Jump to content

internet speed getting slow, pc freeze a couple times


Recommended Posts


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 15/08/2015

Scan Time: 15:05

Logfile: mbam.txt

Administrator: Yes

 

Version: 0.0.0.0000

Malware Database: v2015.08.15.02

Rootkit Database: v2015.08.06.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: 1

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 720607

Time Elapsed: 1 hr, 47 min, 42 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Hello cassidytan! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are done, please generate new fresh FRST log files and post them here.

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015

Ran by 1 (2015-08-18 05:10:25) Run:1

Running from C:\Users\1\Desktop\mallwarebytes\Mrx

Loaded Profiles: 1 (Available Profiles: 1)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

FirewallRules: [{8C185DA8-7397-4DAC-AC03-C24AB8BC02BA}] => (Allow) C:\Users\1\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{A7AABC5C-F613-49B8-B902-DA489D6390C5}] => (Allow) C:\Users\1\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{B5C2186E-76CD-4583-9DBD-C5790BAC663D}] => (Block) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe

FirewallRules: [{9C2834FD-93C3-4EB9-A6ED-BC56B0091C65}] => (Block) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe

FirewallRules: [uDP Query User{75A65E68-CD24-4DA9-8B3D-C343B25561E3}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe

FirewallRules: [TCP Query User{3C7DF543-87CD-4402-A0AE-39CF3D5AF28C}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe

FirewallRules: [{6A444ADD-E10B-4B44-A79D-9BF44ADC3D45}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [{F7E2F26E-4FC9-478D-B844-B3A48587B395}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [{EACB5B3B-9877-40C3-915F-93B5A541E5DE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [{1923E663-2DCF-4F70-84E2-0FD8D0475A7A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

2015-08-15 07:27 - 2015-06-11 09:07 - 00000000 ____D C:\Users\1\AppData\Roaming\uTorrent

NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File

C:\Program Files (x86)\CheckPoint

C:\programdata\videodownloaderultimatewinapp

Hosts:

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

end

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C185DA8-7397-4DAC-AC03-C24AB8BC02BA} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7AABC5C-F613-49B8-B902-DA489D6390C5} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5C2186E-76CD-4583-9DBD-C5790BAC663D} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C2834FD-93C3-4EB9-A6ED-BC56B0091C65} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{75A65E68-CD24-4DA9-8B3D-C343B25561E3}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3C7DF543-87CD-4402-A0AE-39CF3D5AF28C}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A444ADD-E10B-4B44-A79D-9BF44ADC3D45} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7E2F26E-4FC9-478D-B844-B3A48587B395} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EACB5B3B-9877-40C3-915F-93B5A541E5DE} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1923E663-2DCF-4F70-84E2-0FD8D0475A7A} => value removed successfully

"HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

C:\Users\1\AppData\Roaming\uTorrent => moved successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs UserManager => removed successfully

"C:\Program Files (x86)\CheckPoint" => File/Folder not found.

"C:\programdata\videodownloaderultimatewinapp" => File/Folder not found.

C:\Windows\System32\Drivers\etc\hosts => moved successfully.

Hosts restored successfully.

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state ON =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Could not flush the DNS Resolver Cache: Function failed during execution.

 

 

========= End of CMD: =========

 

 

=========  netsh winsock reset catalog =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

 

=========  ipconfig /release =========

 

 

Windows IP Configuration

 

No operation can be performed on Local Area Connection 5 while it has its media disconnected.

 

Tunnel adapter Local Area Connection 5:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . : 

   Link-local IPv6 Address . . . . . : fe80::21f1:45a3:dde8:3337%2

   Default Gateway . . . . . . . . . : 

 

========= End of CMD: =========

 

 

=========  ipconfig /renew =========

 

 

Windows IP Configuration

 

No operation can be performed on Local Area Connection 5 while it has its media disconnected.

 

Tunnel adapter Local Area Connection 5:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . : 

   Link-local IPv6 Address . . . . . : fe80::21f1:45a3:dde8:3337%2

   IPv4 Address. . . . . . . . . . . : 192.168.1.100

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.1.1

 

========= End of CMD: =========

 

 

=========  netsh int ipv4 reset =========

 

Resetting Global, OK!

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

 

Resetting , OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv6 reset =========

 

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

 

Resetting , OK!

Resetting , OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

========= End of RemoveProxy: =========

 

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.8.10240 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

Unable to cancel {5C934B56-DA06-41B6-BC96-F5A5A24DB3C6}.

Unable to cancel {3DC24D35-F9DD-4282-A9ED-BCBE96C87BE9}.

Unable to cancel {7DAA2541-7CF2-43AF-9139-19C8ED4529AF}.

0 out of 3 jobs canceled.

 

========= End of CMD: =========

 

EmptyTemp: => 371.4 MB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 05:11:14 ====

Link to post
Share on other sites

How are things now?

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Users\1\AppData\Roaming\BitTorrent\updates\7.9.2_37954.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined

C:\Users\1\Downloads\software\BitTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined

C:\Users\1\Downloads\software\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined
Link to post
Share on other sites

We do not recommend using such type of software: Piracy .

Step 1

  • Please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the Run button.
  • The tool will delete itself once it finishes.
Step 2

Malware prevention tips:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

Search results from Spybot - Search & Destroy

 

24/08/2015 8:40:24

Scan took 00:20:04.

4 items found.

 

MS Regedit: [sBI $C3B62FC1] Recent open key (Registry Change, nothing done)

  HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

 

Windows Explorer: [sBI $D20DA0AD] Recent file global history (Registry Key, nothing done)

  HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

 

Cache: [sBI $49804B54] Browser: Cache (52) (Browser: Cache, nothing done)

  

 

History: [sBI $49804B54] Browser: History (1) (Browser: History, nothing done)

  

 

 

--- Spybot - Search & Destroy version: 2.4.40.131  DLL (build: 20140425) ---

 

2014-06-24 blindman.exe (2.4.40.151)

2014-06-24 explorer.exe (2.4.40.181)

2014-06-24 SDBootCD.exe (2.4.40.109)

2014-06-24 SDCleaner.exe (2.4.40.110)

2014-06-24 SDDelFile.exe (2.4.40.94)

2013-06-18 SDDisableProxy.exe

2014-06-24 SDFiles.exe (2.4.40.135)

2014-06-24 SDFileScanHelper.exe (2.4.40.1)

2014-06-24 SDFSSvc.exe (2.4.40.217)

2014-06-24 SDHelp.exe (2.4.40.1)

2014-04-25 SDHookHelper.exe (2.3.39.2)

2014-04-25 SDHookInst32.exe (2.3.39.2)

2014-04-25 SDHookInst64.exe (2.3.39.2)

2014-06-24 SDImmunize.exe (2.4.40.130)

2014-06-24 SDLogReport.exe (2.4.40.107)

2014-06-24 SDOnAccess.exe (2.4.40.11)

2014-06-24 SDPESetup.exe (2.4.40.3)

2014-06-24 SDPEStart.exe (2.4.40.86)

2014-06-24 SDPhoneScan.exe (2.4.40.28)

2014-06-24 SDPRE.exe (2.4.40.22)

2014-06-24 SDPrepPos.exe (2.4.40.15)

2014-06-24 SDQuarantine.exe (2.4.40.103)

2014-06-24 SDRootAlyzer.exe (2.4.40.116)

2014-06-24 SDSBIEdit.exe (2.4.40.39)

2014-06-24 SDScan.exe (2.4.40.181)

2014-06-24 SDScript.exe (2.4.40.54)

2014-06-24 SDSettings.exe (2.4.40.139)

2014-06-24 SDShell.exe (2.4.40.2)

2014-06-24 SDShred.exe (2.4.40.108)

2014-06-24 SDSysRepair.exe (2.4.40.102)

2014-06-24 SDTools.exe (2.4.40.157)

2014-06-24 SDTray.exe (2.4.40.129)

2014-06-27 SDUpdate.exe (2.4.40.94)

2014-06-27 SDUpdSvc.exe (2.4.40.77)

2014-06-24 SDWelcome.exe (2.4.40.130)

2014-04-25 SDWSCSvc.exe (2.3.39.2)

2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)

2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)

2014-07-31 spybotsd2-translation-esx.exe

2013-06-19 spybotsd2-translation-frx.exe

2015-03-25 spybotsd2-translation-hrx.exe

2014-08-25 spybotsd2-translation-hux2.exe

2014-10-01 spybotsd2-translation-nlx2.exe

2014-11-05 spybotsd2-translation-ukx.exe

2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)

2015-08-21 unins000.exe (51.1052.0.0)

1999-12-02 xcacls.exe

2012-08-23 borlndmm.dll (10.0.2288.42451)

2012-09-05 DelZip190.dll (1.9.0.107)

2012-09-10 libeay32.dll (1.0.0.4)

2012-09-10 libssl32.dll (1.0.0.4)

2014-04-25 NotificationSpreader.dll

2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)

2014-04-25 SDAV.dll

2014-06-24 SDECon32.dll (2.4.40.114)

2014-06-24 SDECon64.dll (2.3.39.113)

2014-06-24 SDEvents.dll (2.4.40.2)

2014-06-24 SDFileScanLibrary.dll (2.4.40.14)

2014-04-25 SDHook32.dll (2.3.39.2)

2014-04-25 SDHook64.dll (2.3.39.2)

2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)

2014-06-24 SDLicense.dll (2.4.40.0)

2014-06-24 SDLists.dll (2.4.40.4)

2014-06-24 SDResources.dll (2.4.40.7)

2014-06-24 SDScanLibrary.dll (2.4.40.131)

2014-06-24 SDTasks.dll (2.4.40.15)

2014-06-24 SDWinLogon.dll (2.4.40.0)

2012-08-23 sqlite3.dll

2012-09-10 ssleay32.dll (1.0.0.4)

2014-06-24 Tools.dll (2.4.40.36)

2015-04-22 Includes\Adware-000.sbi (*)

2015-08-05 Includes\Adware-001.sbi (*)

2015-08-19 Includes\Adware-C.sbi (*)

2014-01-13 Includes\Adware.sbi (*)

2014-01-13 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2014-11-14 Includes\Dialer-000.sbi (*)

2014-11-14 Includes\Dialer-001.sbi (*)

2015-07-29 Includes\Dialer-C.sbi (*)

2014-01-13 Includes\Dialer.sbi (*)

2014-01-13 Includes\DialerC.sbi (*)

2014-01-09 Includes\Fraud-000.sbi (*)

2014-01-09 Includes\Fraud-001.sbi (*)

2014-03-31 Includes\Fraud-002.sbi (*)

2014-01-09 Includes\Fraud-003.sbi (*)

2012-11-14 Includes\HeavyDuty.sbi (*)

2014-11-14 Includes\Hijackers-000.sbi (*)

2014-11-14 Includes\Hijackers-001.sbi (*)

2014-01-08 Includes\Hijackers-C.sbi (*)

2014-01-13 Includes\Hijackers.sbi (*)

2014-01-13 Includes\HijackersC.sbi (*)

2014-01-08 Includes\iPhone-000.sbi (*)

2014-01-08 Includes\iPhone.sbi (*)

2014-11-14 Includes\Keyloggers-000.sbi (*)

2014-09-24 Includes\Keyloggers-C.sbi (*)

2014-01-13 Includes\Keyloggers.sbi (*)

2014-01-13 Includes\KeyloggersC.sbi (*)

2014-11-14 Includes\Malware-000.sbi (*)

2014-11-14 Includes\Malware-001.sbi (*)

2014-11-14 Includes\Malware-002.sbi (*)

2014-11-14 Includes\Malware-003.sbi (*)

2014-11-14 Includes\Malware-004.sbi (*)

2014-11-14 Includes\Malware-005.sbi (*)

2014-02-26 Includes\Malware-006.sbi (*)

2014-01-09 Includes\Malware-007.sbi (*)

2015-08-19 Includes\Malware-C.sbi (*)

2014-01-13 Includes\Malware.sbi (*)

2013-12-23 Includes\MalwareC.sbi (*)

2014-11-14 Includes\PUPS-000.sbi (*)

2014-01-15 Includes\PUPS-001.sbi (*)

2014-01-15 Includes\PUPS-002.sbi (*)

2015-08-19 Includes\PUPS-C.sbi (*)

2012-11-14 Includes\PUPS.sbi (*)

2014-01-07 Includes\PUPSC.sbi (*)

2014-01-08 Includes\Security-000.sbi (*)

2014-01-08 Includes\Security-C.sbi (*)

2014-01-21 Includes\Security.sbi (*)

2014-01-21 Includes\SecurityC.sbi (*)

2014-11-14 Includes\Spyware-000.sbi (*)

2015-05-06 Includes\Spyware-001.sbi (*)

2015-08-12 Includes\Spyware-C.sbi (*)

2014-01-21 Includes\Spyware.sbi (*)

2014-01-21 Includes\SpywareC.sbi (*)

2011-06-07 Includes\Tracks.sbi (*)

2012-11-19 Includes\Tracks.uti (*)

2014-01-15 Includes\Trojans-000.sbi (*)

2014-01-15 Includes\Trojans-001.sbi (*)

2014-01-15 Includes\Trojans-003.sbi (*)

2014-01-15 Includes\Trojans-004.sbi (*)

2014-03-19 Includes\Trojans-005.sbi (*)

2015-03-31 Includes\Trojans-006.sbi (*)

2014-01-15 Includes\Trojans-007.sbi (*)

2014-07-09 Includes\Trojans-008.sbi (*)

2014-07-09 Includes\Trojans-009.sbi (*)

2015-08-19 Includes\Trojans-C.sbi (*)

2014-01-15 Includes\Trojans-OG-000.sbi (*)

2014-01-15 Includes\Trojans-TD-000.sbi (*)

2014-01-15 Includes\Trojans-VM-000.sbi (*)

2014-01-15 Includes\Trojans-VM-001.sbi (*)

2014-01-15 Includes\Trojans-VM-002.sbi (*)

2014-01-15 Includes\Trojans-VM-003.sbi (*)

2014-01-15 Includes\Trojans-VM-004.sbi (*)

2014-01-15 Includes\Trojans-VM-005.sbi (*)

2014-01-15 Includes\Trojans-VM-006.sbi (*)

2014-01-15 Includes\Trojans-VM-007.sbi (*)

2014-01-15 Includes\Trojans-VM-008.sbi (*)

2014-01-15 Includes\Trojans-VM-009.sbi (*)

2014-01-15 Includes\Trojans-VM-010.sbi (*)

2014-01-15 Includes\Trojans-VM-011.sbi (*)

2014-01-15 Includes\Trojans-VM-012.sbi (*)

2014-01-15 Includes\Trojans-VM-013.sbi (*)

2014-01-15 Includes\Trojans-VM-014.sbi (*)

2014-01-15 Includes\Trojans-VM-015.sbi (*)

2014-01-15 Includes\Trojans-VM-016.sbi (*)

2014-01-15 Includes\Trojans-VM-017.sbi (*)

2014-01-15 Includes\Trojans-VM-018.sbi (*)

2014-01-15 Includes\Trojans-VM-019.sbi (*)

2014-01-15 Includes\Trojans-VM-020.sbi (*)

2014-01-15 Includes\Trojans-VM-021.sbi (*)

2014-01-15 Includes\Trojans-VM-022.sbi (*)

2014-01-15 Includes\Trojans-VM-023.sbi (*)

2014-01-15 Includes\Trojans-VM-024.sbi (*)

2014-01-15 Includes\Trojans-ZB-000.sbi (*)

2014-01-15 Includes\Trojans-ZL-000.sbi (*)

2014-01-09 Includes\Trojans.sbi (*)

2014-01-16 Includes\TrojansC-01.sbi (*)

2014-01-16 Includes\TrojansC-02.sbi (*)

2014-01-16 Includes\TrojansC-03.sbi (*)

2014-01-16 Includes\TrojansC-04.sbi (*)

2014-01-16 Includes\TrojansC-05.sbi (*)

2014-01-09 Includes\TrojansC.sbi (*)
Link to post
Share on other sites

Search results from Spybot - Search & Destroy

 

24/08/2015 19:49:03

Scan took 00:18:11.

9 items found.

 

MS Management Console: [sBI $ECD50EAD] Recent command list (Registry Key, nothing done)

  HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Microsoft Management Console\Recent File List

 

MS DirectInput: [sBI $9A063C91] Most recent application (Registry Change, nothing done)

  HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

 

MS DirectInput: [sBI $7B184199] Most recent application ID (Registry Change, nothing done)

  HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

 

MS Paint: [sBI $07867C39] Recent file list (Registry Key, nothing done)

  HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

 

Windows Explorer: [sBI $7308A845] Run history (Registry Key, nothing done)

  HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

 

Windows Explorer: [sBI $D20DA0AD] Recent file global history (Registry Key, nothing done)

  HKEY_USERS\S-1-5-21-2950901286-4018632002-2551131573-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

 

Cache: [sBI $49804B54] Browser: Cache (6) (Browser: Cache, nothing done)

  

 

History: [sBI $49804B54] Browser: History (4) (Browser: History, nothing done)

  

 

History: [sBI $49804B54] Browser: History (54) (Browser: History, nothing done)

  

 

 

--- Spybot - Search & Destroy version: 2.4.40.131  DLL (build: 20140425) ---

 

2014-06-24 blindman.exe (2.4.40.151)

2014-06-24 explorer.exe (2.4.40.181)

2014-06-24 SDBootCD.exe (2.4.40.109)

2014-06-24 SDCleaner.exe (2.4.40.110)

2014-06-24 SDDelFile.exe (2.4.40.94)

2013-06-18 SDDisableProxy.exe

2014-06-24 SDFiles.exe (2.4.40.135)

2014-06-24 SDFileScanHelper.exe (2.4.40.1)

2014-06-24 SDFSSvc.exe (2.4.40.217)

2014-06-24 SDHelp.exe (2.4.40.1)

2014-04-25 SDHookHelper.exe (2.3.39.2)

2014-04-25 SDHookInst32.exe (2.3.39.2)

2014-04-25 SDHookInst64.exe (2.3.39.2)

2014-06-24 SDImmunize.exe (2.4.40.130)

2014-06-24 SDLogReport.exe (2.4.40.107)

2014-06-24 SDOnAccess.exe (2.4.40.11)

2014-06-24 SDPESetup.exe (2.4.40.3)

2014-06-24 SDPEStart.exe (2.4.40.86)

2014-06-24 SDPhoneScan.exe (2.4.40.28)

2014-06-24 SDPRE.exe (2.4.40.22)

2014-06-24 SDPrepPos.exe (2.4.40.15)

2014-06-24 SDQuarantine.exe (2.4.40.103)

2014-06-24 SDRootAlyzer.exe (2.4.40.116)

2014-06-24 SDSBIEdit.exe (2.4.40.39)

2014-06-24 SDScan.exe (2.4.40.181)

2014-06-24 SDScript.exe (2.4.40.54)

2014-06-24 SDSettings.exe (2.4.40.139)

2014-06-24 SDShell.exe (2.4.40.2)

2014-06-24 SDShred.exe (2.4.40.108)

2014-06-24 SDSysRepair.exe (2.4.40.102)

2014-06-24 SDTools.exe (2.4.40.157)

2014-06-24 SDTray.exe (2.4.40.129)

2014-06-27 SDUpdate.exe (2.4.40.94)

2014-06-27 SDUpdSvc.exe (2.4.40.77)

2014-06-24 SDWelcome.exe (2.4.40.130)

2014-04-25 SDWSCSvc.exe (2.3.39.2)

2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)

2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)

2014-07-31 spybotsd2-translation-esx.exe

2013-06-19 spybotsd2-translation-frx.exe

2015-03-25 spybotsd2-translation-hrx.exe

2014-08-25 spybotsd2-translation-hux2.exe

2014-10-01 spybotsd2-translation-nlx2.exe

2014-11-05 spybotsd2-translation-ukx.exe

2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)

2015-08-21 unins000.exe (51.1052.0.0)

1999-12-02 xcacls.exe

2012-08-23 borlndmm.dll (10.0.2288.42451)

2012-09-05 DelZip190.dll (1.9.0.107)

2012-09-10 libeay32.dll (1.0.0.4)

2012-09-10 libssl32.dll (1.0.0.4)

2014-04-25 NotificationSpreader.dll

2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)

2014-04-25 SDAV.dll

2014-06-24 SDECon32.dll (2.4.40.114)

2014-06-24 SDECon64.dll (2.3.39.113)

2014-06-24 SDEvents.dll (2.4.40.2)

2014-06-24 SDFileScanLibrary.dll (2.4.40.14)

2014-04-25 SDHook32.dll (2.3.39.2)

2014-04-25 SDHook64.dll (2.3.39.2)

2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)

2014-06-24 SDLicense.dll (2.4.40.0)

2014-06-24 SDLists.dll (2.4.40.4)

2014-06-24 SDResources.dll (2.4.40.7)

2014-06-24 SDScanLibrary.dll (2.4.40.131)

2014-06-24 SDTasks.dll (2.4.40.15)

2014-06-24 SDWinLogon.dll (2.4.40.0)

2012-08-23 sqlite3.dll

2012-09-10 ssleay32.dll (1.0.0.4)

2014-06-24 Tools.dll (2.4.40.36)

2015-04-22 Includes\Adware-000.sbi (*)

2015-08-05 Includes\Adware-001.sbi (*)

2015-08-19 Includes\Adware-C.sbi (*)

2014-01-13 Includes\Adware.sbi (*)

2014-01-13 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2014-11-14 Includes\Dialer-000.sbi (*)

2014-11-14 Includes\Dialer-001.sbi (*)

2015-07-29 Includes\Dialer-C.sbi (*)

2014-01-13 Includes\Dialer.sbi (*)

2014-01-13 Includes\DialerC.sbi (*)

2014-01-09 Includes\Fraud-000.sbi (*)

2014-01-09 Includes\Fraud-001.sbi (*)

2014-03-31 Includes\Fraud-002.sbi (*)

2014-01-09 Includes\Fraud-003.sbi (*)

2012-11-14 Includes\HeavyDuty.sbi (*)

2014-11-14 Includes\Hijackers-000.sbi (*)

2014-11-14 Includes\Hijackers-001.sbi (*)

2014-01-08 Includes\Hijackers-C.sbi (*)

2014-01-13 Includes\Hijackers.sbi (*)

2014-01-13 Includes\HijackersC.sbi (*)

2014-01-08 Includes\iPhone-000.sbi (*)

2014-01-08 Includes\iPhone.sbi (*)

2014-11-14 Includes\Keyloggers-000.sbi (*)

2014-09-24 Includes\Keyloggers-C.sbi (*)

2014-01-13 Includes\Keyloggers.sbi (*)

2014-01-13 Includes\KeyloggersC.sbi (*)

2014-11-14 Includes\Malware-000.sbi (*)

2014-11-14 Includes\Malware-001.sbi (*)

2014-11-14 Includes\Malware-002.sbi (*)

2014-11-14 Includes\Malware-003.sbi (*)

2014-11-14 Includes\Malware-004.sbi (*)

2014-11-14 Includes\Malware-005.sbi (*)

2014-02-26 Includes\Malware-006.sbi (*)

2014-01-09 Includes\Malware-007.sbi (*)

2015-08-19 Includes\Malware-C.sbi (*)

2014-01-13 Includes\Malware.sbi (*)

2013-12-23 Includes\MalwareC.sbi (*)

2014-11-14 Includes\PUPS-000.sbi (*)

2014-01-15 Includes\PUPS-001.sbi (*)

2014-01-15 Includes\PUPS-002.sbi (*)

2015-08-19 Includes\PUPS-C.sbi (*)

2012-11-14 Includes\PUPS.sbi (*)

2014-01-07 Includes\PUPSC.sbi (*)

2014-01-08 Includes\Security-000.sbi (*)

2014-01-08 Includes\Security-C.sbi (*)

2014-01-21 Includes\Security.sbi (*)

2014-01-21 Includes\SecurityC.sbi (*)

2014-11-14 Includes\Spyware-000.sbi (*)

2015-05-06 Includes\Spyware-001.sbi (*)

2015-08-12 Includes\Spyware-C.sbi (*)

2014-01-21 Includes\Spyware.sbi (*)

2014-01-21 Includes\SpywareC.sbi (*)

2011-06-07 Includes\Tracks.sbi (*)

2012-11-19 Includes\Tracks.uti (*)

2014-01-15 Includes\Trojans-000.sbi (*)

2014-01-15 Includes\Trojans-001.sbi (*)

2014-01-15 Includes\Trojans-003.sbi (*)

2014-01-15 Includes\Trojans-004.sbi (*)

2014-03-19 Includes\Trojans-005.sbi (*)

2015-03-31 Includes\Trojans-006.sbi (*)

2014-01-15 Includes\Trojans-007.sbi (*)

2014-07-09 Includes\Trojans-008.sbi (*)

2014-07-09 Includes\Trojans-009.sbi (*)

2015-08-19 Includes\Trojans-C.sbi (*)

2014-01-15 Includes\Trojans-OG-000.sbi (*)

2014-01-15 Includes\Trojans-TD-000.sbi (*)

2014-01-15 Includes\Trojans-VM-000.sbi (*)

2014-01-15 Includes\Trojans-VM-001.sbi (*)

2014-01-15 Includes\Trojans-VM-002.sbi (*)

2014-01-15 Includes\Trojans-VM-003.sbi (*)

2014-01-15 Includes\Trojans-VM-004.sbi (*)

2014-01-15 Includes\Trojans-VM-005.sbi (*)

2014-01-15 Includes\Trojans-VM-006.sbi (*)

2014-01-15 Includes\Trojans-VM-007.sbi (*)

2014-01-15 Includes\Trojans-VM-008.sbi (*)

2014-01-15 Includes\Trojans-VM-009.sbi (*)

2014-01-15 Includes\Trojans-VM-010.sbi (*)

2014-01-15 Includes\Trojans-VM-011.sbi (*)

2014-01-15 Includes\Trojans-VM-012.sbi (*)

2014-01-15 Includes\Trojans-VM-013.sbi (*)

2014-01-15 Includes\Trojans-VM-014.sbi (*)

2014-01-15 Includes\Trojans-VM-015.sbi (*)

2014-01-15 Includes\Trojans-VM-016.sbi (*)

2014-01-15 Includes\Trojans-VM-017.sbi (*)

2014-01-15 Includes\Trojans-VM-018.sbi (*)

2014-01-15 Includes\Trojans-VM-019.sbi (*)

2014-01-15 Includes\Trojans-VM-020.sbi (*)

2014-01-15 Includes\Trojans-VM-021.sbi (*)

2014-01-15 Includes\Trojans-VM-022.sbi (*)

2014-01-15 Includes\Trojans-VM-023.sbi (*)

2014-01-15 Includes\Trojans-VM-024.sbi (*)

2014-01-15 Includes\Trojans-ZB-000.sbi (*)

2014-01-15 Includes\Trojans-ZL-000.sbi (*)

2014-01-09 Includes\Trojans.sbi (*)

2014-01-16 Includes\TrojansC-01.sbi (*)

2014-01-16 Includes\TrojansC-02.sbi (*)

2014-01-16 Includes\TrojansC-03.sbi (*)

2014-01-16 Includes\TrojansC-04.sbi (*)

2014-01-16 Includes\TrojansC-05.sbi (*)

2014-01-09 Includes\TrojansC.sbi (*)
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 25/08/2015

Scan Time: 4:04

Logfile: mbam new scan.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.08.24.06

Rootkit Database: v2015.08.16.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: 1

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 456388

Time Elapsed: 11 min, 40 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 1

PUM.Hijack.HomepageControl, HKU\S-1-5-21-2950901286-4018632002-2551131573-1000\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|Homepage, 1, Good: (0), Bad: (1),,[b8eef9137714a690d45df6654cb93ac6]

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

  • 4 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.