Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Cat.exe and kitty.exe malware

This is a discussion on Cat.exe and kitty.exe malware within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hey guys. My Sophos antivirus started blocking several pop-ups roughly two weeks ago. Sophos has been telling me that CAT.exe


Closed Thread
 
Thread Tools Search this Thread
Old 05-01-2017, 04:57 AM   #1
Registered Member
 
Join Date: Dec 2010
Location: Glasgow
Posts: 16
OS: Vista Home Premium service pack 2



Hey guys. My Sophos antivirus started blocking several pop-ups roughly two weeks ago. Sophos has been telling me that CAT.exe and Kitty.exe have been trying to open pop-ups. I find that the pop-ups really kick off whenever I am browsing a Google website such as gmail or google photos. I have used several anti malware/spyware programs such as Unhackme, Malwarebytes etc. The scans always find several issues, they clean them then restart my computer. When the computer is rebooted they do another scan and get rid of what is left. However, when I start the browser I start getting blocked pop ups every time.

*I do not have a bootable windows CD* And I am not sure if I have a bootable partition in HD*

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953
Run by BrendanJR at 12:40:51 on 2017-05-01
Microsoft Windows 10 Pro 10.0.14393.0.1252.44.1033.18.8088.5405 [GMT 1:00]
.
AV: Sophos Home *Enabled/Updated* {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Home *Enabled/Updated* {44CC060E-FAA8-498C-EC02-591EA8C240B2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\ibtsiva.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
C:\Program Files (x86)\ScreenShot\SSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files\Sophos\Sophos System Protection\ssp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lenovo\HOTKEY\extapsup.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
C:\Users\BRENDA~1\AppData\Local\Temp\Monitor.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
C:\Windows\SysWOW64\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Users\BrendanJR\AppData\Local\Apps\2.0\91Y1RLVH.YV2\MHO5ZVT5.D24\lsb...tion_91a10ba61c75c82d_0001.0005_a24d0d716055ed94\LSB.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\lenovo\QuickSnipService\QuickSnipInput.exe
C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Users\BrendanJR\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\svchost.exe -k swprv
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe
uRun: [OneDrive] "C:\Users\BrendanJR\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
uRunOnce: [Uninstall C:\Users\BrendanJR\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\BrendanJR\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
mRun: [Fastboot] "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Sophos AutoUpdate Monitor] "C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe"
mRun: [EaseUS Cleanup] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
mRun: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\TrayPopupE\TrayTipAgentE.exe"
dRunOnce: [Application Restart #1] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124}\25F636B6162696C6C6 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124}\3596475636F6D6333413238393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124}\35B4950303641413 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124}\35B4954464445403 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124}\55D494F5449616D6F6E646F585 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124}\A756E67657563747 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124}\B6572696 : DHCPNameServer = 10.81.224.1
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124}\E6163716 : DHCPNameServer = 192.168.0.254 192.168.0.254
TCP: Interfaces\{3938f304-245e-49fb-b782-f4cd25f86124}\F4960275966496 : DHCPNameServer = 192.168.120.1
TCP: Interfaces\{451b8356-419a-41c7-a11e-4f84ea3da408} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{b8468cd5-e061-424f-a12b-e57e0178a255} : DHCPNameServer = 192.168.42.129
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
AppInit_DLLs= C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [Integrated Camera_Monitor] "C:\Program Files (x86)\SunplusIT Integrated Camera\Monitor.exe"
x64-Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Fastboot;Fastboot;C:\WINDOWS\System32\drivers\Fastboot.sys [2015-4-20 66288]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-4-20 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-12 48992]
R0 pwdrvio;pwdrvio;C:\WINDOWS\System32\pwdrvio.sys [2017-1-11 19152]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\System32\drivers\ApsHM64.sys [2013-6-21 25856]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-11-12 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-12 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 SAVOnAccess;SAVOnAccess;C:\WINDOWS\System32\drivers\savonaccess.sys [2016-4-8 201168]
R1 SMIDriver;Synaptics SMI Driver;C:\WINDOWS\System32\drivers\smi.sys [2016-7-13 39488]
R1 swi_callout;swi_callout;C:\WINDOWS\System32\drivers\swi_callout.sys [2017-4-5 47760]
R1 ZAM_Guard;ZAM Guard Driver;C:\WINDOWS\System32\drivers\zamguard64.sys [2017-4-18 203680]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_50252;CDPUserSvc_50252;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2015-4-20 140016]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-6-27 382456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-12 733696]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-7-4 155448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-4-20 169432]
R2 Lenovo QuickSnip Service;Lenovo QuickSnip Service;C:\Program Files\Lenovo\QuickSnipService\QuickSnipService.exe [2015-4-20 219976]
R2 Lenovo Settings Service;Lenovo Settings Service;C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2015-4-20 2044408]
R2 Lenovo System Agent Service;Lenovo System Agent Service;C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe [2015-4-20 562504]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2015-4-20 110072]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2015-4-20 136288]
R2 LocationTaskManager;Location Task Manager;C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [2013-6-21 465912]
R2 OneSyncSvc_50252;Sync Host_50252;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 QuickControlMasterSvc;Lenovo QuickControl Master Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [2013-7-16 59384]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2016-10-25 229672]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2016-10-25 200064]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2017-2-2 780424]
R2 Sophos MCS Agent;Sophos MCS Agent;C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [2016-9-4 1379856]
R2 Sophos MCS Client;Sophos MCS Client;C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [2016-9-4 1805368]
R2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2016-9-13 360040]
R2 SophosDataRecorderService;Sophos Data Recorder;C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [2016-9-12 996240]
R2 sophossps;Sophos System Protection Service;C:\Program Files\Sophos\Sophos System Protection\ssp.exe [2016-9-12 5366040]
R2 SSSvc;SSSvc;C:\Program Files (x86)\ScreenShot\SSSvc.exe [2017-1-11 139744]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 swi_filter;Sophos Web Filter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [2016-9-13 475384]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2016-9-13 3644368]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-4-21 259176]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2015-4-20 125432]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-12 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-11-12 249856]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\WINDOWS\System32\drivers\e1d64x64.sys [2014-3-14 457496]
R3 EuMusDesignVirtualAudioCableWdm;@oem117.inf,%DeviceName% (WDM);Virtual Audio Cable (WDM);C:\WINDOWS\System32\drivers\vrtaucbl.sys [2010-2-15 66728]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2015-7-14 231168]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\WINDOWS\System32\drivers\ISCTD64.sys [2013-7-30 47008]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-3-4 30512]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2016-7-16 3485696]
R3 PimIndexMaintenanceSvc_50252;Contact Data_50252;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 Power Manager DBC Service;Lenovo Settings Power Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2015-4-20 1668904]
R3 QuickControlService;Lenovo QuickControl Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [2013-7-16 138232]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\WINDOWS\System32\drivers\RtsPer.sys [2015-6-15 761600]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-1-8 51296]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 SPUVCbv;SPUVCb Driver Service;C:\WINDOWS\System32\drivers\SPUVCBv_x64.sys [2015-8-24 698080]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_50252;User Data Storage_50252;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 usb3Hub;UoIP Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2013-6-21 206744]
R3 UserDataSvc_50252;User Data Access_50252;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-2-27 317400]
S2 valWBFPolicyService;Synaptics FP WBF Policy Service;C:\WINDOWS\System32\valWBFPolicyService.exe [2016-7-13 86544]
S2 valWbioSyncSvc;BiometricSensorDataSynchronization;C:\WINDOWS\System32\valWbioSyncSvc.exe [2016-7-13 56848]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-11-12 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-12 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-25 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 epmntdrv;epmntdrv;C:\WINDOWS\System32\epmntdrv.sys [2017-3-13 33448]
S3 EuGdiDrv;EuGdiDrv;C:\WINDOWS\System32\EuGdiDrv.sys [2017-3-13 10848]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-12 822232]
S3 LnvHotSpotSvc;Lenovo Settings Mobile Hotspot Service;C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [2015-4-20 468984]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2016-1-8 272864]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-12 64352]
S3 MessagingService_50252;MessagingService_50252;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 pwdspio;pwdspio;C:\WINDOWS\System32\pwdspio.sys [2017-1-11 12504]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 sdcfilter;sdcfilter;C:\WINDOWS\System32\drivers\sdcfilter.sys [2016-11-14 38144]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-11-12 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-15 1312768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2014-1-22 165504]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudserd.sys [2016-1-11 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-12 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 usbrndis6;USB RNDIS6 Adapter;C:\WINDOWS\System32\drivers\usb80236.sys [2016-7-16 23040]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-15 719872]
S3 wdm_usb;wdm_usb;C:\WINDOWS\System32\drivers\usb2ser.sys [2016-8-16 159936]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-4-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_50252;Windows Push Notifications User Service_50252;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-15 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-11-12 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-1-11 822624]
S4 BrcmSetSecurity;BrcmSetSecurity;C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [2013-7-26 283296]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 SophosBootDriver;SophosBootDriver;C:\WINDOWS\System32\drivers\SophosBootDriver.sys [2016-11-14 27904]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-05-01 11:29:14 30087 ----a-w- C:\ProgramData\agent.uninstall.1493638149.bdinstall.bin
2017-04-23 22:50:15 -------- d-----w- C:\ProgramData\dbg
2017-04-23 14:16:15 -------- d-----w- C:\Program Files\Malwarebytes
2017-04-23 14:02:03 -------- d-----w- C:\Program Files\HitmanPro
2017-04-23 14:01:50 -------- d-----w- C:\ProgramData\HitmanPro
2017-04-23 14:00:15 -------- d-----w- C:\AdwCleaner
2017-04-22 14:50:21 -------- d-----w- C:\@RestoreQuarantine
2017-04-22 14:28:15 -------- d-----w- C:\ProgramData\RegRun
2017-04-22 14:27:31 40304 ----a-w- C:\WINDOWS\SysWow64\drivers\Partizan.sys
2017-04-22 14:27:11 2 --shatr- C:\WINDOWS\winstart.bat
2017-04-22 14:27:03 49968 ----a-w- C:\WINDOWS\System32\partizan.exe
2017-04-22 14:27:03 14984 ----a-w- C:\WINDOWS\SysWow64\drivers\UnHackMeDrv.sys
2017-04-22 14:26:49 -------- d---a-w- C:\Program Files (x86)\UnHackMe
2017-04-20 18:29:42 -------- d-----w- C:\Program Files (x86)\AirShowPcSender
2017-04-19 07:52:50 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FCD6F575-9670-1B44-D27A-F29E7FFBE241}\GapaEngine.dll
2017-04-17 23:15:21 203680 ----a-w- C:\WINDOWS\System32\drivers\zamguard64.sys
2017-04-17 23:15:18 -------- d---a-w- C:\Program Files (x86)\Zemana AntiMalware
2017-04-17 23:15:08 -------- d-----w- C:\Users\BrendanJR\AppData\Local\Zemana
2017-04-17 13:40:53 -------- d-----w- C:\ProgramData\Software
2017-04-16 12:12:59 87040 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-16 12:11:59 975872 ----a-w- C:\WINDOWS\HelpPane.exe
2017-04-05 18:45:01 47760 ----a-w- C:\WINDOWS\System32\drivers\swi_callout.sys
.
==================== Find3M ====================
.
2017-04-25 20:30:38 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-16 22:38:56 532136 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-04-01 18:52:38 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-01 18:52:38 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-03-28 07:10:34 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2017-03-28 07:10:28 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-03-28 06:36:11 142176 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-03-28 06:36:08 343904 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-03-28 06:36:05 565088 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-03-28 06:36:05 1617760 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-03-28 06:36:05 1294688 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-03-28 06:35:59 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-03-28 06:32:26 198856 ----a-w- C:\WINDOWS\System32\wscapi.dll
2017-03-28 06:29:11 2213248 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-03-28 06:28:05 7786336 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-03-28 06:28:03 773720 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-03-28 06:26:23 573280 ----a-w- C:\WINDOWS\System32\AppVCatalog.dll
2017-03-28 06:26:21 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-03-28 06:26:20 754528 ----a-w- C:\WINDOWS\System32\AppVOrchestration.dll
2017-03-28 06:26:11 218520 ----a-w- C:\WINDOWS\System32\LsaIso.exe
2017-03-28 06:22:07 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-03-28 06:21:27 167848 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2017-03-28 06:20:43 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-03-28 06:20:11 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-03-28 06:20:04 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-03-28 06:19:26 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-03-28 06:18:07 1705976 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-03-28 06:15:53 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-03-28 06:12:54 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-03-28 06:11:30 360040 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2017-03-28 06:11:30 2187616 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-03-28 06:11:14 1860288 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2017-03-28 06:11:11 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2017-03-28 06:11:09 402784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-03-28 06:10:53 178528 ----a-w- C:\WINDOWS\System32\CloudExperienceHostUser.dll
2017-03-28 06:10:44 1157008 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2017-03-28 06:10:42 146776 ----a-w- C:\WINDOWS\System32\CloudExperienceHostCommon.dll
2017-03-28 06:10:41 7220184 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2017-03-28 06:10:29 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2017-03-28 06:09:48 97128 ----a-w- C:\WINDOWS\System32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-03-28 06:09:40 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-03-28 06:09:22 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-03-28 06:09:18 682816 ----a-w- C:\WINDOWS\System32\wer.dll
2017-03-28 06:08:48 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-03-28 06:08:43 1267504 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2017-03-28 06:08:39 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-03-28 06:07:35 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-03-28 0647 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2017-03-28 06:05:31 4260576 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-03-28 06:05:29 8168512 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-03-28 06:05:17 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2017-03-28 06:05:15 1848584 ----a-w- C:\WINDOWS\System32\mfsrcsnk.dll
2017-03-28 06:05:14 1988048 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2017-03-28 06:05:14 1072248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-03-28 06:05:11 1302136 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2017-03-28 06:05:07 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-03-28 06:04:59 277344 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys
2017-03-28 06:04:58 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-03-28 06:04:54 1276760 ----a-w- C:\WINDOWS\System32\ole32.dll
2017-03-28 06:04:53 136032 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
2017-03-28 06:04:39 116568 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-03-28 06:04:38 5721808 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-03-28 06:04:32 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-03-28 06:04:31 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-03-28 06:04:31 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2017-03-28 06:04:30 160088 ----a-w- C:\WINDOWS\System32\CloudExperienceHostBroker.dll
2017-03-28 06:04:17 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-03-28 06:02:55 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-03-28 06:02:48 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-03-28 06:02:01 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-03-28 06:00:09 1569184 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-03-28 06:00:05 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-03-28 05:59:11 6667520 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-03-28 05:59:05 2533728 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-03-28 05:59:01 4023008 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2017-03-28 05:58:59 1851688 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2017-03-28 05:58:53 981888 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2017-03-28 05:58:53 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2017-03-28 05:58:53 1344448 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2017-03-28 05:58:52 1277856 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2017-03-28 05:58:50 1202936 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2017-03-28 05:58:45 387872 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-03-28 05:58:44 372440 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
2017-03-28 05:58:27 961192 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-03-28 05:53:54 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-03-28 05:53:54 1414728 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-03-28 05:52:00 306800 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.MediaControl.dll
2017-03-28 05:48:07 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-03-28 05:44:50 7216640 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-03-28 05:42:28 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-03-28 05:42:06 51712 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2017-03-28 05:41:51 372736 ----a-w- C:\WINDOWS\System32\RDXTaskFactory.dll
2017-03-28 05:41:51 26112 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-03-28 05:41:49 299008 ----a-w- C:\WINDOWS\System32\rdpinit.exe
2017-03-28 05:41:47 415744 ----a-w- C:\WINDOWS\System32\rdpshell.exe
2017-03-28 05:40:58 49664 ----a-w- C:\WINDOWS\SysWow64\XblAuthManagerProxy.dll
2017-03-28 05:40:53 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-03-28 05:40:19 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-03-28 05:39:48 141824 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
2017-03-28 05:39:17 40960 ----a-w- C:\WINDOWS\SysWow64\TokenBrokerUI.dll
.
============= FINISH: 12:41:09.17 ===============
Attached Files
File Type: txt attach.txt (7.6 KB, 26 views)
Brendanjr is offline  
Sponsored Links
Advertisement
 
Old 05-02-2017, 12:32 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Brendanjr,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Back up important files before we start.

Now, let's get started, shall we?

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.

========================================================

Things I need to see in your next post:

1- AdwCleaner[C#].txt
2- FRST.txt
3- Addition.txt
__________________
tekir06 is offline  
Old 05-02-2017, 12:48 PM   #3
Registered Member
 
Join Date: Dec 2010
Location: Glasgow
Posts: 16
OS: Vista Home Premium service pack 2



# AdwCleaner v6.046 - Logfile created 02/05/2017 at 20:30:31
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-02.1 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : BrendanJR - BRENDAN
# Running from : C:\Users\BrendanJR\Downloads\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\BrendanJR\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3475 Bytes] - [23/04/2017 15:02:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [1128 Bytes] - [02/05/2017 20:17:14]
C:\AdwCleaner\AdwCleaner[C3].txt - [1022 Bytes] - [02/05/2017 20:30:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [3333 Bytes] - [23/04/2017 15:02:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [1296 Bytes] - [02/05/2017 20:16:50]
C:\AdwCleaner\AdwCleaner[S2].txt - [1501 Bytes] - [02/05/2017 20:30:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1314 Bytes] ##########
Attached Files
File Type: txt Addition_02-05-2017 20.40.49.txt (45.2 KB, 18 views)
File Type: txt FRST_02-05-2017 20.40.49.txt (92.1 KB, 18 views)
Brendanjr is offline  
Sponsored Links
Advertisement
 
Old 05-08-2017, 06:15 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Brendanjr,

Sorry for delay. Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.
Code:
CreateRestorePoint:
Task: {0DEE9F3F-55E5-4034-B5D6-BC36BC63B775} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1B803DE1-63E6-4B0F-95A4-A16D9459CDE1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1C138C2C-0E62-4689-BC16-975932A6A90C} - \WPD\SqmUpload_S-1-5-21-1760980010-3824229375-2942407906-1001 -> No File <==== ATTENTION
Task: {217DA8EE-B02A-48E2-8D76-B6DDAC500E27} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {28FB6EAF-B848-4EF0-AF22-A07061BF5A59} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2D179F10-24A1-441F-B57E-549E45406AEE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {363DE533-086A-4B08-B5E7-36C021375E07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {564BDF7B-E6ED-4DFD-A327-2DC728E274F1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {566433DC-1440-48AE-A1E8-12C04EBCFDA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {63C9E862-29C5-4653-B662-4694C847E684} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B553E0C8-8EA9-4BE1-A82D-E9D708ED0964} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B9F0D5C1-0EAA-4A2F-9DCE-FBC4C3A48BFC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D7DE4583-46CA-4E71-B9FF-56776F4B246E} - \Lenovo\Lenovo Service Bridge\S-1-5-21-1760980010-3824229375-2942407906-1001 -> No File <==== ATTENTION
Task: {E173D181-5D10-4327-8835-4B8446335020} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
URLSearchHook: [S-1-5-21-1760980010-3824229375-2942407906-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1760980010-3824229375-2942407906-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-1760980010-3824229375-2942407906-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 05-08-2017, 12:23 PM   #5
Registered Member
 
Join Date: Dec 2010
Location: Glasgow
Posts: 16
OS: Vista Home Premium service pack 2



Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by BrendanJR (08-05-2017 2014) Run:1
Running from C:\Users\BrendanJR\Downloads
Loaded Profiles: BrendanJR (Available Profiles: BrendanJR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {0DEE9F3F-55E5-4034-B5D6-BC36BC63B775} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1B803DE1-63E6-4B0F-95A4-A16D9459CDE1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1C138C2C-0E62-4689-BC16-975932A6A90C} - \WPD\SqmUpload_S-1-5-21-1760980010-3824229375-2942407906-1001 -> No File <==== ATTENTION
Task: {217DA8EE-B02A-48E2-8D76-B6DDAC500E27} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {28FB6EAF-B848-4EF0-AF22-A07061BF5A59} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2D179F10-24A1-441F-B57E-549E45406AEE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {363DE533-086A-4B08-B5E7-36C021375E07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {564BDF7B-E6ED-4DFD-A327-2DC728E274F1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {566433DC-1440-48AE-A1E8-12C04EBCFDA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {63C9E862-29C5-4653-B662-4694C847E684} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B553E0C8-8EA9-4BE1-A82D-E9D708ED0964} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B9F0D5C1-0EAA-4A2F-9DCE-FBC4C3A48BFC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D7DE4583-46CA-4E71-B9FF-56776F4B246E} - \Lenovo\Lenovo Service Bridge\S-1-5-21-1760980010-3824229375-2942407906-1001 -> No File <==== ATTENTION
Task: {E173D181-5D10-4327-8835-4B8446335020} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
URLSearchHook: [S-1-5-21-1760980010-3824229375-2942407906-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1760980010-3824229375-2942407906-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1760980010-3824229375-2942407906-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DEE9F3F-55E5-4034-B5D6-BC36BC63B775} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DEE9F3F-55E5-4034-B5D6-BC36BC63B775} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B803DE1-63E6-4B0F-95A4-A16D9459CDE1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B803DE1-63E6-4B0F-95A4-A16D9459CDE1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C138C2C-0E62-4689-BC16-975932A6A90C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C138C2C-0E62-4689-BC16-975932A6A90C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1760980010-3824229375-2942407906-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{217DA8EE-B02A-48E2-8D76-B6DDAC500E27} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{217DA8EE-B02A-48E2-8D76-B6DDAC500E27} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28FB6EAF-B848-4EF0-AF22-A07061BF5A59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28FB6EAF-B848-4EF0-AF22-A07061BF5A59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D179F10-24A1-441F-B57E-549E45406AEE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D179F10-24A1-441F-B57E-549E45406AEE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{363DE533-086A-4B08-B5E7-36C021375E07} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{363DE533-086A-4B08-B5E7-36C021375E07} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{564BDF7B-E6ED-4DFD-A327-2DC728E274F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{564BDF7B-E6ED-4DFD-A327-2DC728E274F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{566433DC-1440-48AE-A1E8-12C04EBCFDA1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{566433DC-1440-48AE-A1E8-12C04EBCFDA1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63C9E862-29C5-4653-B662-4694C847E684} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63C9E862-29C5-4653-B662-4694C847E684} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B553E0C8-8EA9-4BE1-A82D-E9D708ED0964} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B553E0C8-8EA9-4BE1-A82D-E9D708ED0964} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9F0D5C1-0EAA-4A2F-9DCE-FBC4C3A48BFC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9F0D5C1-0EAA-4A2F-9DCE-FBC4C3A48BFC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7DE4583-46CA-4E71-B9FF-56776F4B246E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7DE4583-46CA-4E71-B9FF-56776F4B246E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-1760980010-3824229375-2942407906-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E173D181-5D10-4327-8835-4B8446335020} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E173D181-5D10-4327-8835-4B8446335020} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program => key removed successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1760980010-3824229375-2942407906-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1760980010-3824229375-2942407906-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1760980010-3824229375-2942407906-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1760980010-3824229375-2942407906-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 319917258 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 4489586 B
Edge => 4083967 B
Chrome => 824548660 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1085 B
systemprofile32 => 0 B
LocalService => 1670680 B
NetworkService => 2354 B
BrendanJR => 311612921 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:07:34 ====
Brendanjr is offline  
Old 05-11-2017, 12:43 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Brendanjr,

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-3.1.2.1733.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 05-12-2017, 02:16 PM   #7
Registered Member
 
Join Date: Dec 2010
Location: Glasgow
Posts: 16
OS: Vista Home Premium service pack 2



Malwarebytes file attached.
Attached Files
File Type: txt 12.05.txt (3.8 KB, 18 views)
Brendanjr is offline  
Old 05-15-2017, 11:47 PM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Brendanjr,

Please do the following

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.

You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
Tick the option Enable detection of potentially unwanted applications
Click on Advanced settings
Make sure that the option Clean threats automatically is unticked.
Ensure these options are ticked:
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology

Click Scan
Wait for the scan to finish.
When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Please copy/paste the contents of the log in your next reply.
To close ESET Online Scanner, select Do not clean then Finish
__________________
tekir06 is offline  
Old 05-20-2017, 03:01 AM   #9
Registered Member
 
Join Date: Dec 2010
Location: Glasgow
Posts: 16
OS: Vista Home Premium service pack 2



C:\Users\BrendanJR\Downloads\Flash-2017.zip JS/TrojanDownloader.Nemucod.CXA trojan
Brendanjr is offline  
Old 05-22-2017, 12:42 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Brendanjr,

Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
C:\Users\BrendanJR\Downloads\Flash-2017.zip
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 05-27-2017, 04:40 AM   #11
Registered Member
 
Join Date: Dec 2010
Location: Glasgow
Posts: 16
OS: Vista Home Premium service pack 2



Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by BrendanJR (27-05-2017 12:29:47) Run:2
Running from C:\Users\BrendanJR\Downloads
Loaded Profiles: BrendanJR (Available Profiles: BrendanJR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Users\BrendanJR\Downloads\Flash-2017.zip
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
"C:\Users\BrendanJR\Downloads\Flash-2017.zip" => not found.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1760980010-3824229375-2942407906-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1760980010-3824229375-2942407906-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {CA99133F-BB75-4E25-9D0B-BA06E7208A73}.
0 out of 1 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 4164368 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32781082 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 60061545 B
Edge => 4044216 B
Chrome => 575615774 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 385332 B
NetworkService => 2664 B
BrendanJR => 74725520 B

RecycleBin => 0 B
EmptyTemp: => 717 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:30:34 ====
Brendanjr is offline  
Old 05-30-2017, 05:25 AM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Brendanjr,

How is the machine behaving now? What problems do you still have?
__________________
tekir06 is offline  
Old 06-01-2017, 07:42 AM   #13
Registered Member
 
Join Date: Dec 2010
Location: Glasgow
Posts: 16
OS: Vista Home Premium service pack 2



Hi Tekir06,

Thank you for your help so far.

My machine seems to be working fine now.

What is the most common way in which the virus that was in my system would have entered?

Best regards,

Brendan
Brendanjr is offline  
Old 06-05-2017, 01:39 AM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Brendanjr,

You are welcome Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn on Automatic Updates in Windows 10

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 10 here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:57 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts