Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Virus stopping Eset from completing

This is a discussion on Virus stopping Eset from completing within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi I had a few strange messages popping up about "computer being blocked" and not to do anything or hard


Closed Thread
 
Thread Tools Search this Thread
Old 09-16-2016, 02:31 PM   #1
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Hi

I had a few strange messages popping up about "computer being blocked" and not to do anything or hard disk would be wiped clean...

I could not close the pages but used Tastmanager to close the program (Internet Explorer11)

I tried to run Eset Online twice. It found TWO infections but each time before it completed it went all black and stopped.

The system is becoming very slow.

This is my son's computer and I am just visiting. I have only 4 days to sort this out or he will be without a computer for school. Help!!!...

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.589
Run by Camilo at 23:15:49 on 2016-09-16
Microsoft Windows 10 Home 10.0.10586.0.1252.44.2070.18.8124.5322 [GMT 2:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Panda Free Antivirus *Enabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exe
C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\POP Peeper\POPPeeper.exe
C:\Users\Camilo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
uDefault_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Users\Katerina\Desktop\Games\Arc\plugins\ArcPluginIE.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Windows\SysWOW64\F12\F12App.dll
uRun: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min
uRun: [OneDrive] "C:\Users\Camilo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
mRun: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
StartupFolder: C:\Users\Camilo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\WINDOWS\System32\RunDll32.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SafeModeBlockNonAdmins = dword:1
mPolicies-System: MaxGPOScriptWait = dword:600
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4c788607-6f52-493c-afa5-5568015d1f4b} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4c788607-6f52-493c-afa5-5568015d1f4b}\2656C6B696E6E233369346 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4c788607-6f52-493c-afa5-5568015d1f4b}\D454F4D2430353633473 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{aa158d2f-abf8-4ed5-8512-b7426d1615d1} : NameServer = 217.171.135.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SafeModeBlockNonAdmins = dword:1
x64-mPolicies-System: MaxGPOScriptWait = dword:600
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Camilo\AppData\Roaming\Mozilla\Firefox\Profiles\bb1ygktw.default-1455198740855\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-11-6 632168]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-9-15 218624]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2015-10-5 100624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-11 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 NNSALPC;NNSALPC;C:\WINDOWS\System32\drivers\nnsalpc.sys [2015-7-17 103824]
R1 NNSHTTP;NNSHTTP;C:\WINDOWS\System32\drivers\nnshttp.sys [2015-7-17 211352]
R1 NNSHTTPS;NNSHTTPS;C:\WINDOWS\System32\drivers\nnshttps.sys [2015-7-17 120216]
R1 NNSIDS;NNSIDS;C:\WINDOWS\System32\drivers\nnsids.sys [2015-7-17 120208]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\WINDOWS\System32\drivers\NNSNAHSL.sys [2015-6-19 58616]
R1 NNSPICC;NNSPICC;C:\WINDOWS\System32\drivers\nnspicc.sys [2015-7-17 112536]
R1 NNSPIHSW;NNSPIHSW;C:\WINDOWS\System32\drivers\nnspihsw.sys [2015-9-1 89472]
R1 NNSPOP3;NNSPOP3;C:\WINDOWS\System32\drivers\nnspop3.sys [2015-7-17 133528]
R1 NNSPROT;NNSPROT;C:\WINDOWS\System32\drivers\nnsprot.sys [2015-7-17 309648]
R1 NNSPRV;NNSPRV;C:\WINDOWS\System32\drivers\nnsprv.sys [2015-7-17 179608]
R1 NNSSMTP;NNSSMTP;C:\WINDOWS\System32\drivers\nnssmtp.sys [2015-7-17 122776]
R1 NNSSTRM;NNSSTRM;C:\WINDOWS\System32\drivers\nnsstrm.sys [2015-7-17 267160]
R1 NNSTLSC;NNSTLSC;C:\WINDOWS\System32\drivers\nnstlsc.sys [2015-7-17 115600]
R1 PSINKNC;PSINKNC;C:\WINDOWS\System32\drivers\PSINKNC.sys [2016-5-10 207256]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2015-10-6 98208]
R2 BTDevManager;BTDevManager;C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe [2014-11-12 98816]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 29728]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [2015-9-3 606224]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-8 15720]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-12-19 373160]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2015-10-18 142072]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-12 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-10-6 19438920]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2016-2-22 73176]
R2 PSINAflt;PSINAflt;C:\WINDOWS\System32\drivers\PSINAflt.sys [2016-5-10 173464]
R2 PSINFile;PSINFile;C:\WINDOWS\System32\drivers\PSINFile.sys [2016-5-10 130968]
R2 PSINProc;PSINProc;C:\WINDOWS\System32\drivers\PSINProc.sys [2016-5-10 133528]
R2 PSINProt;PSINProt;C:\WINDOWS\System32\drivers\PSINProt.sys [2016-5-10 143768]
R2 PSINReg;PSINReg;C:\WINDOWS\System32\drivers\PSINReg.sys [2016-5-10 117144]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2015-10-22 38136]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2016-6-3 389896]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-10-6 291032]
R2 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-5-17 268920]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-5-11 245760]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\WINDOWS\System32\drivers\clwvd.sys [2014-11-12 41704]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-8-20 25816]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-10-6 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-10-6 38048]
R3 PSKMAD;PSKMAD;C:\WINDOWS\System32\drivers\PSKMAD.sys [2016-2-7 61712]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\WINDOWS\System32\drivers\RtkBtfilter.sys [2015-10-30 624424]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2015-10-6 874712]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\drivers\rtwlane.sys [2015-8-28 4629744]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-10-6 42696]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-5-11 694784]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2015-6-23 30384]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-8-20 1135416]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 ArcService;Arc Service;C:\Users\Katerina\Desktop\Games\Arc\ArcService.exe [2016-8-18 88024]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-2-13 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-25 129152]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-9-19 38264]
S3 IntcDAud;Áudio Intel(R) para Ecrãs;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-10-5 454416]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-8-20 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-8-20 64216]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-6-5 310528]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-15 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-4-25 221824]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-11 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-2 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-9-15 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdm_usb;wdm_usb;C:\WINDOWS\System32\drivers\usb2ser.sys [2016-7-15 151184]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-9-15 364456]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 wmbclass;USB Mobile Broadband Adapter Driver;C:\WINDOWS\System32\drivers\wmbclass.sys [2015-10-30 303104]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-5-11 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-5-11 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
SUnknown IoQos;IoQos; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-09-16 20:33:38 -------- d-----w- C:\WINDOWS\pss
2016-09-16 17:57:55 -------- d-----w- C:\NVIDIA
2016-09-16 16:17:53 -------- d-----w- C:\Users\Camilo\AppData\Local\ESET
2016-09-15 12:59:59 3065344 ----a-w- C:\WINDOWS\SysWow64\mstsc.exe
2016-09-15 12:58:59 70656 ----a-w- C:\WINDOWS\SysWow64\AppCapture.dll
2016-09-15 12:57:59 2444288 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll
2016-09-15 12:56:57 9920512 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-09-15 12:55:59 738816 ----a-w- C:\WINDOWS\SysWow64\appwiz.cpl
2016-09-15 12:54:59 2632192 ----a-w- C:\WINDOWS\SysWow64\rdpcore.dll
2016-09-15 12:53:59 775168 ----a-w- C:\WINDOWS\System32\Display.dll
2016-09-08 11:27:20 -------- d-----w- C:\Users\Camilo\AppData\Local\ElevatedDiagnostics
2016-09-08 09:22:26 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared
2016-09-08 09:21:41 -------- d-----w- C:\Program Files (x86)\ScanSoft
2016-09-08 09:19:22 -------- d-----w- C:\ProgramData\Brother
2016-08-31 21:49:24 -------- d-----w- C:\ProgramData\KingsIsle Entertainment
.
==================== Find3M ====================
.
2016-09-16 20:57:31 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-15 12:16:21 635904 ----a-w- C:\WINDOWS\SysWow64\mqsnap.dll
2016-09-15 12:16:21 14848 ----a-w- C:\WINDOWS\SysWow64\mqcertui.dll
2016-09-15 12:16:20 18944 ----a-w- C:\WINDOWS\System32\mqcertui.dll
2016-09-07 06:04:35 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2016-09-07 05:37:36 572272 ----a-w- C:\WINDOWS\SysWow64\taskschd.dll
2016-09-07 05:37:36 129888 ----a-w- C:\WINDOWS\System32\drivers\ksecdd.sys
2016-09-07 05:36:37 405856 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2016-09-07 05:36:10 528736 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2016-09-07 05:35:27 1613664 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2016-09-07 05:35:19 523616 ----a-w- C:\WINDOWS\System32\wimserv.exe
2016-09-07 05:35:16 989536 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2016-09-07 05:34:14 3449168 ----a-w- C:\WINDOWS\System32\WSService.dll
2016-09-07 05:34:05 2587696 ----a-w- C:\WINDOWS\System32\msxml6.dll
2016-09-07 05:33:45 1297760 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2016-09-07 05:33:16 2026736 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2016-09-07 05:33:08 986976 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2016-09-07 05:27:40 413536 ----a-w- C:\WINDOWS\System32\wifitask.exe
2016-09-07 05:27:05 538632 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2016-09-07 05:25:09 1270064 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2016-09-07 05:25:03 1447776 ----a-w- C:\WINDOWS\System32\webservices.dll
2016-09-07 05:25:01 2607336 ----a-w- C:\WINDOWS\System32\combase.dll
2016-09-07 05:25:00 1322248 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-09-07 05:23:59 1750440 ----a-w- C:\WINDOWS\System32\WpcMon.exe
2016-09-07 05:23:53 374008 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2016-09-07 05:23:49 730344 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2016-09-07 05:23:48 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-09-07 05:23:47 565600 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2016-09-07 05:23:32 6605544 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2016-09-07 05:23:30 4515256 ----a-w- C:\WINDOWS\explorer.exe
2016-09-07 05:23:30 1603224 ----a-w- C:\WINDOWS\System32\propsys.dll
2016-09-07 05:23:26 725776 ----a-w- C:\WINDOWS\System32\SHCore.dll
2016-09-07 05:23:23 1040792 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2016-09-07 05:23:01 692136 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2016-09-07 05:23:01 6536248 ----a-w- C:\WINDOWS\System32\sppsvc.exe
2016-09-07 05:23:00 1540216 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-09-07 05:22:53 742192 ----a-w- C:\WINDOWS\System32\EditionUpgradeManagerObj.dll
2016-09-07 05:22:37 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-09-07 05:22:37 1085728 ----a-w- C:\WINDOWS\SysWow64\webservices.dll
2016-09-07 05:22:36 625000 ----a-w- C:\WINDOWS\System32\ClipSVC.dll
2016-09-07 05:22:34 1128096 ----a-w- C:\WINDOWS\System32\ClipUp.exe
2016-09-07 05:22:32 1824264 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2016-09-07 05:22:29 431296 ----a-w- C:\WINDOWS\System32\bcryptprimitives.dll
2016-09-07 05:22:28 604920 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-09-07 05:22:27 638816 ----a-w- C:\WINDOWS\System32\drivers\ClipSp.sys
2016-09-07 05:22:26 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-09-07 05:22:07 359256 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-09-07 05:21:16 465760 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2016-09-07 05:21:01 5240952 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2016-09-07 05:21:00 4074160 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2016-09-07 05:20:57 836752 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2016-09-07 05:20:57 1355336 ----a-w- C:\WINDOWS\SysWow64\propsys.dll
2016-09-07 05:20:56 569744 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
2016-09-07 05:19:34 360480 ----a-w- C:\WINDOWS\SysWow64\bcryptprimitives.dll
2016-09-07 05:19:06 294752 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-09-07 05:16:22 2144512 ----a-w- C:\WINDOWS\System32\d3d9.dll
2016-09-07 05:16:15 2773088 ----a-w- C:\WINDOWS\System32\d3d11.dll
2016-09-07 05:16:06 2548936 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-09-07 05:16:02 1988448 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-09-07 05:15:31 1776768 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-09-07 05:15:29 550656 ----a-w- C:\WINDOWS\System32\directmanipulation.dll
2016-09-07 05:15:19 1415200 ----a-w- C:\WINDOWS\System32\msctf.dll
2016-09-07 05:15:16 911640 ----a-w- C:\WINDOWS\System32\dcomp.dll
2016-09-07 05:14:49 216416 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2016-09-07 05:14:27 430944 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2016-09-07 05:13:29 1865584 ----a-w- C:\WINDOWS\SysWow64\d3d9.dll
2016-09-07 05:13:16 2186856 ----a-w- C:\WINDOWS\SysWow64\d3d11.dll
2016-09-07 05:12:50 2195632 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-09-07 05:12:18 1522152 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-09-07 05:12:10 28851224 ----a-w- C:\WINDOWS\System32\WindowsCodecsRaw.dll
2016-09-07 05:12:05 871776 ----a-w- C:\WINDOWS\System32\drvstore.dll
2016-09-07 05:12:04 1174008 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2016-09-07 05:11:50 57912 ----a-w- C:\WINDOWS\System32\lsass.exe
2016-09-07 05:11:46 305296 ----a-w- C:\WINDOWS\System32\wmpeffects.dll
2016-09-07 05:11:41 2187408 ----a-w- C:\WINDOWS\System32\hevcdecoder.dll
2016-09-07 05:11:37 388888 ----a-w- C:\WINDOWS\System32\wmpps.dll
2016-09-07 05:11:24 503600 ----a-w- C:\WINDOWS\System32\DMRServer.dll
2016-09-07 05:08:20 28083144 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecsRaw.dll
2016-09-07 05:08:05 116216 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2016-09-07 05:07:55 253080 ----a-w- C:\WINDOWS\SysWow64\wmpeffects.dll
2016-09-07 05:07:49 1951848 ----a-w- C:\WINDOWS\SysWow64\hevcdecoder.dll
2016-09-07 04:53:53 1033216 ----a-w- C:\WINDOWS\System32\termsrv.dll
2016-09-07 04:52:40 1035776 ----a-w- C:\WINDOWS\System32\XboxNetApiSvc.dll
2016-09-07 04:52:06 84480 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-09-07 04:51:54 89088 ----a-w- C:\WINDOWS\System32\MapsCSP.dll
2016-09-07 04:49:43 649216 ----a-w- C:\WINDOWS\System32\ngcsvc.dll
2016-09-07 04:48:54 22379520 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-09-07 04:48:42 957952 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
2016-09-07 04:47:50 66560 ----a-w- C:\WINDOWS\System32\MosHostClient.dll
2016-09-07 04:47:31 824320 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2016-09-07 04:46:53 88576 ----a-w- C:\WINDOWS\SysWow64\olepro32.dll
2016-09-07 04:46:51 68608 ----a-w- C:\WINDOWS\System32\fdProxy.dll
2016-09-07 04:46:50 119296 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2016-09-07 04:46:35 61952 ----a-w- C:\WINDOWS\System32\vss_ps.dll
2016-09-07 04:46:33 31232 ----a-w- C:\WINDOWS\System32\odbcconf.dll
2016-09-07 04:46:01 123392 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2016-09-07 04:45:59 86528 ----a-w- C:\WINDOWS\System32\spcompat.dll
2016-09-07 04:45:08 37376 ----a-w- C:\WINDOWS\System32\cmintegrator.dll
2016-09-07 04:44:40 134656 ----a-w- C:\WINDOWS\System32\wificonnapi.dll
2016-09-07 04:44:35 95232 ----a-w- C:\WINDOWS\System32\SecureTimeAggregator.dll
.
============= FINISH: 23:17:31.65 ===============


No, I don't have any support disks should disaster happen!
Attached Files
File Type: txt attach.txt (1.82 MB, 18 views)
qimqim is offline  
Sponsored Links
Advertisement
 
Old 09-16-2016, 03:32 PM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello qimqim,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.

=========================================================

Things I need to see in your next post:
  • AdwCleaner[C#].txt
  • FRST.txt
  • Addition.txt
__________________
tekir06 is offline  
Old 09-16-2016, 04:05 PM   #3
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Hi Tolga

Unfortunately, while I was waiting for your reply I ran my resident Panda AV and had started some 15 minutes before I received your reply the Microsoft Malicious Software Removal Tool. I stopped this as soon as I read your comments, and neither of the programmes found anything.



Now, here is the ADWCleaner and the attachments

The computer is shared between my daugter and my son, and the malware found is from my daughter (I assume to do with games).


# AdwCleaner v6.020 - Logfile created 17/09/2016 at 00:47:17
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-16.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Camilo - HP15
# Running from : C:\Users\Camilo\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae


***** [ Files ] *****

[-] File deleted: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iblenkmcolcdonmlfknbpbgjebabcoae_0.localstorage
[-] File deleted: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iblenkmcolcdonmlfknbpbgjebabcoae_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}


***** [ Web browsers ] *****

[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.babylon.com_
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: delta-search.com
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.babylon.com
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: sweet-page
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________________
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.sweet-page.com/?type=hp&ts=1430681955&from=cor&uid=TOSHIBAXMK2556GSY_10T1F5OOSXX10T1F5OOS
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ambjmeohlajelahhhniggkkceagdlcgj
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: iblenkmcolcdonmlfknbpbgjebabcoae


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12517 Bytes] - [17/09/2016 00:47:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [12146 Bytes] - [17/09/2016 00:46:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12665 Bytes] ##########


teşekkür ederim

Please note: the sstem is on Windows 10
Attached Files
File Type: txt FRST.txt (122.5 KB, 19 views)
File Type: txt attach.txt (1.82 MB, 18 views)
qimqim is offline  
Sponsored Links
Advertisement
 
Old 09-17-2016, 12:03 PM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello qimqim,

Rica ederim.

I did not want attach.txt. I would like to see the Addition.txt. Please attach Addition.txt.
__________________
tekir06 is offline  
Old 09-17-2016, 12:07 PM   #5
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Sorry...
Attached Files
File Type: txt Addition.txt (38.9 KB, 20 views)
qimqim is offline  
Old 09-17-2016, 12:22 PM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

You're welcome. Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-3263984955-3523000862-2535710586-1004\User: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
2016-09-17 00:49 - 2016-05-10 22:44 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Task: {23F0A303-E010-4BC6-AB2B-DD6741723130} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2D9B18E5-08DE-4CCB-8347-A1FD58AD6556} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2EB8D745-9B99-4EEF-923E-664E2C211F35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {62C9012A-D4EF-4193-8864-8CB993A44D06} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {69659C3F-47BC-417A-B0CE-116390BDA292} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {81DD4034-A41D-4213-955B-F29CB1E48581} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8E0D81E4-2C79-49FA-8529-41A9F5A2BB48} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9B8AB47F-D581-4B89-9E1F-53F6A11BE637} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A91D012F-E25F-44C8-861A-4910F753BA92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BFDC837B-7781-4099-A3F1-0FDEBC48946D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ED2AB9AF-C2CC-4EEA-8A37-80AAF70EBCF8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 09-17-2016, 12:44 PM   #7
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Here it is:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016
Ran by Camilo (17-09-2016 21:33:55) Run:1
Running from C:\Users\Camilo\Desktop
Loaded Profiles: Camilo (Available Profiles: Camilo & Katerina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-3263984955-3523000862-2535710586-1004\User: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
2016-09-17 00:49 - 2016-05-10 22:44 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Task: {23F0A303-E010-4BC6-AB2B-DD6741723130} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2D9B18E5-08DE-4CCB-8347-A1FD58AD6556} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2EB8D745-9B99-4EEF-923E-664E2C211F35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {62C9012A-D4EF-4193-8864-8CB993A44D06} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {69659C3F-47BC-417A-B0CE-116390BDA292} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {81DD4034-A41D-4213-955B-F29CB1E48581} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8E0D81E4-2C79-49FA-8529-41A9F5A2BB48} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9B8AB47F-D581-4B89-9E1F-53F6A11BE637} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A91D012F-E25F-44C8-861A-4910F753BA92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BFDC837B-7781-4099-A3F1-0FDEBC48946D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ED2AB9AF-C2CC-4EEA-8A37-80AAF70EBCF8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3263984955-3523000862-2535710586-1004\User => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23F0A303-E010-4BC6-AB2B-DD6741723130}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23F0A303-E010-4BC6-AB2B-DD6741723130}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D9B18E5-08DE-4CCB-8347-A1FD58AD6556}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D9B18E5-08DE-4CCB-8347-A1FD58AD6556}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EB8D745-9B99-4EEF-923E-664E2C211F35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EB8D745-9B99-4EEF-923E-664E2C211F35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62C9012A-D4EF-4193-8864-8CB993A44D06}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62C9012A-D4EF-4193-8864-8CB993A44D06}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69659C3F-47BC-417A-B0CE-116390BDA292}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69659C3F-47BC-417A-B0CE-116390BDA292}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81DD4034-A41D-4213-955B-F29CB1E48581}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81DD4034-A41D-4213-955B-F29CB1E48581}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E0D81E4-2C79-49FA-8529-41A9F5A2BB48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E0D81E4-2C79-49FA-8529-41A9F5A2BB48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B8AB47F-D581-4B89-9E1F-53F6A11BE637}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B8AB47F-D581-4B89-9E1F-53F6A11BE637}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A91D012F-E25F-44C8-861A-4910F753BA92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A91D012F-E25F-44C8-861A-4910F753BA92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFDC837B-7781-4099-A3F1-0FDEBC48946D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFDC837B-7781-4099-A3F1-0FDEBC48946D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED2AB9AF-C2CC-4EEA-8A37-80AAF70EBCF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED2AB9AF-C2CC-4EEA-8A37-80AAF70EBCF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3263984955-3523000862-2535710586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3263984955-3523000862-2535710586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {4F8C68F2-E9CA-4E9F-B6C9-0737BEE99E1F}.
Unable to cancel {CA843EA2-4FDF-44E8-94A9-60A46DE807F2}.
{D3ADF80A-CB07-4376-B3C9-1008D85BA8FB} canceled.
1 out of 3 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 76269274 B
Java, Flash, Steam htmlcache => 960 B
Windows/system/drivers => 778901913 B
Edge => 32849655 B
Chrome => 529279812 B
Firefox => 84849605 B
Opera => 87771583 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 161452 B
NetworkService => 826 B
Camilo => 1457173549 B
Katerina => 103779900 B

RecycleBin => 1536564893 B
EmptyTemp: => 4.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:39:42 ====
Attached Files
File Type: txt Fixlog.txt (9.3 KB, 18 views)
qimqim is offline  
Old 09-18-2016, 01:41 AM   #8
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Hi Toga

As you did not come back last night I wodered if you had given the problem as solved. So, this morning I tried to run Eset Online again but wthout askimng it to clean any threats so that the system stayed the same as you had requested. I hoped that by now Eset would run through normally, but it did not: it stoppedas before before finishing having found two threats.

Either there is a vitus disabling Eset so thsat it cannot clean the virus, or there is something worong with the Eset scan programme (maybe not good for Windows10). I am attaching what happens when Eset gets to a late stage of the scan (around 75%)

Help...
Attached Thumbnails
Click image for larger version

Name:	EsetProb.PNG
Views:	58
Size:	113.3 KB
ID:	292705   Click image for larger version

Name:	EsetProb2.PNG
Views:	55
Size:	13.3 KB
ID:	292713  
qimqim is offline  
Old 09-18-2016, 10:32 AM   #9
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Hi

I found out that the Eset problem has to do with a problem with Eset itself, which may, or may not have been solved.

https://forum.eset.com/topic/8542-on...anner-crashes/

In any case, I find the computer very slow.

Thanks
qimqim is offline  
Old 09-18-2016, 12:38 PM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello qimqim,Ok. I got it. Please do the following.

Launch Malwarebytes Anti-Malware

At the end of the installation, a database update will be performed.
On the Settings tab > Detection and Protection subtab, Detection Options section, tick the box Scan for rootkits.
Click on the Scan tab, then click on Start Scan.
A check for database updates will be performed.
After the update check completes, a scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click Yes to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click 'Remove Selected'.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 09-18-2016, 11:45 PM   #11
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Hi Toga

Here are the Mbam logs, which appear to be ok...
Attached Files
File Type: txt Mbam1.txt (1.0 KB, 16 views)
File Type: txt Mbam2.txt (1.6 KB, 19 views)
qimqim is offline  
Old 09-19-2016, 12:50 AM   #12
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



I did as you asked me to ticking the rootkit option, but the log seems to have ignored it, so I did it again abd attach it below.

meanwhile strange things are happening with the screen shots attached appearing continuously.
Attached Thumbnails
Click image for larger version

Name:	Capture.PNG
Views:	63
Size:	28.2 KB
ID:	292881   Click image for larger version

Name:	Capture2.PNG
Views:	55
Size:	29.9 KB
ID:	292889   Click image for larger version

Name:	Capture3.PNG
Views:	66
Size:	24.4 KB
ID:	292897  

Click image for larger version

Name:	Capture4.PNG
Views:	64
Size:	30.1 KB
ID:	292905  
Attached Files
File Type: txt Mbam Again.txt (1.0 KB, 19 views)
qimqim is offline  
Old 09-19-2016, 03:56 AM   #13
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



I'm starting to think that all those Certificate warnings came from a particular webpage that was left open. Now that I closed it they haven't come back (yet...)
qimqim is offline  
Old 09-20-2016, 09:37 AM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Which browser is this happening in? Does it happen in all browsers?
__________________
tekir06 is offline  
Old 09-20-2016, 10:47 AM   #15
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



It appears to be in IE11, which is what I use most, and in many pages.

It seems that these popups are trying to pop-up but because I have them turned off I get the warnings... Could it be? How can I get rid of these? The system is very, very slow and maybe this is the cause.
qimqim is offline  
Old 09-23-2016, 12:15 PM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello qimqim,

Please do the following.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
__________________
tekir06 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
AVG System Tray/Software Issues
Hi and thanks in advance for any help anyone can provide. Just yesterday I was simply browsing the internet (nothing dodgy or malicious, atleast I thought) and an error message popped up saying that windows explorer had crashed, then I realised the AVG icon was removed from the system tray. ...
Ralph123 Resolved HJT Threads 18 10-22-2011 08:18 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Google Redirect Virus....PLease Help!
Hi, I have managed to contract a a very nasty virus onto my laptop which redirects my google links to other obscure websites. It also blocks me from accessing any antivirus websites such as avg.com. I have looked at other threads and tried combifix, malwarebytes, tdsskiller and everything else...
phil221986 Resolved HJT Threads 8 02-01-2011 03:49 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:22 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts