Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

log for analysis


  • This topic is locked This topic is locked
14 replies to this topic

#1 stipprn

stipprn

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 20 July 2016 - 05:44 AM

keyboards keys need to be pressed hard to type (sometimes)

I'm on XPS 12 9Q33 (home and work use)

I got kind of paranoic about keylogger.

 

additional info:

 

I tried to turn off all kind of sync, Remote Proc. Call (RPC) and so on. I will not sync or use RPC. 

I'm running McAfee as it comes free with DELL XPS12 (and someway warranty is linked) - but I'm  surprised how many "exe" (supposed from McAfee) are running and also trying to get  internet  access

 

 

https://postimg.org/image/vk2o9pvyf/

Attached Files


Edited by stipprn, 20 July 2016 - 06:17 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 25 July 2016 - 05:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/620549 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 30 July 2016 - 05:50 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,545 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:05 PM

Posted 30 July 2016 - 11:04 AM

Topic reopened per OP request received via PM.

 

Louis



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,545 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:05 PM

Posted 30 July 2016 - 11:04 AM

This topic has been re-opened at the request of the person who originally posted.

#6 stipprn

stipprn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 30 July 2016 - 11:12 AM

I still need reply



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,580 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 30 July 2016 - 03:08 PM

Greetings stipprn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 stipprn

stipprn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 30 July 2016 - 11:14 PM

Dear Gary
 
Thank you for your response.
I tried to get results in English, but I did not find where to change it.
When the application starts, have begun in Portuguese. I can do again if you need. but I need directions about changing language. The utility has no menu.
Please see below.
 
Best regards, 
 
RAF 

Attached Files


Edited by stipprn, 30 July 2016 - 11:18 PM.


#9 stipprn

stipprn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 30 July 2016 - 11:18 PM

When I "copy and paste", an error appears :
"post to long"
 
So, I attached the files
 
 
Attached File  Addition.txt   30.55KB   2 downloads
 
Attached File  FRST.txt   192.97KB   3 downloads


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,580 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 31 July 2016 - 02:49 PM

Greetings,

I was able to work through the logs sufficiently. Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Malware Hunter 1.15.0.29

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
U2 DiagTrack; não ImagePath
S3 esgiguard; \??\C:\Program Files (x86)\Enigma\esgiguard.sys [X]
S3 mfeaack01; \Device\mfeaack01.sys [X]
2016-05-15 18:35 - 2016-05-31 01:52 - 00002508 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
C:\Windows\SysWOW64\wpcmon.exe
Task: {1B2E0B90-F198-4178-B79E-0472207B3DAB} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [2016-07-11] (Glarysoft Ltd)
Task: {29D31ED9-D7F0-4A47-A286-D3DC749889FC} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma\SpyHunter4.exe
Task: {35E89E0E-D01F-427B-B3F4-03524FC031C4} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-07-08] (Glarysoft Ltd)
Task: {E7CCEB91-ABEF-4142-921D-1DA43991A257} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-07-08] (Glarysoft Ltd)
Task: {F4CC6611-1770-4DB3-A2EB-D4E6756E9585} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2016-07-08] (Glarysoft Ltd)
2016-07-08 05:47 - 2016-07-08 05:47 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
File: C:\Strings.dll
Folder: C:\UWTa
Folder: C:\D
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 stipprn

stipprn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 31 July 2016 - 04:40 PM

Dear Gary

 

Thank you for helping.

 

see below:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 27-07-2016
Executado por RafaelXPS (2016-07-31 18:34:23) Run:1
Executando a partir de C:\Users\RafaelXPS\Desktop
Perfis Carregados: RafaelXPS (Perfis Disponíveis: RafaelXPS)
Modo da Inicialização: Normal
==============================================
 
fixlist Conteúdo:
*****************
U2 DiagTrack; não ImagePath
S3 esgiguard; \??\C:\Program Files (x86)\Enigma\esgiguard.sys [X]
S3 mfeaack01; \Device\mfeaack01.sys [X]
2016-05-15 18:35 - 2016-05-31 01:52 - 00002508 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
C:\Windows\SysWOW64\wpcmon.exe
Task: {1B2E0B90-F198-4178-B79E-0472207B3DAB} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [2016-07-11] (Glarysoft Ltd)
Task: {29D31ED9-D7F0-4A47-A286-D3DC749889FC} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma\SpyHunter4.exe
Task: {35E89E0E-D01F-427B-B3F4-03524FC031C4} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-07-08] (Glarysoft Ltd)
Task: {E7CCEB91-ABEF-4142-921D-1DA43991A257} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-07-08] (Glarysoft Ltd)
Task: {F4CC6611-1770-4DB3-A2EB-D4E6756E9585} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2016-07-08] (Glarysoft Ltd)
2016-07-08 05:47 - 2016-07-08 05:47 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
File: C:\Strings.dll
Folder: C:\UWTa
Folder: C:\D
*****************
 
DiagTrack => serviço removido (a) com sucesso.
esgiguard => serviço removido (a) com sucesso.
mfeaack01 => serviço removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => movido com sucesso
C:\Windows\SysWOW64\wpcmon.exe => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B2E0B90-F198-4178-B79E-0472207B3DAB} => chave não encontrado (a). 
C:\WINDOWS\System32\Tasks\GMHSkipUAC => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GMHSkipUAC => chave não encontrado (a). 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29D31ED9-D7F0-4A47-A286-D3DC749889FC}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29D31ED9-D7F0-4A47-A286-D3DC749889FC}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35E89E0E-D01F-427B-B3F4-03524FC031C4}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35E89E0E-D01F-427B-B3F4-03524FC031C4}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GlaryInitialize 5 => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 5" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7CCEB91-ABEF-4142-921D-1DA43991A257}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7CCEB91-ABEF-4142-921D-1DA43991A257}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GU5SkipUAC => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU5SkipUAC" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4CC6611-1770-4DB3-A2EB-D4E6756E9585}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4CC6611-1770-4DB3-A2EB-D4E6756E9585}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GlaryOneClickOptimizer 5 => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryOneClickOptimizer 5" => chave removido (a) com sucesso.
C:\Program Files (x86)\Glary Utilities 5\zlib1.dll => movido com sucesso
 
========================= File: C:\Strings.dll ========================
 
Arquivo não assinado
MD5: B5A9806B023EC8A5BC152E58CCCA5406
Data de criação e modificação: 2016-07-18 13:07 - 2013-05-13 22:38
Tamanho: 0204800
Atributos: ----A
Nome Da Empresa: 
Interno Nome: 
Original Nome: 
Produto: 
Descrição: 
Arquivo Versão: 
Produto Versão: 
Copyright: 
 
====== Fim de File: ======
 
 
========================= Folder: C:\UWTa ========================
 
2016-05-22 21:00 - 2016-05-23 20:14 - 0000121 _____ () C:\UWTa\script1.ps1
 
====== Fim de Folder: ======
 
 
========================= Folder: C:\D ========================
 
 
====== Fim de Folder: ======
 
 
==== Fim de Fixlog 18:34:23 ====

 

 

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 27-07-2016
Executado por RafaelXPS (2016-07-31 18:34:23) Run:1
Executando a partir de C:\Users\RafaelXPS\Desktop
Perfis Carregados: RafaelXPS (Perfis Disponíveis: RafaelXPS)
Modo da Inicialização: Normal
==============================================
 
fixlist Conteúdo:
*****************
U2 DiagTrack; não ImagePath
S3 esgiguard; \??\C:\Program Files (x86)\Enigma\esgiguard.sys [X]
S3 mfeaack01; \Device\mfeaack01.sys [X]
2016-05-15 18:35 - 2016-05-31 01:52 - 00002508 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
C:\Windows\SysWOW64\wpcmon.exe
Task: {1B2E0B90-F198-4178-B79E-0472207B3DAB} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [2016-07-11] (Glarysoft Ltd)
Task: {29D31ED9-D7F0-4A47-A286-D3DC749889FC} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma\SpyHunter4.exe
Task: {35E89E0E-D01F-427B-B3F4-03524FC031C4} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-07-08] (Glarysoft Ltd)
Task: {E7CCEB91-ABEF-4142-921D-1DA43991A257} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-07-08] (Glarysoft Ltd)
Task: {F4CC6611-1770-4DB3-A2EB-D4E6756E9585} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2016-07-08] (Glarysoft Ltd)
2016-07-08 05:47 - 2016-07-08 05:47 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
File: C:\Strings.dll
Folder: C:\UWTa
Folder: C:\D
*****************
 
DiagTrack => serviço removido (a) com sucesso.
esgiguard => serviço removido (a) com sucesso.
mfeaack01 => serviço removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => movido com sucesso
C:\Windows\SysWOW64\wpcmon.exe => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B2E0B90-F198-4178-B79E-0472207B3DAB} => chave não encontrado (a). 
C:\WINDOWS\System32\Tasks\GMHSkipUAC => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GMHSkipUAC => chave não encontrado (a). 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29D31ED9-D7F0-4A47-A286-D3DC749889FC}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29D31ED9-D7F0-4A47-A286-D3DC749889FC}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35E89E0E-D01F-427B-B3F4-03524FC031C4}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35E89E0E-D01F-427B-B3F4-03524FC031C4}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GlaryInitialize 5 => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 5" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7CCEB91-ABEF-4142-921D-1DA43991A257}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7CCEB91-ABEF-4142-921D-1DA43991A257}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GU5SkipUAC => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU5SkipUAC" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4CC6611-1770-4DB3-A2EB-D4E6756E9585}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4CC6611-1770-4DB3-A2EB-D4E6756E9585}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GlaryOneClickOptimizer 5 => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryOneClickOptimizer 5" => chave removido (a) com sucesso.
C:\Program Files (x86)\Glary Utilities 5\zlib1.dll => movido com sucesso
 
========================= File: C:\Strings.dll ========================
 
Arquivo não assinado
MD5: B5A9806B023EC8A5BC152E58CCCA5406
Data de criação e modificação: 2016-07-18 13:07 - 2013-05-13 22:38
Tamanho: 0204800
Atributos: ----A
Nome Da Empresa: 
Interno Nome: 
Original Nome: 
Produto: 
Descrição: 
Arquivo Versão: 
Produto Versão: 
Copyright: 
 
====== Fim de File: ======
 
 
========================= Folder: C:\UWTa ========================
 
2016-05-22 21:00 - 2016-05-23 20:14 - 0000121 _____ () C:\UWTa\script1.ps1
 
====== Fim de Folder: ======
 
 
========================= Folder: C:\D ========================
 
 
====== Fim de Folder: ======
 
 
==== Fim de Fixlog 18:34:23 ====


#12 stipprn

stipprn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 31 July 2016 - 04:52 PM

Hi Gary

 

I'm infected?

 

I'm worried abut this ---> Netspy Pro (x32 Version: 2.0.5386.26226 - WT Software) Hidden   

 

fount in FRST.txt

 

Also, VPN torn-on automatically every time. See image Attached File  Clipboard06.jpg   206.72KB   0 downloads

 

 

Also, credentials appear Attached File  Clipboard07.jpg   82.62KB   0 downloads



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,580 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 31 July 2016 - 07:51 PM

Thank you,

Netspy Pro is a legitimate program if you intended to install it, which you apparently did not.

The 2 credentials are legitimate and are related to Windows Live Essentials' utilities.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Netspy Pro
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Is Netspy Pro gone?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,580 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 03 August 2016 - 08:53 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,580 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 05 August 2016 - 09:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users