 PM
Customised malware attacks grow increasingly widespread
The rising popularity of custom malware and the inability of antivirus software to keep pace poses potent challenges for enterprises trying to keep their systems secure. It's no secret that the goal of modern malware writers is to create attack software that is stealthy and flows undetected for...
Glaswegian Computer Security News 0 03-21-2011 01:35 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:51 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts