Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not locate slui.exe file


  • Please log in to reply
23 replies to this topic

#1 niklas1981

niklas1981

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 11 March 2016 - 04:57 PM

Hello i am pretty sure that a virus or malware or something bad is on my laptop.To give you some more info .I use two laptops one Toshiba satellite a300d (windows 7-64 bit) and one Clevo model c5100(windows 7-32 bit). From February till nowadays i am getting fishing emails on my Hotmail account which are asking for card numbers and personal info of Paypal .In past i was fooled and gave them but i was also lucky to figure it out soon so  i changed my passwords -informed bank-forwarded emails on spoof@paypal.com .From February i noticed that Toshiba laptop is running slower .Till now on Toshiba i run the following programs:

-eset smart security,

-hitman,

-malwarebytes

-combofix,

-adwcleaner

and found some malware which i deleted them.(still running slower)

The same programs i run on Clevo ,which also there found MORE malware.

Today on Clevo laptop pop up a message that says "windows are not genuine"(And it pops up every time i go to control panel ) . I tried to fix it ,but there is no slui.exe file on system32 folder. When i run specific malware programs it pops up again (i do not remember which one cause today i downloaded many). Any help solving my problem will be much appreciated

Thanks

 

PS : Sorry for my bad English , also i do not know much about Viruses,malware etc. as a result i do not know which software suits more in my case .



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 11 March 2016 - 05:52 PM

Hi niklas1981 :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 11 March 2016 - 06:17 PM

Before doing that some things i just noticed the slui.exe file was not in system32 folder.somehow went on C:\Windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83 folder with 4 more .dll files ,also

i run srttrail and  have the following log file which has (D) letter for my hard drive but in real it is ©

 

Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: ‎2/‎8/‎2016 6:52:09 AM (GMT)
Number of repair attempts: 1

Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = D:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 63 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 31 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 140 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 1139 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 156 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Boot status test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: Setup state check
Result: Completed successfully. Error code =  0x0
Time taken = 390 ms

Test Performed:
---------------------------
Name: Registry hives test
Result: Completed successfully. Error code =  0x0
Time taken = 2262 ms

Test Performed:
---------------------------
Name: Windows boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Bugcheck analysis
Result: Completed successfully. Error code =  0x0
Time taken = 842 ms

Test Performed:
---------------------------
Name: Access control test
Result: Completed successfully. Error code =  0x0
Time taken = 17082 ms

Root cause found:
---------------------------
ACLs on file D:\Windows\system32\slui.exe are not proper. Old value = 0x1f01df

Repair action: Access control repair
Result: Completed successfully. Error code =  0x0
Time taken = 31 ms

---------------------------
---------------------------
 

 

Thanks Aura for your respond ,i hope we find a solution . Next minutes i'll run minitoolbox and i'll post the log 



#4 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 11 March 2016 - 06:22 PM

And the log.txt from minitoolbox is :

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Athina (administrator) on 12-03-2016 at 01:18:30
Running from "C:\Users\Athina\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Model: C4100/C5100 Manufacturer: CLEVO CO.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Wireless Network Connection" nexthop=192.168.1.1 publish=Yes
add address name="Wireless Network Connection" address=192.168.1.10 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Athina-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 48-5D-60-8B-93-0E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 48-5D-60-8B-93-0E
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 194.177.210.211
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{DB185259-B647-4A1F-89AF-2ACF499CDDCB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F6709951-931E-4A2C-A2B5-F59D4AD2A696}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  rns1.grnet.gr
Address:  194.177.210.211

Name:    google.com
Addresses:  2a00:1450:4001:80a::200e
      173.194.112.161
      173.194.112.162
      173.194.112.163
      173.194.112.164
      173.194.112.165
      173.194.112.166
      173.194.112.167
      173.194.112.168
      173.194.112.169
      173.194.112.174
      173.194.112.160


Pinging google.com [173.194.112.162] with 32 bytes of data:
Reply from 173.194.112.162: bytes=32 time=69ms TTL=54
Reply from 173.194.112.162: bytes=32 time=77ms TTL=54

Ping statistics for 173.194.112.162:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 69ms, Maximum = 77ms, Average = 73ms
Server:  rns1.grnet.gr
Address:  194.177.210.211

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=231ms TTL=51
Reply from 206.190.36.45: bytes=32 time=235ms TTL=51

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 231ms, Maximum = 235ms, Average = 233ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...48 5d 60 8b 93 0e ......Microsoft Virtual WiFi Miniport Adapter
 12...48 5d 60 8b 93 0e ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    281
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/12/2016 12:24:34 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070002

Error: (03/11/2016 11:24:34 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070002

Error: (03/11/2016 10:24:34 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070002

Error: (03/11/2016 09:49:11 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070002.

Error: (03/11/2016 09:40:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2016 09:39:28 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070002.

Error: (03/11/2016 09:16:57 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070002

Error: (03/11/2016 08:09:22 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070002

Error: (03/11/2016 07:55:38 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {79274d83-1569-44ea-a33a-996aabec9598}

Error: (03/11/2016 07:25:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/12/2016 12:05:19 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/11/2016 11:33:18 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (03/11/2016 11:33:18 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (03/11/2016 11:33:18 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (03/11/2016 11:33:18 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (03/11/2016 11:33:18 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (03/11/2016 11:33:18 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (03/11/2016 11:33:18 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (03/11/2016 11:33:18 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (03/11/2016 11:33:18 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801


Microsoft Office Sessions:
=========================
Error: (03/12/2016 12:24:34 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070002

Error: (03/11/2016 11:24:34 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070002

Error: (03/11/2016 10:24:34 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070002

Error: (03/11/2016 09:49:11 PM) (Source: Winlogon)(User: )
Description: 0x800700020x00000000

Error: (03/11/2016 09:40:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2016 09:39:28 PM) (Source: Winlogon)(User: )
Description: 0x800700020x00000000

Error: (03/11/2016 09:16:57 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070002

Error: (03/11/2016 08:09:22 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070002

Error: (03/11/2016 07:55:38 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {79274d83-1569-44ea-a33a-996aabec9598}

Error: (03/11/2016 07:25:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Call of Duty® 4 - Modern Warfare™ (HKLM\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.20 - Piriform)
ESET Smart Security (HKLM\...\{DC333EBC-A1B3-46F2-9717-48A32F4F0245}) (Version: 7.0.302.29 - ESET, spol s r. o.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.20.12 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.49.0 - JMicron Technology Corp.)
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware έκδοση 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 el) (HKLM\...\Mozilla Firefox 44.0.2 (x86 el)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0152 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.17 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SMP Video Camera (HKLM\...\{1E42857B-3B38-4ADC-917D-6664E7DA234C}) (Version: 1.00.0033 - Simplo CO.,LTD)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.0 - Synaptics Incorporated)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebCam Installer (HKLM\...\{AAE521B6-2F19-447F-8CB6-6D1E3A19F3ED}) (Version: 3.32 - WebCam)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DC}) (Version: 17.5.10562 - WinZip Computing, S.L. )
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 3032.86 MB
Available physical RAM: 1437.03 MB
Total Virtual: 6064.04 MB
Available Virtual: 4256.06 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:271.35 GB) NTFS

========================= Users: ========================================

User accounts for \\ATHINA-PC

Administrator            Athina                   Guest                    
‘«¨α«¦-„Ά¤            


**** End of log ****



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 11 March 2016 - 06:42 PM

Thanks. Are you able to copy/paste the logs of all the other tools you ran, except for ComboFix?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 12 March 2016 - 04:13 AM

Ok  JunkWare removal tool

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x86
Ran by Athina (Administrator) on ¨ 11/03/2016 at 23:10:02,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 34

Successfully deleted: C:\Users\Athina\Documents\add-in express (Folder)
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09H5Y59U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NC5KSTI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\392XS869 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X8CWU1Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47RSN845 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8BJ9463 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMBQHYBP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9FKR8TY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0FNCATR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWWNKCET (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KABHBBIS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWF695AT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSQJ3I0E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9Y7EF3A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLGA6XMP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Athina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDS4V57S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09H5Y59U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NC5KSTI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\392XS869 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X8CWU1Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47RSN845 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8BJ9463 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMBQHYBP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9FKR8TY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0FNCATR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWWNKCET (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KABHBBIS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWF695AT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSQJ3I0E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9Y7EF3A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLGA6XMP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDS4V57S (Temporary Internet Files Folder)

Deleted the following from C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ¨ 11/03/2016 at 23:11:36,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Rkill

 

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/11/2016 11:03:48 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/11/2016 11:04:37 PM
Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)
 


Edited by niklas1981, 12 March 2016 - 04:22 AM.


#7 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 12 March 2016 - 04:19 AM

Adwcleaner

 

 

# AdwCleaner v5.037 - Logfile created 11/03/2016 at 22:53:18
# Updated 28/02/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Athina - ATHINA-PC
# Running from : C:\Users\Athina\Desktop\adwcleaner_5.037.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1897 bytes] - [28/02/2016 21:02:00]
C:\AdwCleaner\AdwCleaner[C2].txt - [1518 bytes] - [05/03/2016 14:24:43]
C:\AdwCleaner\AdwCleaner[R0].txt - [7325 bytes] - [07/02/2015 20:52:58]
C:\AdwCleaner\AdwCleaner[R1].txt - [932 bytes] - [28/02/2016 20:42:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [6871 bytes] - [07/02/2015 20:54:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [1705 bytes] - [28/02/2016 21:00:38]
C:\AdwCleaner\AdwCleaner[S2].txt - [1137 bytes] - [28/02/2016 21:06:23]
C:\AdwCleaner\AdwCleaner[S3].txt - [1211 bytes] - [29/02/2016 08:13:08]
C:\AdwCleaner\AdwCleaner[S4].txt - [1284 bytes] - [01/03/2016 14:37:49]
C:\AdwCleaner\AdwCleaner[S5].txt - [1357 bytes] - [05/03/2016 14:23:38]
C:\AdwCleaner\AdwCleaner[S6].txt - [1351 bytes] - [11/03/2016 22:53:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1424 bytes] ##########
 


Edited by niklas1981, 12 March 2016 - 04:21 AM.


#8 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 12 March 2016 - 04:20 AM

<removed>

Mod Edit by quietman7: FRST log remmoved as they are not permitted in this forum.

#9 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 12 March 2016 - 04:24 AM

Malwarebytes

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Ημερομηνία Σάρωσης: 12/3/2016
Ώρα Σάρωσης: 2:48:02 πμ
Αρχείο καταγραφής: malwarebytes.txt
Διαχειριστής: Ναι

Έκδοση: 2.02.0.1024
Βάση Δεδομένων Κακόβουλου Λογισμικού: v2016.03.11.05
Βάση Δεδομένων Rootkit: v2016.02.27.01
Άδεια Χρήσης: Premium
Προστασία από Κακόβουλο Λογισμικό: Ενεργοποιημένο
Προστασία από Κακόβουλο Ιστότοπο: Ενεργοποιημένο
Αυτοπροστασία: Απενεργοποιημένο

ΛΣ: Windows 7 Service Pack 1
Επεξεργαστής: x86
Σύστημα Αρχείων: NTFS
Χρήστης: Athina

Τύπος Σάρωσης: Σάρωση για Απειλές
Αποτέλεσμα: Ολοκληρώθηκε
Αντικείμενα που σαρώθηκαν: 325289
Χρόνος που πέρασε: 18 λεπ, 4 δευτ

Μνήμη: Ενεργοποιημένο
Εκκίνηση: Ενεργοποιημένο
Σύστημα αρχείων: Ενεργοποιημένο
Συμπιεσμένα αρχεία: Ενεργοποιημένο
Rootkits: Απενεργοποιημένο
Ευρετική: Ενεργοποιημένο
ΠΑΠ: Ενεργοποιημένο
ΠΑΤ: Ενεργοποιημένο

Διεργασίες: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μονάδες: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Κλειδιά Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Τιμές Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Δεδομένα Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Αρχεία: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Φυσικοί Τομείς: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)


(end)



#10 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 12 March 2016 - 04:28 AM

About ESET i do not know how to export the log file but i can inform you that i scan in depth all the computer and found no viruses -malware



#11 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 12 March 2016 - 04:29 AM

Hitman pro

 

 

HitmanPro 3.7.13.258
www.hitmanpro.com

   Computer name . . . . : ATHINA-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : Athina-PC\Athina
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (19 days left)

   Scan date . . . . . . : 2016-03-11 22:54:40
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 82

   Objects scanned . . . : 1.179.958
   Files scanned . . . . : 50.510
   Remnants scanned  . . : 273.939 files / 855.509 keys

Suspicious files ____________________________________________________________

   C:\Users\Athina\Downloads\FRST(1).exe
      Size . . . . . . . : 1.725.440 bytes
      Age  . . . . . . . : 0.0 days (2016-03-11 22:17:27)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : EDB662EF9C4A97718C0389AB1745337E8FAD0E627E2E7F3AFA81E680A12D815B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Athina\Downloads\FRST(1).exe
          3.2s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\6A6A22BE0CE08467BC4E3BE5B60AED97C15A86E0
         11.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid
         11.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.ci
         12.1s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.dir
         19.1s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\49E6252335CDA3F05BBDEF4C9176395C69AA3D95
         19.3s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\C146C56842C78B8B25F9067782ED9135A5DF190B
         19.7s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\10B825D9F69F1319DE5AB6D88C675B21EBEA05E2
         19.7s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\5AE862485CF59C1007C7480C721FC6949F3C8934
         19.7s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\15AAB05D1D0ED3771DAA3BC369C8B7AC33E0E421
         19.8s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\C33F0FD542BC17D0FCADA33FA1A4964B7811F892
         19.9s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\5DCF65949D2C781CC39AA3D7989EDDCA1095CE95
         19.9s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\D8267FA982E1E76B37CE6496851DCE22F8E6DFE5
         19.9s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\2E5B1ABA4DA2801577E8F6D00F736C17160A4D48
         20.0s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\4FD7CB83DD662FFE5435940FAFB5795453473AA6
         20.0s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\AEA4145763CCE419D9941E1CAC3D8DED3F060B14
         20.0s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\7B63E314DA9DBCC660D674864D3F4DEAF4E8A21B
         20.4s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\462880D294799BC5CED950CD8431567E2735751F
         20.8s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\AADEAC9435E91779471F154EE6ED241B65FF3ED3
         21.0s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\50B04E66382CC3EBA1184C03BF914AB75D3A11BC
         21.0s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\A404DA93F5B4ECA0538EBB739F439DDE8A670970
         21.4s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\2C2ED3FEC02962033DA5E64BEE70B9584362A704
         21.4s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\CDB880D62635C4A6223295FECB408E716B791EE6
         21.4s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\034BACC274A911E71258068CE9C94DB8595D1F07
         21.5s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\4282BFAB921BD5C3071D51D0D1E454AE29BEF393
         21.5s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\9CF3DC1C27F4C82903660DAC83238CBB7A10F60C
         22.0s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\8C814063D80C1F9647EE7ACEB18F242481CB412D
         22.9s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\1A45C020E75EEE04105DDC207ADB157FDBB5DB9B
         22.9s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\1A822FEAF2EDAADE6EE590423D6A0A6659502722
         23.3s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\4412A95F44C448C15EA7F32780CC2ED5E3F98A33
         26.3s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\060270F68CA542D33097EC62F1DA1AB4F2ACBD3F
         26.8s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\8CAE92000D3385F0C6448835138D093536101592
         27.3s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\7FF52D90AF70FD798830F05CD2D03EF7D3330576
         28.4s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\D8F702048EA56A171D7A172C67E6972543BA4FDE
         30.6s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\13D324E0FE80AC5BE02A18C03CFE56DC05EE07B7
         31.7s C:\Users\Athina\Downloads\ComboFix.exe
         34.0s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid
         34.0s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.ci
         35.4s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.dir
         52.0s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\BBEADF91989A93D405F3D33C4A4AA8DF405ECC57
         54.4s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid
         54.4s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.ci
         55.1s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.dir

   C:\Users\Athina\Downloads\FRST.exe
      Size . . . . . . . : 1.725.440 bytes
      Age  . . . . . . . : 0.0 days (2016-03-11 22:10:33)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : EDB662EF9C4A97718C0389AB1745337E8FAD0E627E2E7F3AFA81E680A12D815B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -7.7s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\AAE34B251AD1A99E5F57CD3CDB966D7524D90489
         -7.5s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\FCF91C0523352C3F72DEEBED75AE2D0A7CE0445C
         -7.1s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\BA7EB490BD11A99C050825F779303FFF0BCDAC9F
         -7.1s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\7E1BA49C2E5DF37767AD99DC9B721273BE31F36E
         -7.0s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\ABB898AB73F6059FAF229B0B12D276E8898CC2D7
         -6.9s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\9E6508FA9B1BE9B3567FE10F5A91E1EE18DB4FE8
         -6.9s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\C52B8E55047A78041454C9651F7E8827044E08C4
         -6.9s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\1DF7F584EA0428D43E662434B9C11E54C9CA1584
         -6.9s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\EE5749AA65B97C7399480A2604A0EF530FBBED14
         -6.8s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\FB4D1C5F36CCD48FF901A47289298D73E648DC38
         -6.8s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\992A720C30B203E65A34C4CC09F80B5D5113AF68
         -6.8s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\B5CD29712EE0B7E3E7C681161B97144CD25CD1D9
         -6.7s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\5317733EF58A11F656854EE06ADED00630BBCEC7
         -6.2s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\DE9F7E2958C953B509FD978594C30738719CA4B3
         -5.7s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\869D722841F38D7748ADA7A4A1D99580948E159B
         -5.7s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\5CC32C877F0EDC9B927DDB52AFBC7C48710BB155
         -5.7s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\23CC667A56309619CF4F2702CF9EBA423600077B
         -4.6s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\C4182AC15C768EB34DE695769E94CB9435751752
         -4.5s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\48926EF5E03383AD62595D01E0F17F1CA1F00CFA
          0.0s C:\Users\Athina\Downloads\FRST.exe
          0.6s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\221470F6A5478A4075C66689D7D4C4199245817B
          9.8s C:\Users\Athina\AppData\Local\Mozilla\Firefox\Profiles\w8h7k7bt.default\cache2\entries\A50573E332FC1BFE15584B135AC727570B56F6C6


Cookies _____________________________________________________________________

   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:abmr.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:acuityplatform.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:ad.360yield.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adaptv.advertising.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:addthis.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adfarm1.adition.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adform.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adgrx.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adnxs.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:ads.p161.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adsby.bidtheatre.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adsrvr.org
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adsymptotic.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adtech.de
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adtechus.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:advertising.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:adzerk.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:atdmt.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:bidr.io
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:bidswitch.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:bizrate.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:bluekai.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:c.appier.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:casalemedia.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:chango.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:connexity.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:crwdcntrl.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:ctnsnet.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:demdex.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:dotomi.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:doubleclick.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:dpclk.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:dpm.demdex.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:erne.co
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:everesttech.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:expertsexchange.112.2o7.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:eyeviewads.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:googleadservices.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:gwallet.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:ipredictive.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:krxd.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:liverail.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:m.webtrends.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:m6r.eu
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:match.rundsp.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:mathtag.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:microsoftsto.112.2o7.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:mookie1.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:openx.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:outbrain.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:owneriq.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:pagefair.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:pixel.rubiconproject.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:pixel.sitescout.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:relestar.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:revsci.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:rfihub.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:rhythmxchange.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:rlcdn.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:rtbidder.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:rubiconproject.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:scorecardresearch.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:servesharp.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:serving-sys.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:simpli.fi
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:sitescout.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:skimresources.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:tap-t.rubiconproject.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:tap.rubiconproject.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:tap2-cdn.rubiconproject.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:tapad.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:tidaltv.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:tubemogul.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:turn.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:virool.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:w55c.net
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:wtp101.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Athina\AppData\Roaming\Mozilla\Firefox\Profiles\w8h7k7bt.default\cookies.sqlite:www.wtp101.com
 

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 12 March 2016 - 08:30 AM

So basically, all the scans returned clean logs. Alright, in that case, follow the instructions below please.

EndqYRa.pngSystem File Checker (SFC)
Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply;
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Spcusrh.pngRun as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command below and press on Enter;
    sfc /scannow
    Note: There's a space between "sfc" and "/scannow";
  • Once the scan is complete, enter the command below and press on Enter
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • A file called cbs.txt will have appeared on your Desktop. Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;
Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 12 March 2016 - 03:12 PM

https://drive.google.com/file/d/0Byyufcb_paCvQ29aaHlyY0V2MFE/view?usp=sharing



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 12 March 2016 - 03:14 PM

According to your CBS.log, SFC repaired your slui.exe from the Windows Component Store. Can you check out if you see a slui.exe in C:\Windows\System32 now?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 12 March 2016 - 03:26 PM

I had to restart pc ,yes slui is now on system32 but still have the next problems

-Black home screen on the right down corner says "Windows build 7601 This copy of windows is not Genuine"

-How this happened (slui moved to different folder etc)?I quess a virus ?Is it ok to use the pc now after you see the scan log files ?


Edited by niklas1981, 12 March 2016 - 03:27 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users