Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RAM USAGE 95% svchost usage slowly increases to over 1million k


  • This topic is locked This topic is locked
3 replies to this topic

#1 Benjamink73

Benjamink73

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 08 November 2015 - 01:06 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Benjamin (administrator) on BENJAMIN-HP (07-11-2015 12:55:26)
Running from C:\Users\Benjamin\Downloads
Loaded Profiles: Benjamin (Available Profiles: Benjamin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New_b0108c1\instup.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-19] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-03-19] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834}: [DhcpNameServer] 40.5.1.100
Tcpip\..\Interfaces\{F5E63BD8-49A1-4050-AA59-819A37B38D6C}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-19] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-11-07] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-19] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-11-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-11-07] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-4029501432-2373170489-2655336811-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-11-07] (Google Inc.)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-19] [not signed]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-19] (Avast Software s.r.o.)
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-22] (Hewlett-Packard Company) [File not signed]
S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-04-19] (Realtek Semiconductor Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-19] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-19] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-19] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-19] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-19] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-19] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-07 12:48 - 2015-11-07 12:49 - 00021360 _____ C:\Users\Benjamin\Downloads\Addition.txt
2015-11-07 12:47 - 2015-11-07 12:55 - 00009532 _____ C:\Users\Benjamin\Downloads\FRST.txt
2015-11-07 12:47 - 2015-11-07 12:55 - 00000000 ____D C:\FRST
2015-11-07 12:47 - 2015-11-07 12:47 - 02198528 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST64.exe
2015-11-07 10:33 - 2015-11-07 10:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-07 12:45 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 12:45 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-07 12:43 - 2010-10-21 00:49 - 01595923 _____ C:\Windows\WindowsUpdate.log
2015-11-07 12:42 - 2009-07-13 21:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 12:38 - 2015-03-19 15:32 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 12:37 - 2015-03-19 15:32 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 12:36 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-07 12:36 - 2009-07-13 20:51 - 00040700 _____ C:\Windows\setupact.log
2015-11-07 10:51 - 2015-03-15 17:28 - 00206128 _____ C:\Windows\PFRO.log
2015-11-07 10:44 - 2009-07-13 21:08 - 00018618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-07 10:34 - 2015-03-19 15:32 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-07 10:17 - 2015-03-19 15:35 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
==================== Files in the root of some directories =======
2010-10-21 00:59 - 2010-10-21 00:59 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-10 20:57 - 2010-07-10 20:57 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-10-21 00:58 - 2010-10-21 00:58 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-10 20:51 - 2010-07-10 20:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-21 00:58 - 2010-10-21 00:58 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-10-21 00:59 - 2010-10-21 00:59 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-10 20:50 - 2010-07-10 20:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-10 20:52 - 2010-07-10 20:56 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-21 00:59 - 2010-10-21 00:59 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
Some files in TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\HPQSi.exe
C:\Users\Benjamin\AppData\Local\Temp\MSN3FCD.exe
C:\Users\Benjamin\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Benjamin\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Benjamin\AppData\Local\Temp\sfextra.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-15 17:03
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Benjamin (2015-11-07 12:55:54)
Running from C:\Users\Benjamin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-03-16 01:30:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4029501432-2373170489-2655336811-500 - Administrator - Disabled)
Benjamin (S-1-5-21-4029501432-2373170489-2655336811-1000 - Administrator - Enabled) => C:\Users\Benjamin
Guest (S-1-5-21-4029501432-2373170489-2655336811-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader 9.3 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{CF1A69F1-4335-4322-A137-235E3AE36BB0}) (Version: 5.0.13.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Russian Phonetic YaWert - WinRus.com (HKLM\...\{3A414249-4B92-422C-904C-5FA6FF525AB1}) (Version: 1.0.3.40 - personal)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

09-05-2015 20:53:05 Установлено: Russian Phonetic YaWert - WinRus.com
09-05-2015 20:56:41 Windows Update
12-05-2015 21:46:18 Windows Update
14-05-2015 16:38:39 Windows Update
18-05-2015 16:36:55 Windows Update
19-05-2015 15:25:51 Windows Update
20-05-2015 22:29:18 Windows Update
20-06-2015 17:18:07 Windows Update
07-11-2015 10:21:04 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {AC95056B-E84A-43DF-A240-A26BFCBB0AE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2010-06-22] (Hewlett-Packard Company)
Task: {CCDAF51E-F2E9-4647-A736-39139E6195F8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-07] (Avast Software s.r.o.)
Task: {E7350445-93F1-429F-A134-2A6ABB763C79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {F3F9D00D-AB67-4C17-956D-28329D14CD66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-06-10 15:42 - 2010-06-10 15:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-21 00:47 - 2010-10-21 00:47 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-03-19 15:31 - 2015-03-19 15:31 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-19 15:31 - 2015-03-19 15:31 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-07 10:21 - 2015-11-07 10:21 - 02990592 _____ () C:\Program Files\AVAST Software\Avast\defs\15110800\algo.dll
2015-03-19 15:31 - 2015-03-19 15:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-19 15:31 - 2015-03-19 15:31 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-19 15:31 - 2015-03-19 15:31 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4029501432-2373170489-2655336811-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A3A4B663-7DAA-4562-A680-C47CAC7A17FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{638994E1-027B-466D-8317-676ECF48C593}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{00CE288C-23A8-4A74-912D-494DB7A9F225}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{B21DEE4D-4E4F-4FFB-BA3E-CBD58CF8565B}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{B87D24D6-7C05-42AE-886B-60E19A50D6AB}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [TCP Query User{CD121D59-D18D-4962-B336-1538CC013102}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{65A6CF31-4EFD-47CE-89F4-DF6F4B1C91E0}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{298FA12B-4CB6-42E9-AFBE-B863D6510F38}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{5FB9D8AA-16A2-47E5-8B1E-1486F2710F94}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2015 10:40:15 AM) (Source: Windows Activation Technologies) (EventID: 14) (User: )
Description: Genuine validation failure:
hr = 0x800706BA

Error: (11/07/2015 10:39:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17801 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1260

Start Time: 01d1198b55e8b197

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/20/2015 06:48:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/19/2015 03:26:51 PM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.MFCLOC,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070091. assembly interface: IAssemblyCacheItem, function: Commit, component: {74FD3CE6-2A8D-0E9C-A01F-C8B3B9A1E18E}

Error: (05/19/2015 07:34:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/18/2015 05:12:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/15/2015 05:04:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/12/2015 09:10:02 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/08/2015 03:09:19 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/16/2015 06:53:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (11/07/2015 12:36:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:57:50 AM on ‎11/‎7/‎2015 was unexpected.

Error: (11/07/2015 10:52:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:50:57 AM on ‎11/‎7/‎2015 was unexpected.

Error: (11/07/2015 10:46:22 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (11/07/2015 10:45:22 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
%%1056

Error: (11/07/2015 10:44:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/07/2015 10:44:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/07/2015 10:44:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/07/2015 10:44:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

Error: (11/07/2015 10:44:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/07/2015 10:44:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: AMD Athlon™ II P340 Dual-Core Processor
Percentage of memory in use: 78%
Total physical RAM: 2810.9 MB
Available physical RAM: 615.57 MB
Total Virtual: 7024.09 MB
Available Virtual: 4709.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.45 GB) (Free:240.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.34 GB) (Free:2.51 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 13 November 2015 - 10:27 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:53 AM

Posted 13 November 2015 - 10:34 AM

Greetings Benjamink73 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Do you recognize this?

Установлено: Russian Phonetic YaWert - WinRus.com

Please do this.

===================================================

MGADiag Tool

-------------------
  • Download MGADiag Tool and save it to your desktop
  • Double click the icon then if necessary click OK on the Executable File warning
  • Click Run, then Continue
  • Once completed a Microsoft Genuine Advantage Diagnostic Tool screen will open
  • Click Copy
  • Press the Windows Key + R at the same time
  • Type Notepad and press Enter
  • Save the file on your Desktop as WGA.txt
  • Upload the file here
  • Let me know when the file has been uploaded
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2010-10-21 00:59 - 2010-10-21 00:59 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-10 20:57 - 2010-07-10 20:57 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-10-21 00:58 - 2010-10-21 00:58 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-10 20:51 - 2010-07-10 20:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-21 00:58 - 2010-10-21 00:58 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-10-21 00:59 - 2010-10-21 00:59 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-10 20:50 - 2010-07-10 20:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-10 20:52 - 2010-07-10 20:56 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-21 00:59 - 2010-10-21 00:59 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
C:\Users\Benjamin\AppData\Local\Temp\HPQSi.exe
C:\Users\Benjamin\AppData\Local\Temp\MSN3FCD.exe
C:\Users\Benjamin\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Benjamin\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Benjamin\AppData\Local\Temp\sfextra.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize program?
  • Uploaded WGA.txt file
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:53 AM

Posted 17 November 2015 - 10:04 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:53 AM

Posted 19 November 2015 - 09:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users