Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Help with detecting malware/spyware etc

This is a discussion on Help with detecting malware/spyware etc within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi there, Please see my original thread https://www.techsupportforum.com/foru...ml#post7155937 Laptop running a little jerky and slow lately with slightly higher CPU


Closed Thread
 
Thread Tools Search this Thread
Old 07-22-2016, 05:38 PM   #1
Registered Member
 
Join Date: Dec 2007
Posts: 152
OS: Windows 8.1 (64 Bit)



Hi there,

Please see my original thread

https://www.techsupportforum.com/foru...ml#post7155937

Laptop running a little jerky and slow lately with slightly higher CPU usage. I ran the tests as required. Can anyone please point out if there is something to be concerned about

Thanks
X
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.494
Run by Jacob at 18:55:18 on 2016-07-22
Microsoft Windows 10 Home 10.0.10586.0.1252.61.1033.18.7096.5433 [GMT 10:00]
.
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\ESET\ESET Antivirus\x86\ekrn.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
svchost.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\ESET\ESET Antivirus\egui.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\System32\svchost.exe -k smphost
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [OneDrive] "C:\Users\Jacob\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{9508ae77-e926-4d4e-9365-114598747903} : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{9508ae77-e926-4d4e-9365-114598747903}\75966696D22556075616475627 : DHCPNameServer = 10.1.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\syswow64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\syswow64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
IFEO: SppExtComObj.exe - C:\WINDOWS\SECOH-QAD.exe
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX5REC
x64-Run: [egui] "C:\Program Files\ESET\ESET Antivirus\egui.exe" /hide /waitservice
x64-Run: [StartCN] "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-IFEO: SppExtComObj.exe - C:\WINDOWS\SECOH-QAD.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\pmkfxh30.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2015-9-28 82672]
R0 amdpsp;AMD PSP Service;C:\WINDOWS\System32\drivers\amdpsp.sys [2016-2-10 277240]
R0 edevmon;edevmon;C:\WINDOWS\System32\drivers\edevmon.sys [2015-7-13 251632]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 eamonm;eamonm;C:\WINDOWS\System32\drivers\eamonm.sys [2015-7-13 255240]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-11 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 AdaptiveSleepService;AdaptiveSleepService;C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2015-11-29 138752]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2016-4-5 260112]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Antivirus\x86\ekrn.exe [2015-7-8 1353720]
R2 epfwwfpr;epfwwfpr;C:\WINDOWS\System32\drivers\epfwwfpr.sys [2015-7-13 168208]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-3-16 28552]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-12-5 312056]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 111120]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2015-6-7 604776]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2013-1-24 10752]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2014-7-22 839896]
R3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-5-7 143144]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2016-5-4 997568]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-3-23 327808]
S2 tbaseprovisioning;tbaseprovisioning;C:\Windows\syswow64\tbaseprovisioning.exe [2015-6-23 54808]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 amd_sata;amd_sata;C:\WINDOWS\System32\drivers\amd_sata.sys [2014-7-22 81608]
S3 amd_xata;amd_xata;C:\WINDOWS\System32\drivers\amd_xata.sys [2014-7-22 23752]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2015-7-29 40720]
S3 amdkmcsp;AMD Kernel Mode CSP Service;C:\WINDOWS\System32\drivers\amdkmcsp.sys [2016-2-10 101112]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-4-13 245760]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-8 117248]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-5-7 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-10-30 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-10-1 422656]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 SynRMIHID;Synaptics HID Service;C:\WINDOWS\System32\drivers\SynRMIHID.sys [2015-10-1 48296]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-11 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-6-16 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-5-11 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-13 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinDivert1.1;WinDivert1.1;C:\Program Files\KMSpico\WinDivert.sys [2016-5-8 35376]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-2 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-13 26112]
S4 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-07-16 00:15:34 -------- d-sh--w- C:\found.000
2016-07-15 23:48:51 -------- d-----w- C:\WINDOWS\pss
2016-07-15 23:28:26 -------- d-----w- C:\Users\Jacob\AppData\Roaming\Raptr
2016-07-14 07:58:31 -------- d-----w- C:\Users\Jacob\AppData\Roaming\library_dir
2016-07-14 07:58:12 -------- d-----w- C:\Program Files (x86)\Raptr Inc
2016-07-14 07:57:26 45848 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2016-07-14 07:57:26 42264 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2016-07-14 07:57:26 126232 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2016-07-14 07:57:26 125720 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2016-07-14 07:57:04 -------- d-----w- C:\Program Files (x86)\VulkanRT
2016-07-14 07:51:48 -------- d-----w- C:\Users\Jacob\AppData\Local\ATI
2016-07-13 11:26:59 1797120 ----a-w- C:\WINDOWS\System32\Windows.UI.Immersive.dll
2016-07-13 11:25:59 7977472 ----a-w- C:\WINDOWS\System32\mos.dll
2016-07-13 11:24:58 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-06-30 11:55:40 226488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-06-28 03:02:18 -------- d-----w- C:\Users\Jacob\AppData\Local\Brice_Lambson
2016-06-28 03:01:59 -------- d---a-w- C:\Program Files\Image Resizer for Windows
2016-06-28 03:01:58 -------- d---a-w- C:\Program Files (x86)\Image Resizer for Windows
2016-06-26 03:14:23 -------- d-----w- C:\Users\Jacob\AppData\Local\Apple Computer
2016-06-26 03:13:37 -------- d-----w- C:\Program Files (x86)\iTunes
2016-06-26 03:13:35 -------- d-----w- C:\Program Files\iPod
2016-06-26 03:13:33 -------- d---a-w- C:\Program Files\iTunes
2016-06-26 03:12:41 -------- d-----w- C:\Users\Jacob\AppData\Local\Apple
2016-06-26 03:12:21 -------- d---a-w- C:\Program Files\Bonjour
2016-06-26 03:12:21 -------- d---a-w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2016-07-15 23:50:53 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2016-07-02 04:37:58 828408 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-07-02 04:37:58 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-07-01 05:30:46 1505984 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-07-01 05:30:45 587456 ----a-w- C:\WINDOWS\System32\generaltel.dll
2016-07-01 05:30:45 559808 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-07-01 05:30:45 50368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2016-07-01 05:30:45 310464 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-07-01 05:30:45 284352 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2016-07-01 05:30:45 1223872 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-07-01 05:05:16 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2016-07-01 04:50:22 37232 ----a-w- C:\WINDOWS\System32\wldp.dll
2016-07-01 04:49:41 277856 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2016-07-01 04:49:21 1997328 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-07-01 04:49:20 874968 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-07-01 04:49:20 1030416 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-07-01 04:49:15 7469408 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-07-01 04:49:13 337336 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2016-07-01 04:49:11 1317640 ----a-w- C:\WINDOWS\System32\winload.efi
2016-07-01 04:49:11 1141504 ----a-w- C:\WINDOWS\System32\winload.exe
2016-07-01 04:48:59 2656408 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-01 04:48:51 1238584 ----a-w- C:\WINDOWS\System32\Taskmgr.exe
2016-07-01 04:45:06 1613664 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2016-07-01 04:43:41 3449168 ----a-w- C:\WINDOWS\System32\WSService.dll
2016-07-01 04:39:09 1557776 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-07-01 04:38:57 32552 ----a-w- C:\WINDOWS\SysWow64\wldp.dll
2016-07-01 04:38:57 256192 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2016-07-01 04:38:51 1862008 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-07-01 04:38:28 1083656 ----a-w- C:\WINDOWS\SysWow64\Taskmgr.exe
2016-07-01 04:35:49 498960 ----a-w- C:\WINDOWS\System32\MFCaptureEngine.dll
2016-07-01 04:35:49 1299504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-07-01 04:35:47 847656 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-07-01 04:35:47 35656 ----a-w- C:\WINDOWS\System32\mfpmp.exe
2016-07-01 04:35:47 1092464 ----a-w- C:\WINDOWS\System32\mfplat.dll
2016-07-01 04:35:45 586208 ----a-w- C:\WINDOWS\System32\mf.dll
2016-07-01 04:35:45 1554152 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2016-07-01 04:35:44 1552104 ----a-w- C:\WINDOWS\System32\winmde.dll
2016-07-01 04:35:00 331616 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2016-07-01 04:34:39 1322248 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-07-01 04:34:26 808288 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-07-01 04:33:40 1750440 ----a-w- C:\WINDOWS\System32\WpcMon.exe
2016-07-01 04:33:26 566104 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2016-07-01 04:33:22 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-07-01 04:33:21 730352 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2016-07-01 04:33:21 374008 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2016-07-01 04:33:02 725776 ----a-w- C:\WINDOWS\System32\SHCore.dll
2016-07-01 04:33:02 4515256 ----a-w- C:\WINDOWS\explorer.exe
2016-07-01 04:32:57 6605544 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2016-07-01 04:32:55 1040800 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2016-07-01 04:32:52 1603224 ----a-w- C:\WINDOWS\System32\propsys.dll
2016-07-01 04:32:28 6536256 ----a-w- C:\WINDOWS\System32\sppsvc.exe
2016-07-01 04:32:27 692136 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2016-07-01 04:32:26 1540224 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-07-01 04:32:09 78040 ----a-w- C:\WINDOWS\System32\Clipc.dll
2016-07-01 04:32:08 1128104 ----a-w- C:\WINDOWS\System32\ClipUp.exe
2016-07-01 04:32:03 625000 ----a-w- C:\WINDOWS\System32\ClipSVC.dll
2016-07-01 04:32:01 106928 ----a-w- C:\WINDOWS\System32\phoneactivate.exe
2016-07-01 04:31:59 604928 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-07-01 04:31:59 161632 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2016-07-01 04:31:29 1848584 ----a-w- C:\WINDOWS\System32\crypt32.dll
2016-07-01 04:25:52 2145032 ----a-w- C:\WINDOWS\System32\d3d9.dll
2016-07-01 04:25:38 2773096 ----a-w- C:\WINDOWS\System32\d3d11.dll
2016-07-01 04:25:27 1987936 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-07-01 04:25:23 393568 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-07-01 04:25:22 648256 ----a-w- C:\WINDOWS\System32\dxgi.dll
2016-07-01 04:25:17 577376 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-07-01 04:24:52 1776768 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-07-01 04:24:44 911648 ----a-w- C:\WINDOWS\System32\dcomp.dll
2016-07-01 04:23:07 32040 ----a-w- C:\WINDOWS\SysWow64\mfpmp.exe
2016-07-01 04:23:05 511320 ----a-w- C:\WINDOWS\SysWow64\mf.dll
2016-07-01 04:23:03 451936 ----a-w- C:\WINDOWS\SysWow64\MFCaptureEngine.dll
2016-07-01 04:23:01 1349640 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2016-07-01 04:23:00 925576 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2016-07-01 04:23:00 709176 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-07-01 04:23:00 1118208 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-07-01 04:21:34 28851224 ----a-w- C:\WINDOWS\System32\WindowsCodecsRaw.dll
2016-07-01 04:21:25 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-07-01 04:21:24 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-07-01 04:21:18 2403168 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2016-07-01 04:21:02 376536 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
2016-07-01 04:20:59 388896 ----a-w- C:\WINDOWS\System32\wmpps.dll
2016-07-01 04:20:56 503600 ----a-w- C:\WINDOWS\System32\DMRServer.dll
2016-07-01 04:20:04 254656 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2016-07-01 04:20:03 465760 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2016-07-01 04:19:53 4074160 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2016-07-01 04:19:46 5240960 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2016-07-01 04:19:46 1355336 ----a-w- C:\WINDOWS\SysWow64\propsys.dll
2016-07-01 04:19:45 836760 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2016-07-01 04:19:45 569752 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
2016-07-01 04:18:32 64584 ----a-w- C:\WINDOWS\SysWow64\Clipc.dll
2016-07-01 04:17:59 1536600 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2016-07-01 04:12:20 1866104 ----a-w- C:\WINDOWS\SysWow64\d3d9.dll
2016-07-01 04:12:02 2186864 ----a-w- C:\WINDOWS\SysWow64\d3d11.dll
2016-07-01 04:11:45 521152 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2016-07-01 04:11:05 1522160 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-07-01 04:10:57 675064 ----a-w- C:\WINDOWS\SysWow64\dcomp.dll
2016-07-01 04:07:09 28083144 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecsRaw.dll
2016-07-01 04:03:18 84480 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-07-01 04:03:04 89088 ----a-w- C:\WINDOWS\System32\MapsCSP.dll
2016-07-01 04:00:30 957952 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
.
============= FINISH: 18:55:34.89 ===============
Attached Files
File Type: txt attach.txt (13.8 KB, 32 views)
xcortman is offline  
Sponsored Links
Advertisement
 
Old 07-23-2016, 01:32 PM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello xcortman,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Back up important files before we start.

Now, let's get started, shall we? Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.

========================================================

Things I need to see in your next post:
  • İnformation about proxy
  • FRST.txt
  • Addition.txt
__________________
tekir06 is offline  
Old 07-23-2016, 08:10 PM   #3
Registered Member
 
Join Date: Dec 2007
Posts: 152
OS: Windows 8.1 (64 Bit)



Hi Tolga,

Thank you for the prompt response and the help being offered. I appreciate it a lot :)

I followed all your steps exactly as described and here are the results from AdwCleaner. I have also attached the other 2 files as requested.

-----------------------------------------------------------------------------

# AdwCleaner v5.201 - Logfile created 24/07/2016 at 12:52:21
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-21.2 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Jacob - DESKTOP-6PHJHTC
# Running from : C:\Users\Jacob\Downloads\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Users\Jacob\AppData\Local\DriverToolkit

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key Deleted : HKCU\Software\DriverToolkit

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1157 bytes] - [24/07/2016 12:52:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [1271 bytes] - [24/07/2016 12:47:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1303 bytes] ##########
--------------------------------------------------------------------------
Attached Files
File Type: txt Addition_24-07-2016_13-03-47.txt (41.8 KB, 24 views)
File Type: txt FRST_24-07-2016_13-03-47.txt (91.3 KB, 31 views)
xcortman is offline  
Sponsored Links
Advertisement
 
Old 07-25-2016, 12:17 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello xcortman,,

Are you using a legal copy of Office or any MS product ?
__________________
tekir06 is offline  
Old 07-25-2016, 03:18 AM   #5
Registered Member
 
Join Date: Dec 2007
Posts: 152
OS: Windows 8.1 (64 Bit)



Quote:
Originally Posted by tekir06 View Post
Hello xcortman,,

Are you using a legal copy of Office or any MS product ?
Hi Tolga,

Do you think that that could be the issue? I'm not sure, I'll have to check.

x
xcortman is offline  
Old 07-26-2016, 04:23 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello xcortman,

Unfortunately, you're using illegal Office. KMSpico is crack. This tool can be used to activate any version of Windows and MS office. Do not use of such tools/software (like kmspico and cracked software).

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if cracked (illegal) software is present on the machine.

Installed Program

MS Office

You will have to uninstall Microsoft Office before we can proceed. You can use this free alternative to Office:

Donate ยป LibreOffice

After uninstalling Office, and rebooting, please run FRST again, and post/attach the logs as before. Don't forget to tick the Addition.txt box before clicking Scan.
__________________
tekir06 is offline  
Old 08-01-2016, 02:08 AM   #7
Registered Member
 
Join Date: Dec 2007
Posts: 152
OS: Windows 8.1 (64 Bit)


Post

Hello Tolga,

I really want to get down to the bottom of this so I removed KMSpico along with MS Office completely. I didn't have any other illegal software. So it should be all gone now.

I have restarted and done a re-scan for you. Here are the results again.

Thanks
x

---------------------------------------------------------------------------

# AdwCleaner v5.201 - Logfile created 01/08/2016 at 19:03:06
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-31.4 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Jacob - DESKTOP-6PHJHTC
# Running from : C:\Users\Jacob\Downloads\AdwCleaner(1).exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1382 bytes] - [24/07/2016 12:52:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [1271 bytes] - [24/07/2016 12:47:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [778 bytes] - [01/08/2016 19:03:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [850 bytes] ##########
Attached Files
File Type: txt Addition_01-08-2016_18-54-03.txt (42.2 KB, 30 views)
File Type: txt FRST_01-08-2016_18-54-03.txt (88.1 KB, 26 views)
xcortman is offline  
Old 08-04-2016, 04:20 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello xcortman,

Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
FirewallRules: [{A5D14958-0140-4346-8DCE-5EA5A614E993}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30107EB6-067D-4298-935B-6191622AD427}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{480A4AA9-42F4-46CE-866A-A83B5EEEFD55}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6AF26A93-2156-48EF-9F02-9D9796DB8D3C}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7EA527BE-5C8F-48C5-A011-70F876880691}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0102A8EE-C00C-4A2E-AA80-F62CE17E9682}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
HKLM-x32\...\Run: [] => [X]
IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
2016-07-22 19:08 - 2016-07-24 12:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.


NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 08-05-2016, 02:00 AM   #9
Registered Member
 
Join Date: Dec 2007
Posts: 152
OS: Windows 8.1 (64 Bit)



Hello tekir06,

Here is my log from the fixlog.txt

Thanks
-----------------------------------------------------------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Jacob (2016-08-05 18:52:13) Run:1
Running from C:\Users\Jacob\Desktop
Loaded Profiles: Jacob (Available Profiles: Jacob)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
FirewallRules: [{A5D14958-0140-4346-8DCE-5EA5A614E993}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30107EB6-067D-4298-935B-6191622AD427}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{480A4AA9-42F4-46CE-866A-A83B5EEEFD55}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6AF26A93-2156-48EF-9F02-9D9796DB8D3C}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7EA527BE-5C8F-48C5-A011-70F876880691}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0102A8EE-C00C-4A2E-AA80-F62CE17E9682}] => (Allow) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
HKLM-x32\...\Run: [] => [X]
IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
2016-07-22 19:08 - 2016-07-24 12:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5D14958-0140-4346-8DCE-5EA5A614E993} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30107EB6-067D-4298-935B-6191622AD427} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{480A4AA9-42F4-46CE-866A-A83B5EEEFD55} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AF26A93-2156-48EF-9F02-9D9796DB8D3C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7EA527BE-5C8F-48C5-A011-70F876880691} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0102A8EE-C00C-4A2E-AA80-F62CE17E9682} => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe" => key removed successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2020131078-2845087480-1379700110-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2020131078-2845087480-1379700110-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {AED8DF5E-E69E-4249-BDAE-70BEC0FC216C}.
{FD9F84BB-6BD6-4A6F-BA6F-1262269CDB6A} canceled.
1 out of 2 jobs canceled.

========= End ofCMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9576502 B
Java, Flash, Steam htmlcache => 608 B
Windows/system/drivers => 2578 B
Edge => 6891 B
Chrome => 0 B
Firefox => 21856590 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7168 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 818 B
NetworkService => 0 B
Jacob => 12557770 B

RecycleBin => 0 B
EmptyTemp: => 42 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:53:03 ====
xcortman is offline  
Old 08-05-2016, 05:08 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello xcortman,

Thanks for the log. Please do the below steps.

STEP 1


Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

STEP 2

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.

You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
Tick the option Enable detection of potentially unwanted applications
Click on Advanced settings
Make sure that the option Clean threats automatically is unticked.
Ensure these options are ticked:
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology
Click Scan
Wait for the scan to finish.
When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Please copy/paste the contents of the log in your next reply.
To close ESET Online Scanner, select Do not clean then Finish
__________________
tekir06 is offline  
Old 08-07-2016, 03:54 AM   #11
Registered Member
 
Join Date: Dec 2007
Posts: 152
OS: Windows 8.1 (64 Bit)



Hi tekir06,

I couldn't complete STEP 2. The online eset scanner would scan right to the end and come up with an error, "Program had to shut down - unexpected error". When i hit ok it would kill the program. I tried this twice and followed your steps exactly.

I believe it found 2 threats though.

However here are the results from STEP one attached.


Thanks
x
Attached Files
File Type: txt Scanlog.txt (1.0 KB, 27 views)
xcortman is offline  
Old 08-08-2016, 01:11 AM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello xcortman,

How is the machine behaving now? What problems do you still have?
__________________
tekir06 is offline  
Old 08-08-2016, 01:57 AM   #13
Registered Member
 
Join Date: Dec 2007
Posts: 152
OS: Windows 8.1 (64 Bit)



Quote:
Originally Posted by tekir06 View Post
Hello xcortman,

How is the machine behaving now? What problems do you still have?
Its behaving a LOT better :)

Although when I'm doing nothing my CPU runs between 25%-30%.

Is this normal??

X
xcortman is offline  
Old 08-10-2016, 11:51 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello xcortman,

What process or processes are using the CPU in Task Manager?
__________________
tekir06 is offline  
Old 08-12-2016, 11:00 PM   #15
Registered Member
 
Join Date: Dec 2007
Posts: 152
OS: Windows 8.1 (64 Bit)



Quote:
Originally Posted by tekir06 View Post
Hello xcortman,

What process or processes are using the CPU in Task Manager?
Hello tekir06,

I recorded a small video of my CPU processes for you.

Please find it here - CPU Processes - protrader10's library

As you can see, it seems normal but I have a delayed response whenever I click on something for e.g browser, an icon on desktop or even browsing the internet.

Thanks
x
xcortman is offline  
Old 08-18-2016, 07:59 AM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

I did not see a problem.

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.
  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.
Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn on Automatic Updates in Windows 10

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 08-20-2016, 12:43 AM   #17
Registered Member
 
Join Date: Dec 2007
Posts: 152
OS: Windows 8.1 (64 Bit)



Hi tekir06,

I just decided to reset my laptop with a clean install. This has helped me significantly. I also changed a few things. Using chrome instead of firefox and i feel that its so much more lighter on system resources.

THANKYOU SO MUCH for all you help man. I've learned so much just from this post.

All the best!
x
xcortman is offline  
Old 08-27-2016, 02:18 PM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello xcortman,

You're welcome. I'm glad to help. Thank you for your patience and cooperation.
__________________
tekir06 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
My Computer is not detecting my hard drive
Hi, so I have a Dell Precision T3500 PC, and I recently just bought a Media Max WL1000GSA6472 hard drive. My computer is not detecting the hard drive. I have a SATA cable plugged in and a power cable but my computer is not detecting it. Please help - Thanks
gtopp Hard Drive Support 6 11-26-2015 09:01 AM
Computer suddenly stopped detecting lan connection
I have a wired lan connection directly from my ASUS router to my desktop computer. The connection has been fine for months. Last night I shut my desktop and turned it on normally this morning. It is no longer detecting the wired connection. No one in the house touched the router, wire, or computer...
bo0ga Windows XP Support 1 03-16-2013 06:04 PM
Not Detecting Third Display When Crossfire is Enabled?
I am running two HIS Radion 6970's and a triple monitor setup. I have the latest driver installed and my computer is only detecting only the two displays attached to my primary video card and not the third display attached to the second video card when Crossfire is enabled. But for some reason my...
StrangeCloud Video Card Support 3 01-20-2012 04:07 PM
WIFI not detecting connections
Hello, My laptop wifi was detecting 3 public wireless network as well as the home network but since this morning, it's only detecting the home network and not the other 3 public connections. If someone secured the connections, they should still show under the network connection tab on the task...
yusrieee Modems/Cable/DSL/Satellite 3 11-18-2011 01:16 PM
Frozen on Detecting IDE Drives.
Hello, I'm using a GA M61PME-S2 MOBO with 3 Hard Drives and an AMD Althlon 64 X2 5200+ Processor. Everything was running smoothly for over 2-3 years but recently my computer wasn't shutdown properly because of a power blackout and since then the computer won't start normally, It was freezing on...
warioz Motherboards, Bios & CPU 2 09-04-2011 10:34 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:44 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts