Jump to content

HanyanC

Members
  • Content Count

    10
  • Joined

  • Last visited

About HanyanC

  • Rank
    New Member
  1. No, I have nothing else. Thank you for everything! # DelFix v1.013 - Logfile created 25/12/2017 at 11:19:50 # Updated 17/04/2016 by Xplode # Username : Legitozone (H) - MSI # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Legitozone (H)\Desktop\AdwCleaner.exe Deleted : C:\Users\Legitozone (H)\Desktop\adwcleaner_7.0.4.0.exe Deleted : C:\Users\Legitozone (H)\Desktop\Fixlog.txt Deleted : C:\Users\Legitozone (H)\Desktop\FRST64 (1).exe Deleted : C:\Users\Legitozone (H)\Desktop\Rkill.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. Hello, I think my system is behaving fine. The windows processor manager (32bit) is not in task manager anymore. Just one question, if the same problem appears again, should I seek help on the forum, or use this as a trouble shooter? Fixlog.txt
  3. AdwCleaner # AdwCleaner 7.0.5.0 - Logfile created on Sat Dec 23 15:32:21 2017 # Updated on 2017/29/11 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [2112 B] - [2017/11/2 23:13:50] C:/AdwCleaner/AdwCleaner[C1].txt - [1556 B] - [2017/11/26 5:31:49] C:/AdwCleaner/AdwCleaner[C2].txt - [1564 B] - [2017/11/27 15:30:46] C:/AdwCleaner/AdwCleaner[C3].txt - [2041 B] - [2017/12/22 14:59:55] C:/AdwCleaner/AdwCleaner[C4].txt - [2089 B] - [2017/12/23 15:26:9] C:/AdwCleaner/AdwCleaner[S0].txt - [2059 B] - [2017/11/2 23:13:30] C:/AdwCleaner/AdwCleaner[S10].txt - [1901 B] - [2017/12/23 15:25:59] C:/AdwCleaner/AdwCleaner[S11].txt - [2039 B] - [2017/12/23 15:31:13] C:/AdwCleaner/AdwCleaner[S1].txt - [1590 B] - [2017/11/26 5:25:15] C:/AdwCleaner/AdwCleaner[S2].txt - [1449 B] - [2017/11/26 5:28:29] C:/AdwCleaner/AdwCleaner[S3].txt - [1414 B] - [2017/11/27 15:29:53] C:/AdwCleaner/AdwCleaner[S4].txt - [1423 B] - [2017/12/1 21:59:41] C:/AdwCleaner/AdwCleaner[S5].txt - [1491 B] - [2017/12/2 15:42:21] C:/AdwCleaner/AdwCleaner[S6].txt - [1559 B] - [2017/12/6 19:20:20] C:/AdwCleaner/AdwCleaner[S7].txt - [1627 B] - [2017/12/10 2:8:35] C:/AdwCleaner/AdwCleaner[S8].txt - [1823 B] - [2017/12/22 14:35:53] C:/AdwCleaner/AdwCleaner[S9].txt - [1892 B] - [2017/12/22 14:57:8] ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt ########## Rogue RogueKiller V12.11.29.0 (x64) [Dec 18 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.15063) 64 bits version Started in : Normal mode User : Legitozone (H) [Administrator] Started from : D:\Big Downloads\RogueKiller_portable64.exe Mode : Delete -- Date : 12/23/2017 10:35:37 (Duration : 00:37:11) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 6 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1104895402-3119110596-1116759699-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://oem15.msn.com/?pc=NMTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1104895402-3119110596-1116759699-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://oem15.msn.com/?pc=NMTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1104895402-3119110596-1116759699-1003\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm) [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1104895402-3119110596-1116759699-1003\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F37579E2-FCA1-4687-825D-DD5AEF2B0734}C:\users\legitozone (h)\appdata\local\temp\commongamedownloader\120_1488278264_95984\teniodl.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\legitozone (h)\appdata\local\temp\commongamedownloader\120_1488278264_95984\teniodl.exe|Name=teniodl.exe|Desc=teniodl.exe|Defer=User| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{D72E43C3-591B-463E-84D4-A47D496FC28F}C:\users\legitozone (h)\appdata\local\temp\commongamedownloader\120_1488278264_95984\teniodl.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\legitozone (h)\appdata\local\temp\commongamedownloader\120_1488278264_95984\teniodl.exe|Name=teniodl.exe|Desc=teniodl.exe|Defer=User| [x] -> Deleted ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 4 ¤¤¤ [PUP.Gen1][Folder] C:\ProgramData\simplitec -> Deleted [PUP.uTorrentAds][File] C:\Users\Legitozone (H)\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Legitozone (H)\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Deleted [PUP.Gen1][Folder] C:\ProgramData\simplitec -> ERROR [3] ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.SearchPage][Chrome:Config] Profile 2 [SecurePrefs] : default_search_provider_data.template_url_data.keyword [google] -> Deleted ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: HFS128G39MNC-3510A +++++ --- User --- [MBR] cbdd134313ba05a2896a3c9757a0f917 [BSP] 0e9949b298a8b718c354ab969614755c : Empty MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 300 MB 1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 616448 | Size: 128 MB 2 - Basic data partition | Offset (sectors): 878592 | Size: 119771 MB 3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 246171648 | Size: 1002 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST1000LM035-1RK172 +++++ --- User --- [MBR] d92b0f5c8fe0e85a09d7ca91bd2ca128 [BSP] 3ba00bc47043a84d849a5d4e452f90bc : Empty MBR Code Partition table: 0 - Basic data partition | Offset (sectors): 2048 | Size: 936052 MB 1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1917036544 | Size: 17816 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: WD 3200BEV External USB Device +++++ --- User --- [MBR] e53e30269e2f6c5c20d27edd7ab00336 [BSP] 49facedad3640935e7bf61a4a2bdd488 : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
  4. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/23/17 Scan Time: 10:15 AM Log File: 2d8760e8-e7f4-11e7-998b-4ccc6a8170c6.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3550 License: Free -System Information- OS: Windows 10 (Build 15063.786) CPU: x64 File System: NTFS User: MSI\Legitozone (H) -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 365494 Threats Detected: 3 Threats Quarantined: 3 Time Elapsed: 3 min, 55 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 3 Rootkit.Agent.PUA, C:\WINDOWS\System32\drivers\dsiehkor.sys, Delete-on-Reboot, [5712], [429857],0.0.0 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXG.DLL, Delete-on-Reboot, [1136], [296186],1.0.3550 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXF.DLL, Delete-on-Reboot, [1136], [296186],1.0.3550 Physical Sector: 0 (No malicious items detected) (end)
  5. I did it, but 1. The disclaimer for frst did not come up 2. the fixlist disappeared on my external hard drive after the fix? Fixlog.txt
  6. I input the command into FRST. Fixlog.txt
  7. Hello, I have found in the FRST in the whitelisted processes (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Legitozone (H)\AppData\Local\wdcubsm\recgsnx.exe () C:\Users\Legitozone (H)\AppData\Local\wdcubsm\recgsnx.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Legitozone (H)\AppData\Local\wdcubsm\recgsnx.exe () C:\Users\Legitozone (H)\AppData\Local\wdcubsm\recgsnx.exe () C:\Users\Legitozone (H)\AppData\Local\wdcubsm\recgsnx.exe Which seemes to correspond to the processes that takes up the CPU?
  8. Hello, I just did the two scans. Malwarebytes scan Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/22/17 Scan Time: 11:34 AM Log File: eba13ee2-e735-11e7-92ab-4ccc6a8170c6.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3544 License: Free -System Information- OS: Windows 10 (Build 15063.786) CPU: x64 File System: NTFS User: MSI\Legitozone (H) -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 351663 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 3 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXF.DLL, Delete-on-Reboot, [1136], [296186],1.0.3544 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXG.DLL, Delete-on-Reboot, [1136], [296186],1.0.3544 Physical Sector: 0 (No malicious items detected) (end) Addition.txt FRST.txt
  9. Hello, I have found on the task manager five windows process managers (32 bit) Every time I launch a game on steam, one or two of them would suddenly jump from 60% to 80% CPU usage. I have searched for a solution, scanned with malware-bytes free and adware cleaner, but nothing worked. Then I got mbar, but it just does not start. When I launch it, it would ask for administrator permission, and then nothing would happen. Malwarebytes log Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/22/17 Scan Time: 9:43 AM Log File: 6cf58efe-e726-11e7-901b-4ccc6a8170c6.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3543 License: Free -System Information- OS: Windows 10 (Build 15063.786) CPU: x64 File System: NTFS User: MSI\Legitozone (H) -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 351463 Threats Detected: 5 Threats Quarantined: 3 Time Elapsed: 3 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 5 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXF.DLL, Removal Failed, [1136], [296186],1.0.3543 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXG.DLL, Removal Failed, [1136], [296186],1.0.3543 PUP.Optional.Conduit, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\SyncData.sqlite3, Replaced, [532], [454835],1.0.3543 PUP.Optional.Conduit, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Replaced, [532], [454835],1.0.3543 PUP.Optional.Trovi, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Replaced, [4703], [454808],1.0.3543 Physical Sector: 0 (No malicious items detected) (end) Adwarecleaner log # AdwCleaner 7.0.4.0 - Logfile created on Fri Dec 22 14:57:08 2017 # Updated on 2017/27/10 by Malwarebytes # Database: 12-21-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy, C:\ProgramData\Tencent PUP.Optional.Legacy, C:\ProgramData\Application Data\Tencent PUP.Optional.Legacy, C:\Users\All Users\Tencent ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [2112 B] - [2017/11/2 23:13:50] C:/AdwCleaner/AdwCleaner[C1].txt - [1556 B] - [2017/11/26 5:31:49] C:/AdwCleaner/AdwCleaner[C2].txt - [1564 B] - [2017/11/27 15:30:46] C:/AdwCleaner/AdwCleaner[S0].txt - [2059 B] - [2017/11/2 23:13:30] C:/AdwCleaner/AdwCleaner[S1].txt - [1590 B] - [2017/11/26 5:25:15] C:/AdwCleaner/AdwCleaner[S2].txt - [1449 B] - [2017/11/26 5:28:29] C:/AdwCleaner/AdwCleaner[S3].txt - [1414 B] - [2017/11/27 15:29:53] C:/AdwCleaner/AdwCleaner[S4].txt - [1423 B] - [2017/12/1 21:59:41] C:/AdwCleaner/AdwCleaner[S5].txt - [1491 B] - [2017/12/2 15:42:21] C:/AdwCleaner/AdwCleaner[S6].txt - [1559 B] - [2017/12/6 19:20:20] C:/AdwCleaner/AdwCleaner[S7].txt - [1627 B] - [2017/12/10 2:8:35] C:/AdwCleaner/AdwCleaner[S8].txt - [1823 B] - [2017/12/22 14:35:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt ##########
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.