Jump to content

Trojans and adware reappearing on computer after removal


Recommended Posts

I noticed symptoms of adware about a week ago and scanned my computer, expecting to find just adware. Apparently, in addition to the adware, I also had 2 trojan viruses. I scan regularly (about once a week) and never found anything until then. All downloads I had done since were from trustworthy sites (although the sites can be hacked so I'm unsure what I downloaded to cause this). I removed the trojans using Malwarebytes, restarted, and scanned again, and all the malware was gone. Then, the next day, I noticed the same problem, and surprise surprise, everything was back. The adware, the trojans, even the same "Potentially Unwanted Programs." Now, I hadn't downloaded ANYTHING between those two scans. I had, however, gone to a site I didn't wholly trust: crunchyroll. So, I repeated the process, but did not go to any untrusted sites. The next day, it was back again. So I didn't download anything, I didn't go to ANY websites besides YouTube and my school website, and yet everything returned once again. This sort of scenario has been repeating itself for the past week or so, the only deviation being that today there were 3 more PUP's than usual. I have refrained from doing things like entering credit card info or logging into my bank account, on the chance this virus monitors keystrokes. Please help. Thanks so much!

Edited by AMFT
Link to post
Share on other sites

Hello AMFT and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by bbgam (administrator) on DESKTOP-JPET0VD (01-03-2017 14:27:44)
Running from C:\Users\bbgam\Desktop
Loaded Profiles: bbgam (Available Profiles: bbgam)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\spaceman.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\bbgam\eclipse\java-neon\eclipse\eclipse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera_crashreporter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\bbgam\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-05-16] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-22] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-01-16] (Razer Inc.)
HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\...\Run: [Discord] => C:\Users\bbgam\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\...\Run: [Spotify Web Helper] => C:\Users\bbgam\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-06-19] (Spotify Ltd)
HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\...\MountPoints2: {95b84a87-b2c4-11e6-b348-d8cb8aca1af7} - "E:\MotoCastSetup.exe" -a
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1ee28cbe-b534-4529-a0f2-9d4c52c094b1}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1ee28cbe-b534-4529-a0f2-9d4c52c094b1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{611b6458-8113-11e6-aacb-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e71be56d-f5ca-4a67-aeab-9d0dd47d48fa}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131225143098920017&GUID=BB75C5C7-7E21-4054-A8A9-77FDA51FF261
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-07] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-07] (Oracle Corporation)

Edge: 
======
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.11.0.0_neutral__c1wakc4j0nefm [2017-02-16]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-07] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-16] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (AdBlock) - C:\Users\bbgam\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-11-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit)
S3 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-04-26] (Electronic Arts)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69768 2017-01-31] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7031056 2016-05-02] (TeamViewer GmbH)
S3 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 Wallpaper Engine Service; D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [25600 2017-02-04] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-19] (REALiX(tm))
R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 lgLowAudio; C:\WINDOWS\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-28] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-05-16] (Realtek                                            )
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51224 2016-04-07] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [47640 2016-04-07] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 sdfhgdf; C:\WINDOWS\System32\DRIVERS\sdfhgdf.sys [23208 2016-01-24] (Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 14:27 - 2017-03-01 14:27 - 00016079 _____ C:\Users\bbgam\Desktop\FRST.txt
2017-03-01 14:27 - 2017-03-01 14:27 - 00000000 ____D C:\FRST
2017-03-01 14:26 - 2017-03-01 14:27 - 02423808 _____ (Farbar) C:\Users\bbgam\Desktop\FRST64.exe
2017-02-28 22:25 - 2017-02-28 22:25 - 00000000 ____D C:\WINDOWS\Panther
2017-02-28 22:19 - 2017-02-28 22:19 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-28 22:19 - 2017-02-28 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-28 22:19 - 2017-02-28 22:19 - 00000000 ____D C:\Program Files\iTunes
2017-02-28 22:19 - 2017-02-28 22:19 - 00000000 ____D C:\Program Files\iPod
2017-02-28 22:19 - 2017-02-28 22:19 - 00000000 ____D C:\Program Files\Bonjour
2017-02-28 22:19 - 2017-02-28 22:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-02-28 21:38 - 2017-02-28 21:38 - 00003972 _____ C:\WINDOWS\System32\Tasks\{2861EB29-9FCA-5C82-897D-C95EAB509C83}
2017-02-28 21:38 - 2017-02-28 21:38 - 00003882 _____ C:\WINDOWS\System32\Tasks\{A6C60D72-A522-18DF-D121-1BC5D1DF6E21}
2017-02-28 21:04 - 2017-02-28 21:04 - 00001007 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-02-28 21:04 - 2017-02-28 21:04 - 00000000 ____D C:\Program Files (x86)\epson
2017-02-28 21:04 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2017-02-28 21:04 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2017-02-28 21:03 - 2017-02-28 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-02-28 20:59 - 2017-02-28 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-02-28 20:59 - 2017-02-28 20:59 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2017-02-26 01:34 - 2017-02-26 01:34 - 00000739 _____ C:\Users\bbgam\AppData\Local\recently-used.xbel
2017-02-23 19:44 - 2017-02-23 19:44 - 00003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452992308
2017-02-23 19:44 - 2017-02-23 19:44 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-21 22:06 - 2017-02-06 11:48 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-21 22:06 - 2017-02-06 11:48 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-21 20:50 - 2017-02-21 20:50 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 17:09 - 2017-02-21 17:27 - 3383337178 _____ C:\Users\bbgam\Downloads\JJBA 7 Steel Ball Run (All-In-One).pdf
2017-02-20 22:50 - 2017-02-20 22:50 - 1236631736 _____ C:\Users\bbgam\Downloads\JJBBA 3 Stardust Crusaders (All-In-One).pdf
2017-02-20 22:36 - 2017-02-28 22:18 - 177092424 _____ (Apple Inc.) C:\Users\bbgam\Downloads\iTunes6464Setup.exe
2017-02-20 22:35 - 2017-02-20 23:37 - 2795738771 _____ C:\Users\bbgam\Downloads\JJBA 6 Stone Ocean (All-In-One).pdf
2017-02-20 22:33 - 2017-02-20 23:35 - 2591200076 _____ C:\Users\bbgam\Downloads\JJBA 4 Diamond is Unbreakable (All-In-One).pdf
2017-02-20 22:33 - 2017-02-20 23:14 - 1326910671 _____ C:\Users\bbgam\Downloads\JJBA 5 Vento Aureo (All-In-One).pdf
2017-02-20 22:32 - 2017-02-20 22:47 - 324051531 _____ C:\Users\bbgam\Downloads\JJBA 2 Battle Tendency (All-In-One).pdf
2017-02-20 22:32 - 2017-02-20 22:35 - 222291297 _____ C:\Users\bbgam\Downloads\JJBA 1 Phantom Blood (All-In-One).pdf
2017-02-20 14:53 - 2017-02-20 14:53 - 00020818 _____ C:\Users\bbgam\Downloads\Poker.zip
2017-02-19 20:25 - 2017-02-19 20:25 - 00000000 ____D C:\Users\bbgam\AppData\Roaming\ShanghaiAlice
2017-02-19 20:24 - 2017-02-19 20:25 - 00000000 ____D C:\Users\bbgam\Desktop\touhou
2017-02-19 20:24 - 2017-02-19 20:24 - 563066505 _____ C:\Users\bbgam\Downloads\Touhou 15 - Legacy of Lunatic Kingdom.zip
2017-02-07 21:36 - 2016-12-29 04:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-07 21:36 - 2016-09-09 10:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-07 21:36 - 2016-09-09 10:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-07 21:36 - 2016-09-09 10:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-07 21:36 - 2016-09-09 10:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-07 21:35 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-07 21:35 - 2017-01-04 15:24 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-04 20:08 - 2017-02-16 23:22 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-04 20:08 - 2017-02-16 23:22 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-04 20:08 - 2017-02-16 23:22 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-04 20:08 - 2017-02-06 16:57 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-04 20:08 - 2017-02-04 20:08 - 00001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-04 20:08 - 2017-02-04 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-04 20:08 - 2017-02-04 20:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-04 20:08 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-01 16:20 - 2017-02-01 16:20 - 00360529 _____ C:\Users\bbgam\Desktop\Jan30HWbbaskovich.pdf
2017-02-01 16:17 - 2017-02-01 16:17 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-02-01 16:14 - 2017-02-01 16:14 - 00000000 ____D C:\Users\bbgam\AppData\LocalLow\Adobe
2017-01-31 18:44 - 2017-01-31 18:44 - 00114816 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll
2017-01-31 18:44 - 2017-01-31 18:44 - 00104576 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll
2017-01-31 18:44 - 2017-01-31 18:44 - 00048776 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzAPIChromaSDK.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 14:21 - 2016-09-22 13:25 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-01 14:21 - 2016-08-25 15:19 - 00000000 ____D C:\Users\bbgam\AppData\Local\Eclipse
2017-03-01 14:21 - 2016-08-25 15:07 - 00000000 ____D C:\Users\bbgam\.p2
2017-02-28 22:31 - 2016-01-16 16:49 - 01784862 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-28 22:25 - 2016-09-22 13:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-28 22:25 - 2016-09-22 13:26 - 00000000 ____D C:\Users\bbgam
2017-02-28 22:25 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-28 22:25 - 2016-02-27 15:24 - 00000091 _____ C:\HaxLogs.txt
2017-02-28 22:25 - 2016-01-19 19:03 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-28 22:22 - 2016-03-03 13:35 - 00000000 ____D C:\ProgramData\ef1c7be8
2017-02-28 22:20 - 2016-01-17 04:25 - 00000000 ____D C:\Users\bbgam\AppData\Local\CrashDumps
2017-02-28 22:19 - 2016-08-06 20:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-28 22:19 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-28 22:05 - 2016-09-22 13:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-28 21:02 - 2016-01-16 16:56 - 00000000 ____D C:\ProgramData\EPSON
2017-02-28 20:48 - 2016-01-31 00:15 - 00000000 ____D C:\Users\bbgam\AppData\Local\ElevatedDiagnostics
2017-02-27 22:34 - 2016-11-29 19:27 - 00000000 ____D C:\Users\bbgam\MusicBot
2017-02-27 22:30 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-27 22:30 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-26 12:44 - 2016-08-25 15:19 - 00000000 ____D C:\Users\bbgam\Desktop\CS HW
2017-02-25 23:05 - 2016-01-19 19:03 - 00000000 ____D C:\ProgramData\ProductData
2017-02-23 19:44 - 2016-01-16 16:58 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-22 19:26 - 2016-01-16 16:59 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 19:26 - 2016-01-16 16:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-21 22:06 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 22:34 - 2016-04-09 13:02 - 00000000 ____D C:\Users\bbgam\AppData\Roaming\discord
2017-02-20 01:41 - 2016-01-16 17:49 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-15 22:23 - 2016-11-01 19:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 22:23 - 2016-01-17 11:43 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-15 17:49 - 2016-09-22 13:29 - 00003982 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-15 17:49 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 17:49 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-15 17:36 - 2016-01-16 16:52 - 00000000 ____D C:\Users\bbgam\AppData\Local\Packages
2017-02-11 16:32 - 2016-06-09 15:01 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-02-11 16:32 - 2016-03-12 00:42 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-11 16:31 - 2016-03-12 00:43 - 00000000 ____D C:\Users\bbgam\AppData\Local\Battle.net
2017-02-07 21:36 - 2016-09-22 13:25 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-07 21:36 - 2016-09-22 13:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-07 21:36 - 2016-09-22 13:25 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 21:36 - 2016-03-19 15:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-07 21:36 - 2016-01-16 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-07 21:35 - 2016-01-16 17:52 - 00000000 ____D C:\Users\bbgam\AppData\Local\NVIDIA Corporation
2017-02-05 00:30 - 2016-04-02 16:42 - 00000000 ____D C:\Users\bbgam\AppData\Roaming\Factorio
2017-02-04 21:56 - 2016-07-31 17:43 - 00000000 ____D C:\Users\bbgam\AppData\Roaming\foobar2000
2017-02-04 20:08 - 2016-01-19 19:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-04 19:36 - 2017-01-26 20:19 - 00000000 ____D C:\Users\bbgam\AppData\Roaming\deluge
2017-02-01 16:15 - 2016-05-16 13:15 - 00000000 ____D C:\ProgramData\Adobe
2017-02-01 16:14 - 2016-01-17 11:42 - 00000000 ____D C:\Users\bbgam\AppData\Local\Adobe
2017-02-01 16:14 - 2016-01-16 16:52 - 00000000 ____D C:\Users\bbgam\AppData\Roaming\Adobe
2017-02-01 16:10 - 2016-05-16 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== Files in the root of some directories =======

2016-01-17 04:31 - 2016-03-30 16:11 - 1065984 _____ () C:\Users\bbgam\AppData\Local\file__0.localstorage
2017-02-26 01:34 - 2017-02-26 01:34 - 0000739 _____ () C:\Users\bbgam\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2016-10-29 21:46 - 2016-11-17 05:45 - 1135552 _____ (NVIDIA Corporation) C:\Users\bbgam\AppData\Local\Temp\NvTelemetry.dll
2016-11-26 14:05 - 2016-11-17 05:45 - 0217024 _____ (NVIDIA Corporation) C:\Users\bbgam\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-29 21:46 - 2016-11-17 05:45 - 0268736 _____ (NVIDIA Corporation) C:\Users\bbgam\AppData\Local\Temp\NvTelemetryAPI64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-26 17:22

==================== End of FRST.txt ============================

Thank you!

 

 

Addition.txt

Link to post
Share on other sites

Thanks for those logs, one point of note C:\ Drive has minimal space, windows needs approx 15% of free space to work efficiently.... Continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Uninstall the following:

Itibiti RTC
KNCTR
Note-up
One System Care
Popcorn Time
Satellite Comma


Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs, also tell me if there any remaining issues or concerns..

 

fixlist.txt

Link to post
Share on other sites

My programs and features control panel isn't showing the following programs: KNCTR, Note-Up, One System Care, or Satellite Comma. I uninstalled the other two programs, though. Also, today, nothing showed up in the basic MalwareBytes. It's different story for the AdwCleaner, though. Sophos did not find anything, so its log is not included. Thanks again!

AdwCleaner log:

# AdwCleaner v6.044 - Logfile created 01/03/2017 at 16:08:13
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-01.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : bbgam - DESKTOP-JPET0VD
# Running from : C:\Users\bbgam\AppData\Local\Temp\scoped_dir6408_29881\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: sdfhgdf
[-] Service deleted: Update service


***** [ Folders ] *****

[-] Folder deleted: C:\Users\bbgam\AppData\Roaming\Store
[-] Folder deleted: C:\Users\bbgam\AppData\Roaming\Itibiti
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\drivers\sdfhgdf.sys
[-] File deleted: C:\WINDOWS\rsrcs.dll


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\Software\csdimedia
[-] Key deleted: HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\Software\Store
[-] Key deleted: HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\Software\WTools
[-] Key deleted: HKU\S-1-5-21-2216538681-3610294338-1550058127-1001\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\csdimedia
[#] Key deleted on reboot: HKCU\Software\Store
[#] Key deleted on reboot: HKCU\Software\WTools
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: HKLM\SOFTWARE\csdimedia
[-] Key deleted: HKLM\SOFTWARE\SearchModule
[-] Key deleted: HKLM\SOFTWARE\SimpleFiles
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Note-up
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Itibiti_is1
[#] Key deleted on reboot: [x64] HKCU\Software\csdimedia
[#] Key deleted on reboot: [x64] HKCU\Software\Store
[#] Key deleted on reboot: [x64] HKCU\Software\WTools
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2640 Bytes] - [01/03/2017 16:08:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [2703 Bytes] - [01/03/2017 16:07:12]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2786 Bytes] ##########
 

MalwareBytesScanLog.txt

Fixlog.txt

Edited by AMFT
Forgot to attach logs
Link to post
Share on other sites

Thanks for the update, if no remaining issues or concerns continue with the following to clean up:

Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.