Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple DCOM Errors W10


  • This topic is locked This topic is locked
8 replies to this topic

#1 tazmo8448

tazmo8448

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:12:12 AM

Posted 20 October 2015 - 12:03 PM

First time FRST user here and woud like to take advantage of your expertise perusing the two notepads created by FRST64.exe. My main concern is the the Event Viewer errors I am receiving. Also I had an issue with booting two days ago whereas when trying to boot I would get a black screen and after several trys was only able to boot in Safe Mode with Disable Driver Signature Enforcement Only mode. I ran TDSSKiller that seemed to let me boot back to desktop normally then noticed on my MBAM Premium context that there was an additional entry for allowing a web exclusion (n1.smartyads.com) that was not there previously. I uninstalled MBAM and am now using the free edition. 

 Prior to this posting (yesterday) I ran Hitman Pro, ESET Online Scanner, SuperAntiSpyware, MBAM, EMISoft Emergency Kit, Rogue Killer and Windows Malware Tool (mrt). Needless to say I was paranoid. Thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 21 October 2015 - 10:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [No File]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
U3 idsvc; no ImagePath
S3 VMSVSF; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {2A34D53D-5791-43B2-8ED1-24BFE3D12B98} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {42235D98-7FDD-4186-BD87-E50E0BBEF439} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4EF0178F-8728-4DCE-9BD0-8B56398F5E77} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {503CDE64-CA6C-4CA5-B7AC-4B60C1DFD48D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {873C1DC8-FE82-46AF-A559-23E0F6F08F10} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {88C964B6-7249-4D0E-8E46-42AD5A52AD0B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9228608D-E324-4B25-80C0-3F838B50C0DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9BB4AACA-7CC5-48F4-8814-E26E343C3CFB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A8E31DC9-C2CD-4BF4-932D-8A486D7765A9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AC4D1E26-BD03-4EB3-B698-C4D488CC27DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B476DB32-24CF-4633-AC53-948ABB1B94B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Trixie:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Trixie\Application Data:gs5sys
AlternateDataStreams: C:\Users\Trixie\Cookies:gs5sys
AlternateDataStreams: C:\Users\Trixie\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Trixie\Templates:gs5sys
AlternateDataStreams: C:\Users\Trixie\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Trixie\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Trixie\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Trixie\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Trixie\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Trixie\Documents\desktop.ini:gs5sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

What problems persists.

#3 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:12:12 AM

Posted 22 October 2015 - 02:13 PM

Thanks nasdaq will do.



#4 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:12:12 AM

Posted 22 October 2015 - 02:45 PM

okay nasdaq here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Trixie (2015-10-22 15:25:29) Run:1
Running from H:\Utilities
Loaded Profiles: Trixie (Available Profiles: Trixie & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [No File]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
U3 idsvc; no ImagePath
S3 VMSVSF; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {2A34D53D-5791-43B2-8ED1-24BFE3D12B98} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {42235D98-7FDD-4186-BD87-E50E0BBEF439} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4EF0178F-8728-4DCE-9BD0-8B56398F5E77} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {503CDE64-CA6C-4CA5-B7AC-4B60C1DFD48D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {873C1DC8-FE82-46AF-A559-23E0F6F08F10} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {88C964B6-7249-4D0E-8E46-42AD5A52AD0B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9228608D-E324-4B25-80C0-3F838B50C0DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9BB4AACA-7CC5-48F4-8814-E26E343C3CFB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A8E31DC9-C2CD-4BF4-932D-8A486D7765A9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AC4D1E26-BD03-4EB3-B698-C4D488CC27DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B476DB32-24CF-4633-AC53-948ABB1B94B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Trixie:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Trixie\Application Data:gs5sys
AlternateDataStreams: C:\Users\Trixie\Cookies:gs5sys
AlternateDataStreams: C:\Users\Trixie\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Trixie\Templates:gs5sys
AlternateDataStreams: C:\Users\Trixie\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Trixie\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Trixie\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Trixie\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Trixie\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Trixie\Documents\desktop.ini:gs5sys
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.7.1" => key removed successfully
atillk64 => service removed successfully
idsvc => service removed successfully
VMSVSF => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A34D53D-5791-43B2-8ED1-24BFE3D12B98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A34D53D-5791-43B2-8ED1-24BFE3D12B98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42235D98-7FDD-4186-BD87-E50E0BBEF439}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42235D98-7FDD-4186-BD87-E50E0BBEF439}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EF0178F-8728-4DCE-9BD0-8B56398F5E77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EF0178F-8728-4DCE-9BD0-8B56398F5E77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{503CDE64-CA6C-4CA5-B7AC-4B60C1DFD48D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{503CDE64-CA6C-4CA5-B7AC-4B60C1DFD48D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{873C1DC8-FE82-46AF-A559-23E0F6F08F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{873C1DC8-FE82-46AF-A559-23E0F6F08F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88C964B6-7249-4D0E-8E46-42AD5A52AD0B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88C964B6-7249-4D0E-8E46-42AD5A52AD0B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9228608D-E324-4B25-80C0-3F838B50C0DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9228608D-E324-4B25-80C0-3F838B50C0DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BB4AACA-7CC5-48F4-8814-E26E343C3CFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BB4AACA-7CC5-48F4-8814-E26E343C3CFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8E31DC9-C2CD-4BF4-932D-8A486D7765A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8E31DC9-C2CD-4BF4-932D-8A486D7765A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC4D1E26-BD03-4EB3-B698-C4D488CC27DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4D1E26-BD03-4EB3-B698-C4D488CC27DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B476DB32-24CF-4633-AC53-948ABB1B94B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B476DB32-24CF-4633-AC53-948ABB1B94B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\Trixie => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
"C:\Users\Trixie\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Trixie\Cookies" => ":gs5sys" ADS not found.
"C:\Users\Trixie\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\Trixie\Templates" => ":gs5sys" ADS not found.
C:\Users\Trixie\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Trixie\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\Trixie\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\Trixie\AppData\Local\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Trixie\AppData\Local\History" => ":gs5sys" ADS not found.
C:\Users\Trixie\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
EmptyTemp: => 1013 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:26:05 ====
 
the only problem I'm expierencing at the moment is Google Chrome opens new tabs with icons that are grey rather than in color. I have uninstalled/re-installed Chrome but it persists. I have a screen shot but  don't see where or how to post it. I have forwarded it to Chrome. What happens is opening a new with their apps shows two out of four icons in color and the other two grey. the four are 
1) Web Store = color
2) YouTube = grey
3) Google Search = grey
4) Gmail  = color
other than that haven't come across any real concerns....knock on wood
 
if I may when you created a fixlog what did you see that needed addressing? thanks again for your time nasdaq.

Edited by tazmo8448, 22 October 2015 - 02:47 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 23 October 2015 - 08:33 AM

Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.

Click more tools > Extensions.

Delete these extensions in bold.

CHR NewTab: Default -> "chrome-extension://nohbdifokmdgjcbbeobglcbaifinhfip/go.html"
CHR Extension: (Show Apps in new tab) - C:\Users\Trixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip

Close Chrome.

Restart the browser.

Is the issue persisting?

#6 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:12:12 AM

Posted 23 October 2015 - 08:59 AM

Thanks again nasdaq. The issue has stopped (the Chrome thing) on its own...all good now.

 

Mind if I ask what 'gs5sys' is? Searching for the answer seems to only pose more questions and what I'm seeing online is it is repaired/fixed doing the FRST. Is it some sort of malware that creates Alternate Data Systems? Any enlightenment would be greatly appreciated.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 23 October 2015 - 09:21 AM

It's the AlternateDataStreams that we are concerned about.

Malware uses it to achieved their ends.

You can read about it. Do not spent to much time on it.
http://blogs.technet.com/b/askcore/archive/2013/03/24/alternate-data-streams-in-ntfs.aspx

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

p.s.
Did you remove the two Chrome Extensions or was it not necessary?

#8 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:12:12 AM

Posted 23 October 2015 - 09:53 AM

Thanks seems as though ADS is a backdoor thing.

 

Didn't have to remove the extensions it went back to working on its own....funny thing I did a new OS install on my laptop (the W10 upgrade wouldn't work with my older ATI drivers/gfx card) and Google Chrome did the same thing there so it must be a Chrome glitch. Thanks for all your help and the next time they talk bad about Canada I'm walkin' off...    : ^ }

 

One caveat though I noticed things started working better in W10, I use the Classic Shell Ext that makes W10 'seem' like W7 and the taskbar was unresponsive (right clicking on it would do nothing) now it works like its supposed to..dunno how but evidently the ADS :gs5sys removal got that back up and running

 

thanks again nasdaq and have a good weekend.


Edited by tazmo8448, 23 October 2015 - 09:57 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 29 October 2015 - 07:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users