Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

*program*.mgr problem


  • This topic is locked This topic is locked
7 replies to this topic

#1 RAExD

RAExD

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 12 December 2015 - 10:45 PM

Good day.

I've recently downloaded a game that I assumed to be the cause of why I got the virus in the first place. (Said game was deleted)

I typed the virus name on Google and saw this thread about it. I tried following the steps provided until I hit a deadend because I don't know what to do next (the part where I make a fixlist.txt). Seeing as I can't go through with blindly following the steps, I'm creating this post. Note: I'm not sure if this is the only problem in my laptop. Someone adviced me to simply reformat and reinstall but I can't because there are much files that I can't lose.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-12-2015 01
Ran by Minerva (administrator) on MINERVA-PC (13-12-2015 11:19:27)
Running from C:\Users\Minerva\Desktop\FRST
Loaded Profiles: Minerva (Available Profiles: Minerva)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files\ASUS\Sonic Focus\SonicFocusTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Garena Plus\GarenaMessenger.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10992232 2011-09-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [SonicMasterTray] => C:\Program Files\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2262312 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [258048 2011-03-18] (Alcor Micro Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-1716059386-1986996093-2899557017-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1716059386-1986996093-2899557017-1000\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [10008512 2015-11-24] ()
HKU\S-1-5-21-1716059386-1986996093-2899557017-1000\...\Run: [reg_svr] => "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Minerva\AppData\Roaming\glister\nvm.dll"
HKU\S-1-5-21-1716059386-1986996093-2899557017-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1716059386-1986996093-2899557017-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-18\...\RunOnce: [iCloud] => "C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe"
Startup: C:\Users\Minerva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ybwtwsya.exe [2015-12-13] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{4C172F33-3B4A-4308-A7FC-399A192310E7}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{F58AD3CC-D479-40CC-BBE7-6B4B4F22F8BD}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKU\S-1-5-21-1716059386-1986996093-2899557017-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Minerva\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-01-06] (Trend Media Group)

FireFox:
========
FF ProfilePath: C:\Users\Minerva\AppData\Roaming\Mozilla\Firefox\Profiles\mgl6qov6.default
FF Homepage: www.google.com
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-08-27] ( Garena)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Minerva\AppData\Roaming\Mozilla\Firefox\Profiles\mgl6qov6.default\extensions\artur.dubovoy@gmail.com [2015-12-07]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-31]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\system32\GameMon.des [5161056 2014-01-14] (INCA Internet Co., Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [46680 2011-03-18] (Alcor Micro, Corp.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [101352 2011-06-02] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [317416 2011-06-02] (ASMedia Technology Inc)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2241024 2012-11-26] (Qualcomm Atheros Communications, Inc.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-10-30] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 SDGame; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\Minerva\AppData\Local\Temp\gkernel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 11:19 - 2015-12-13 11:19 - 00000000 ____D C:\FRST
2015-12-13 11:18 - 2015-12-13 11:19 - 00000000 ____D C:\Users\Minerva\Desktop\FRST
2015-12-13 11:15 - 2015-12-13 11:17 - 00000000 ____D C:\AdwCleaner
2015-12-13 11:03 - 2015-12-13 11:15 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-13 11:03 - 2015-12-13 11:03 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-13 11:00 - 2015-12-13 11:00 - 01738240 _____ C:\Users\Minerva\Desktop\adwcleaner_5.024.exe
2015-12-13 10:38 - 2015-12-13 11:01 - 20829256 _____ C:\Users\Minerva\Desktop\RogueKiller.exe
2015-12-09 18:27 - 2015-11-12 04:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 18:27 - 2015-11-12 02:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 18:27 - 2015-11-12 02:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 18:27 - 2015-11-12 00:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 18:27 - 2015-11-11 23:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 18:27 - 2015-11-11 23:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 18:27 - 2015-11-11 23:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 18:27 - 2015-11-11 22:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 18:27 - 2015-11-11 02:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 18:27 - 2015-11-11 02:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 18:27 - 2015-11-11 02:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 18:27 - 2015-11-11 01:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 18:27 - 2015-11-10 08:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 18:27 - 2015-11-10 08:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 18:27 - 2015-11-10 08:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 18:27 - 2015-11-10 08:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 18:27 - 2015-11-10 08:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 18:27 - 2015-11-10 08:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 18:27 - 2015-11-10 08:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 18:27 - 2015-11-10 08:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 18:27 - 2015-11-10 08:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 18:27 - 2015-11-10 08:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 18:27 - 2015-11-10 08:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 18:27 - 2015-11-10 08:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 18:27 - 2015-11-10 08:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 18:27 - 2015-11-10 08:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 18:27 - 2015-11-10 08:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 18:27 - 2015-11-10 07:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 18:27 - 2015-11-10 07:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 18:27 - 2015-11-10 07:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 18:27 - 2015-11-10 07:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 18:27 - 2015-11-10 07:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 18:27 - 2015-11-10 07:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 18:27 - 2015-11-10 07:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 18:27 - 2015-11-10 07:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 18:27 - 2015-11-10 07:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 18:27 - 2015-11-10 07:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 18:27 - 2015-11-10 07:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 18:27 - 2015-11-10 07:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 18:27 - 2015-11-10 07:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 18:11 - 2015-11-21 02:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 18:11 - 2015-11-21 02:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 18:11 - 2015-11-21 02:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 18:11 - 2015-11-21 02:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 18:11 - 2015-11-21 02:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 18:11 - 2015-11-21 02:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 18:11 - 2015-11-21 02:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 18:11 - 2015-11-21 02:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 18:11 - 2015-11-21 02:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 18:11 - 2015-11-21 02:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 18:11 - 2015-11-21 02:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 18:11 - 2015-11-06 03:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 18:11 - 2015-11-05 17:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 18:11 - 2015-11-04 02:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 18:11 - 2015-11-04 02:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-03 21:21 - 2015-12-04 03:45 - 00206850 _____ C:\Windows\ntbtlog.txt
2015-11-17 04:08 - 2004-12-30 20:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\npptNT2.sys
2015-11-17 04:08 - 2003-07-16 05:17 - 00005174 _____ C:\Windows\system32\nppt9x.vxd
2015-11-15 10:48 - 2005-05-11 00:54 - 00258352 _____ (Microsoft Corporation) C:\Windows\system32\unicows.dll
2015-11-13 21:19 - 2015-12-12 11:42 - 00000000 ____D C:\Users\Minerva\Documents\DragonNest
2015-11-13 17:00 - 2015-11-13 17:00 - 00001591 _____ C:\Users\Minerva\Desktop\ygopro_vs - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 11:19 - 2009-07-14 10:37 - 00000000 ____D C:\Windows
2015-12-13 11:18 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-13 11:18 - 2009-07-14 10:37 - 00000000 __RSD C:\Windows\Media
2015-12-13 11:03 - 2013-10-06 16:19 - 00000000 ____D C:\Users\Minerva\AppData\Roaming\BITS
2015-12-13 10:41 - 2013-10-06 15:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-13 10:40 - 2009-07-14 12:34 - 00027136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-13 10:40 - 2009-07-14 12:34 - 00027136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-13 10:19 - 2010-11-21 05:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-13 10:19 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
2015-12-13 10:17 - 2014-11-27 17:37 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 10:00 - 2013-10-18 22:30 - 00000000 ____D C:\Users\Minerva\AppData\Local\CrashDumps
2015-12-13 06:04 - 2014-05-05 15:45 - 00000000 ____D C:\Users\Minerva\AppData\Roaming\GarenaPlus
2015-12-13 06:04 - 2014-05-05 15:21 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-12-13 04:35 - 2013-10-06 15:50 - 00000000 ____D C:\Users\Minerva\AppData\Roaming\vlc
2015-12-12 20:11 - 2009-07-14 12:34 - 00000000 ____D C:\Windows\ServiceProfiles
2015-12-12 17:44 - 2014-05-05 15:25 - 00000000 ____D C:\Program Files\Garena Plus
2015-12-11 04:14 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-10 22:17 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\rescache
2015-12-10 11:56 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\Offline Web Pages
2015-12-10 11:56 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\IME
2015-12-10 03:22 - 2009-07-14 12:33 - 00315160 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 17:42 - 2013-10-06 15:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-09 17:42 - 2013-10-06 15:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-08 21:05 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\addins
2015-12-08 21:05 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\SchCache
2015-12-08 21:05 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Globalization
2015-12-08 13:31 - 2009-07-14 12:34 - 00000000 ____D C:\Windows\Setup
2015-12-07 21:23 - 2014-08-09 17:50 - 00000000 ____D C:\Users\Minerva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-07 21:23 - 2014-05-05 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2015-12-07 21:09 - 2013-11-09 12:37 - 00007594 _____ C:\Users\Minerva\AppData\Local\resmon.resmoncfg
2015-12-06 16:42 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\registration
2015-12-06 05:46 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\Performance
2015-12-06 05:46 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system
2015-12-06 05:46 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-06 05:46 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Cursors
2015-12-04 22:09 - 2013-10-07 05:48 - 00000000 ____D C:\Windows\Panther
2015-12-04 09:52 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Resources
2015-12-03 21:21 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Web
2015-12-03 21:03 - 2013-10-10 03:54 - 00000000 ____D C:\Windows\Minidump
2015-12-03 20:08 - 2013-11-13 20:29 - 00000000 ____D C:\Users\Minerva\AppData\Roaming\TeamViewer
2015-12-03 18:18 - 2013-10-06 16:13 - 00000000 ____D C:\Windows\PCHEALTH
2015-12-03 18:18 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-03 18:18 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\AppCompat
2015-12-02 16:12 - 2011-04-12 10:16 - 00000000 ____D C:\Windows\DigitalLocker
2015-12-02 13:38 - 2011-04-12 10:24 - 00000000 ____D C:\Windows\ShellNew
2015-12-02 13:38 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\schemas
2015-12-02 13:25 - 2013-10-06 15:41 - 00247976 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-01 06:46 - 2013-10-06 14:00 - 00000000 ____D C:\Users\Minerva
2015-12-01 06:45 - 2015-10-14 05:41 - 00000000 ____D C:\Users\Minerva\Desktop\vbalink180b0
2015-12-01 06:45 - 2015-06-06 18:19 - 00000000 ____D C:\ワルキューレロマンツェ
2015-12-01 06:45 - 2015-04-11 15:25 - 00000000 ____D C:\Users\Public\GarenaLoLPH
2015-12-01 06:45 - 2013-12-01 03:55 - 00000000 ____D C:\Users\Minerva\AppData\Roaming\BitTorrent
2015-12-01 06:45 - 2013-10-06 16:19 - 00000000 ____D C:\Users\Minerva\AppData\Roaming\FlashgetSetup
2015-12-01 06:45 - 2013-10-06 16:19 - 00000000 ____D C:\Users\Minerva\AppData\Roaming\FlashGetBHO
2015-12-01 06:44 - 2014-11-07 18:11 - 00000000 ____D C:\Program Files\DomDomSoft Manga Downloader
2015-11-27 15:29 - 2013-10-06 17:08 - 00000000 ____D C:\Users\Minerva\AppData\Local\Paint.NET
2015-11-21 16:31 - 2014-11-27 17:37 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-21 16:31 - 2014-11-27 17:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-20 18:04 - 2013-12-11 19:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-19 11:55 - 2014-01-14 16:09 - 00000000 ____D C:\Users\Minerva\Documents\School
2015-11-17 15:22 - 2014-11-14 03:21 - 00000000 __SHD C:\Users\Minerva\AppData\Local\EmieBrowserModeList
2015-11-17 15:22 - 2014-04-26 17:59 - 00000000 __SHD C:\Users\Minerva\AppData\Local\EmieUserList
2015-11-17 15:22 - 2014-04-26 17:59 - 00000000 __SHD C:\Users\Minerva\AppData\Local\EmieSiteList
2015-11-13 03:22 - 2011-04-12 10:24 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2014-08-28 05:33 - 2014-08-28 05:33 - 0000132 _____ () C:\Users\Minerva\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-12-04 06:00 - 2014-12-04 06:32 - 0163722 _____ () C:\Users\Minerva\AppData\Roaming\ICARE.LOG
2014-12-04 06:00 - 2014-12-04 06:32 - 0029437 _____ () C:\Users\Minerva\AppData\Roaming\ICARE_ACTIVITY.LOG
2014-05-11 16:27 - 2014-10-06 07:59 - 0045270 _____ () C:\Users\Minerva\AppData\Roaming\room_v3.dat
2015-02-01 18:09 - 2015-03-09 20:40 - 0005632 _____ () C:\Users\Minerva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-09 12:37 - 2015-12-07 21:09 - 0007594 _____ () C:\Users\Minerva\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Minerva\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Minerva\AppData\Local\Temp\ggspawn4035294288.dll
C:\Users\Minerva\AppData\Local\Temp\ICReinstall_DomDomSoft-Manga-Downloader_4.9.5.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150331to150414.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150414to150505.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150505to150519.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150519to150521.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150521to150602.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150602to150616.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150616to150630.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150630to150714.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150714to150724.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150724to150727.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150727to150729.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150729to150807.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150807to150825.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150825to150909.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150909to150917.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150917to150922.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150922to151006.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151006to151015.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151015to151103.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151103to151112.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151112to151113.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151113to151125.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151125to151201.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151201to151210.exe
C:\Users\Minerva\AppData\Local\Temp\sqlite3.dll
C:\Users\Minerva\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Minerva\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Minerva\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 22:07

==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 AM

Posted 13 December 2015 - 09:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Is this the game you recently downloaded and remove?
S3 SDGame; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <- strange that the Date and file size is the same.
It's suspicious.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\Minerva\AppData\Local\Temp\gkernel.sys [X]
C:\Users\Minerva\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Minerva\AppData\Local\Temp\ggspawn4035294288.dll
C:\Users\Minerva\AppData\Local\Temp\ICReinstall_DomDomSoft-Manga-Downloader_4.9.5.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150331to150414.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150414to150505.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150505to150519.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150519to150521.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150521to150602.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150602to150616.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150616to150630.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150630to150714.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150714to150724.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150724to150727.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150727to150729.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150729to150807.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150807to150825.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150825to150909.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150909to150917.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150917to150922.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150922to151006.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151006to151015.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151015to151103.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151103to151112.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151112to151113.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151113to151125.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151125to151201.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151201to151210.exe
C:\Users\Minerva\AppData\Local\Temp\sqlite3.dll
C:\Users\Minerva\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Minerva\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Minerva\AppData\Local\Temp\vlc-2.2.1-win32.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

What are the current problems with this computer?

#3 RAExD

RAExD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 13 December 2015 - 09:42 AM

Thank you for answering.

Just wanted to clarify before going through with all the steps.

1. No, that's not the game I downloaded and removed.

2. Do I have to close all programs I have while "fixing"?

3. I do NOT have Google Chrome installed.



#4 RAExD

RAExD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 13 December 2015 - 10:17 AM

By the way, running FRST creates  FRSTmgr. Also, after creating the fixlist.txt in the FRST folder, it would say that i has found an update then will stop responding.

 

Edit: It finally responded after waiting for it for a bit and deleting the mgr. Will now "fix".


Edited by RAExD, 13 December 2015 - 10:21 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 AM

Posted 13 December 2015 - 02:12 PM

The running programs will be closed while runniing the fix.


This is your default browser, I'm sorry.


Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

#6 RAExD

RAExD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 13 December 2015 - 02:28 PM

Done with fix and clearing FF cache and all that.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:12-12-2015 01
Ran by Minerva (2015-12-13 23:21:20) Run:1
Running from C:\Users\Minerva\Desktop\FRST
Loaded Profiles: Minerva (Available Profiles: Minerva)
Boot Mode: Normal

==============================================

fixlist content:
*****************
reateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\Minerva\AppData\Local\Temp\gkernel.sys [X]
C:\Users\Minerva\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Minerva\AppData\Local\Temp\ggspawn4035294288.dll
C:\Users\Minerva\AppData\Local\Temp\ICReinstall_DomDomSoft-Manga-Downloader_4.9.5.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150331to150414.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150414to150505.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150505to150519.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150519to150521.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150521to150602.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150602to150616.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150616to150630.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150630to150714.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150714to150724.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150724to150727.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150727to150729.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150729to150807.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150807to150825.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150825to150909.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150909to150917.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150917to150922.exe
C:\Users\Minerva\AppData\Local\Temp\PH_150922to151006.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151006to151015.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151015to151103.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151103to151112.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151112to151113.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151113to151125.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151125to151201.exe
C:\Users\Minerva\AppData\Local\Temp\PH_151201to151210.exe
C:\Users\Minerva\AppData\Local\Temp\sqlite3.dll
C:\Users\Minerva\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Minerva\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Minerva\AppData\Local\Temp\vlc-2.2.1-win32.exe
*****************

reateRestorePoint: => Error: No automatic fix found for this entry.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
WsDrvInst => service removed successfully.
BTATH_BUS => service removed successfully.
GGSAFERDriver => service removed successfully.
gkernel => Unable to stop service.
gkernel => service removed successfully.
C:\Users\Minerva\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Minerva\AppData\Local\Temp\ggspawn4035294288.dll => moved successfully
C:\Users\Minerva\AppData\Local\Temp\ICReinstall_DomDomSoft-Manga-Downloader_4.9.5.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150331to150414.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150414to150505.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150505to150519.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150519to150521.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150521to150602.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150602to150616.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150616to150630.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150630to150714.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150714to150724.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150724to150727.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150727to150729.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150729to150807.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150807to150825.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150825to150909.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150909to150917.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150917to150922.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_150922to151006.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_151006to151015.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_151015to151103.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_151103to151112.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_151112to151113.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_151113to151125.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_151125to151201.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\PH_151201to151210.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Minerva\AppData\Local\Temp\vcredist_x86.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\vlc-2.1.5-win32.exe => moved successfully
C:\Users\Minerva\AppData\Local\Temp\vlc-2.2.1-win32.exe => moved successfully
EmptyTemp: => 9.9 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:24:46 ====



#7 RAExD

RAExD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 13 December 2015 - 11:48 PM

After doing everything, it became slower.

I've decided to just reformat and reinstall.

Thanks for the help.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 AM

Posted 14 December 2015 - 09:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users