Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unauthorized processes copy my files


  • This topic is locked This topic is locked
11 replies to this topic

#1 Blaze1206

Blaze1206

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 May 2015 - 11:01 AM

Hello everyone, i got a problem that i can't solve by myself, so some help would be appreciate. :)

 

So, I got an HP Pavillion g6 with windows 8.1 installed inside.

 

My problem is that sometimes while i'm on the pc, some unauthorized copying files processes start without any action.

 

I have done obviously lots of antivirus scannings with many different programs (Malwarebytes, Sophos, Kaspersky, HitmanPro etc... )

But none of them found anything.

 

Seeing this, i decided to format my pc, installing a new clean image of the Operating System.

 

I thought that the problem was solved, but the weird processes started again.

 

I downloaded ProcessExplorer and found out these processes that are very suspicious by my opinion:

 

Double process of COM SURROGATE that disappear after some seconds from the list:

http://i.imgur.com/iIXMfRk.png http://i.imgur.com/yKmFiE7.png

 

And these other two: http://i.imgur.com/leHGyFC.png  http://i.imgur.com/frtTz8A.png

 

More info: some time ago i got the police virus that block the pc (i don't know the name), and this one too: exp/java.rafold.v.gen , i don't know if it's related to the problem.

 

That's it, sorry for my english but it's not my first language :P

 

Thanks in advance to everyone, hope to solve it as soon as possible.

 

Have a nice day.  

 

 



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:57 AM

Posted 10 May 2015 - 11:06 AM

Hi there,

Let's take a look.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 May 2015 - 11:25 AM

Minitoolbox Result.txt:

 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by Danilo (administrator) on 10-05-2015 at 18:18:07
Running from "C:\Users\Danilo\Desktop"
Microsoft Windows 8.1  (X64)
Model: HP Pavilion g6 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configurazione IP di Windows
 
Cache del resolver DNS svuotata.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Ralink RT5390R 802.11bgn Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="ethernet_4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione alla rete locale (LAN)* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# Fine configurazione IPv4
 
 
 
Configurazione IP di Windows
 
   Nome host . . . . . . . . . . . . . . : Danilo
   Suffisso DNS primario . . . . . . . . : 
   Tipo nodo . . . . . . . . . . . . . . : Ibrido
   Routing IP abilitato. . . . . . . . . : No
   Proxy WINS abilitato . . . . . . . .  : No
   Elenco di ricerca suffissi DNS. . . . : fastwebnet.it
 
Scheda LAN wireless Connessione alla rete locale (LAN)* 2:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Scheda virtuale Microsoft Wi-Fi Direct
   Indirizzo fisico. . . . . . . . . . . : F4-B7-E2-C6-91-49
   DHCP abilitato. . . . . . . . . . . . : S�
   Configurazione automatica abilitata   : S�
 
Scheda Ethernet Ethernet:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Indirizzo fisico. . . . . . . . . . . : 74-46-A0-7C-52-5F
   DHCP abilitato. . . . . . . . . . . . : S�
   Configurazione automatica abilitata   : S�
 
Scheda LAN wireless Wi-Fi:
 
   Suffisso DNS specifico per connessione: fastwebnet.it
   Descrizione . . . . . . . . . . . . . : Ralink RT5390R 802.11bgn Wi-Fi Adapter
   Indirizzo fisico. . . . . . . . . . . : F4-B7-E2-C6-91-4F
   DHCP abilitato. . . . . . . . . . . . : S�
   Configurazione automatica abilitata   : S�
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::9def:c0fd:32de:188c%2(Preferenziale) 
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.136(Preferenziale) 
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Lease ottenuto. . . . . . . . . . . . : domenica 10 maggio 2015 16:41:30
   Scadenza lease . . . . . . . . . . .  : domenica 10 maggio 2015 18:41:30
   Gateway predefinito . . . . . . . . . : 192.168.1.254
   Server DHCP . . . . . . . . . . . . . : 192.168.1.254
   IAID DHCPv6 . . . . . . . . . . . : 334804962
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1C-D6-75-1D-74-46-A0-7C-52-5F
   Server DNS . . . . . . . . . . . . .  : 62.101.93.101
                                           83.103.25.250
   Server WINS primario . . . . . . . .  : 192.168.1.254
   NetBIOS su TCP/IP . . . . . . . . . . : Attivato
 
Scheda Tunnel isatap.fastwebnet.it:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: fastwebnet.it
   Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S�
 
Scheda Tunnel Connessione alla rete locale (LAN)* 12:
 
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S�
   Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:0:9d38:6abd:14f3:18da:3f57:fe77(Preferenziale) 
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::14f3:18da:3f57:fe77%7(Preferenziale) 
   Gateway predefinito . . . . . . . . . : ::
   IAID DHCPv6 . . . . . . . . . . . : 117440512
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1C-D6-75-1D-74-46-A0-7C-52-5F
   NetBIOS su TCP/IP . . . . . . . . . . : Disattivato
Server:  anyres1.fastwebnet.it
Address:  62.101.93.101
 
Nome:    google.com
Addresses:  2a00:1450:4002:808::200e
 216.58.212.78
 
 
Esecuzione di Ping google.com [216.58.212.78] con 32 byte di dati:
Risposta da 216.58.212.78: byte=32 durata=41ms TTL=53
Risposta da 216.58.212.78: byte=32 durata=41ms TTL=53
 
Statistiche Ping per 216.58.212.78:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 41ms, Massimo =  41ms, Medio =  41ms
Server:  anyres1.fastwebnet.it
Address:  62.101.93.101
 
Nome:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Esecuzione di Ping yahoo.com [206.190.36.45] con 32 byte di dati:
Risposta da 206.190.36.45: byte=32 durata=211ms TTL=47
Risposta da 206.190.36.45: byte=32 durata=211ms TTL=47
 
Statistiche Ping per 206.190.36.45:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 211ms, Massimo =  211ms, Medio =  211ms
 
Esecuzione di Ping 127.0.0.1 con 32 byte di dati:
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
 
Statistiche Ping per 127.0.0.1:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 0ms, Massimo =  0ms, Medio =  0ms
===========================================================================
Elenco interfacce
  8...f4 b7 e2 c6 91 49 ......Scheda virtuale Microsoft Wi-Fi Direct
  4...74 46 a0 7c 52 5f ......Realtek PCIe FE Family Controller
  2...f4 b7 e2 c6 91 4f ......Ralink RT5390R 802.11bgn Wi-Fi Adapter
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.136     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.136    281
    192.168.1.136  255.255.255.255         On-link     192.168.1.136    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.136    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.136    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.136    281
===========================================================================
Route permanenti:
  Nessuna
 
IPv6 Tabella route
===========================================================================
Route attive:
 Interf Metrica Rete Destinazione      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:9d38:6abd:14f3:18da:3f57:fe77/128
                                    On-link
  2    281 fe80::/64                On-link
  7    306 fe80::/64                On-link
  7    306 fe80::14f3:18da:3f57:fe77/128
                                    On-link
  2    281 fe80::9def:c0fd:32de:188c/128
                                    On-link
  1    306 ff00::/8                 On-link
  2    281 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Route permanenti:
  Nessuna
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/10/2015 04:41:26 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
 
Error: (05/10/2015 00:23:47 PM) (Source: Application Hang) (User: )
Description: Il programma LiveComm.exe versione 17.5.9600.20856 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: fc4
 
Ora di avvio: 01d08b0ab057beda
 
Ora di chiusura: 4294967295
 
Percorso applicazione: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
 
ID segnalazione: a205312f-f6fe-11e4-be7b-7446a07c525f
 
Nome completo pacchetto che ha generato l'errore: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
 
ID applicazione relativo al pacchetto che ha generato l'errore: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (05/10/2015 11:23:49 AM) (Source: Application Hang) (User: )
Description: Il programma LiveComm.exe versione 17.5.9600.20856 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 1464
 
Ora di avvio: 01d08b024ab2229d
 
Ora di chiusura: 4294967295
 
Percorso applicazione: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
 
ID segnalazione: 40dc2e35-f6f6-11e4-be7b-7446a07c525f
 
Nome completo pacchetto che ha generato l'errore: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
 
ID applicazione relativo al pacchetto che ha generato l'errore: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (05/09/2015 10:51:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1845703
 
Error: (05/09/2015 10:51:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1845703
 
Error: (05/09/2015 10:51:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/09/2015 06:21:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12079
 
Error: (05/09/2015 06:21:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12079
 
Error: (05/09/2015 06:21:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/09/2015 00:19:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7282
 
 
System errors:
=============
Error: (05/10/2015 04:40:14 PM) (Source: DCOM) (User: DANILO)
Description: 1084WSearchNon disponibile{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (05/10/2015 04:40:14 PM) (Source: DCOM) (User: DANILO)
Description: 1084ShellHWDetectionNon disponibile{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/10/2015 04:39:41 PM) (Source: DCOM) (User: DANILO)
Description: 1084WSearchNon disponibile{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/10/2015 04:39:41 PM) (Source: DCOM) (User: DANILO)
Description: 1084WSearchNon disponibile{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/10/2015 04:39:41 PM) (Source: DCOM) (User: DANILO)
Description: 1084WSearchNon disponibile{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/10/2015 04:39:41 PM) (Source: DCOM) (User: DANILO)
Description: 1084WSearchNon disponibile{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/10/2015 04:39:41 PM) (Source: DCOM) (User: DANILO)
Description: 1084WSearchNon disponibile{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/10/2015 04:39:37 PM) (Source: DCOM) (User: DANILO)
Description: 1084ShellHWDetectionNon disponibile{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/10/2015 04:37:49 PM) (Source: DCOM) (User: DANILO)
Description: 1084ShellHWDetectionNon disponibile{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/10/2015 04:37:40 PM) (Source: DCOM) (User: DANILO)
Description: 1084dpsNon disponibile{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
 
Microsoft Office Sessions:
=========================
Error: (05/10/2015 04:41:26 PM) (Source: ATIeRecord)(User: )
Description: 
 
Error: (05/10/2015 00:23:47 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20856fc401d08b0ab057beda4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exea205312f-f6fe-11e4-be7b-7446a07c525fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (05/10/2015 11:23:49 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20856146401d08b024ab2229d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe40dc2e35-f6f6-11e4-be7b-7446a07c525fmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (05/09/2015 10:51:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1845703
 
Error: (05/09/2015 10:51:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1845703
 
Error: (05/09/2015 10:51:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/09/2015 06:21:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12079
 
Error: (05/09/2015 06:21:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12079
 
Error: (05/09/2015 06:21:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/09/2015 00:19:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7282
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-03 12:53:30.056
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
 
=========================== Installed Programs ============================
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D6CCB94-05E3-753A-5ED7-97495EA8AEFF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.3.40209 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Free 8.0 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Catalyst Control Center (x32 Version: 2012.0918.260.3365 - Nome società) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-1110 series (HKLM-x32\...\{4F2442B7-A89E-42A4-8F0E-6937499855CA}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
HP 3D DriveGuard (HKLM\...\{CAD3347B-FAC8-4E69-A6B2-DEFBE08151C0}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Malwarebytes Anti-Malware versione 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 it) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 it)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{9E41A772-875C-4468-B1BD-54B1B1125C8B}) (Version: 4.11.9775 - Apache Software Foundation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 54%
Total physical RAM: 3988.27 MB
Available physical RAM: 1831.88 MB
Total Pagefile: 5268.27 MB
Available Pagefile: 2458.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.46 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:578.21 GB) (Free:546.84 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:16.75 GB) (Free:2.11 GB) NTFS
 
========================= Users: ========================================
 
Account utente per \\DANILO
 
Administrator            Danilo                   Guest                    
Esecuzione comando riuscita.
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
08-05-2015 11:38:15 Windows Update
09-05-2015 15:51:54 Installed Boxcryptor 2.1
 
**** End of log ****
 
 
==================================================
 
screen317 checkup.txt:
 

 Results of screen317's Security Check version 1.001  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Total Security   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (37.0.2) 
 Google Chrome (42.0.2311.135) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Total Security 15.0.2 avp.exe  
 Kaspersky Lab Kaspersky Total Security 15.0.2 avpui.exe  
 Kaspersky Lab Kaspersky Total Security 15.0.2 plugin-nm-server.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:57 AM

Posted 10 May 2015 - 11:35 AM

Hi there,

Please uninstall SUPERAntiSpyware - its detection rate is poor. You already have MBAM which is better to use.

Aside from that, there is nothing wrong with your machine - COM Surrogates appearing and disappearing are normal for Windows, and the two files you mentioned are legit files (atieclxx.exep and Audiodg.exe).

avp.exe is related to Kaspersky Total Security, you can't touch it anyway - Kaspersky Self-defense module will prevent you from messing with it :)

From what you said it sounded like you used to have Reveton, but it's not related to your problem.

Feel free to ask me if you have any other questions.

Regards,
Alex

(your English is ok, by the way. It's not my first language too)

#5 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 May 2015 - 12:08 PM

Thank you for answering, i uninstalled superantyspyware :)

 

Anway, I have some questions though, the first, can't understand what is this:

 
CodeIntegrity Errors:
===================================
  Date: 2015-05-03 12:53:30.056
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
The second, what start the copying files processes then?  :mellow: 
 
Just to be more accurate, it was a copying process of about 471 elements, that i always interrupted in time (since this morning, because probably it finished copying since i wasn't at the pc and saw what was going on only when it was too late)
 
The two destinations were named like it: "extc.... with some numbers" to "sp... even this with many numbers in the name"
 
I don't really know what to do to solve it...


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:57 AM

Posted 10 May 2015 - 12:11 PM

Hi there,

The line from MiniToolbox simply shows that Windows cannot find catchme.sys (which is a component of ComboFix). This is typical if you have ran ComboFix and then uninstalled it.

How do you know that something is copying your files?

Alex

#7 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 May 2015 - 12:27 PM

Because the copying and paste thing, like it, pops up: http://i.imgur.com/CjiC322.png

 

But, instead of dropbox there was this name: "extc.... with some numbers next to it" 

And instead of desktop this: "sp... even this with many numbers in the name"

 

Sorry for the "noob" explanation but hope it's clear enough :)

 

If it would happen again i'll try to make a screenshot.


Edited by Blaze1206, 10 May 2015 - 12:29 PM.


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:57 AM

Posted 10 May 2015 - 12:32 PM

It would be best if you can make a screenshot of it - I'm drawing a blank on what this is.

Alex

#9 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 May 2015 - 12:43 PM

I'll try to, but it depends on when it will happen again, and if i will notice it in time.

 

It really hurts knowing that something is tracking you.

 

There is nothing i can do to try to find out what the problem is?



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:57 AM

Posted 10 May 2015 - 12:50 PM

You can get a checkup in the Malware Removal Logs area, there are better tools we can use there.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Regards,
Alex

#11 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 May 2015 - 01:54 PM

Thank you again for your time and your help :)

 

I opened it here: http://www.bleepingcomputer.com/forums/t/575779/unauthorized-processes-copy-my-files/



#12 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:06:57 PM

Posted 10 May 2015 - 02:15 PM

Now that you have posted a FRST log in Malware Removal Logs

 

Please refrain from asking for further help from other members or staff until the Malware Removal Team has checked your posted log. The Malware Removal Team work very hard to investigate a unique solution to your problem and you will receive individual expert assistance. This takes time and effort so we ask you to please be patient while waiting for assistance and NOT to make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member. Any modifications you make on your own can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer

 

The Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean. If you followed any other advice already, please ensure you inform the Malware Removal Team Team Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

 

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

 

This topic is closed.


Edited by Queen-Evie, 10 May 2015 - 02:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users