Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe and user-wchelper.dll viruses


  • This topic is locked This topic is locked
26 replies to this topic

#1 supervvind

supervvind

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 12 August 2016 - 10:32 AM

Hi

 

I have a Asus UL80VT laptop.  My laptop is freezing.  The CPU usage many times will jump to 100% and lag a lot.  This laptop should be pretty fast as it works for gaming as well.  

 

I used Malwarebytes to scan the viruses and removed many of them but 2 of them will not go away.  After removing these and restarting computer , rescanning and they keep coming back.

 

Svchost.exe 

user-wchelper.dll

 

Please what should I do?

 

I attached file of the scan.

 

Thank you!!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 13 August 2016 - 10:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run the Malwarebytes tool and clean every items found.

DO NOT restatr the computer just yet.

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

Let me know what problems persists.

#3 supervvind

supervvind
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 13 August 2016 - 07:22 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by vvind (administrator) on VVIND-PC (13-08-2016 17:18:32)
Running from C:\Users\vvind\Desktop\fix
Loaded Profiles: vvind (Available Profiles: vvind)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 14 August 2016 - 08:36 AM

Please post the FRST log again.

Make sure you copy and paste the complete log.

#5 supervvind

supervvind
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 14 August 2016 - 08:43 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by vvind (administrator) on VVIND-PC (13-08-2016 17:18:32)
Running from C:\Users\vvind\Desktop\fix
Loaded Profiles: vvind (Available Profiles: vvind)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2009450580-2934905059-176825126-1000\...\Run: [Dropbox Update] => C:\Users\vvind\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2009450580-2934905059-176825126-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2009450580-2934905059-176825126-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-02] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\vvind\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\Users\vvind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\vvind\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\vvind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YVzWJrYn.lnk [2016-01-04]
ShortcutTarget: YVzWJrYn.lnk -> C:\Users\vvind\AppData\Roaming\FLEThjJw\hJFKrvSGxBAr.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{346DC5CD-5A58-4749-A506-F99D47655385}: [DhcpNameServer] 192.168.1.254 75.153.171.114

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2009450580-2934905059-176825126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2009450580-2934905059-176825126-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2009450580-2934905059-176825126-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2009450580-2934905059-176825126-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @alipay.com/npaliedit -> C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2014-01-09] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2014-01-09] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-07] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-2009450580-2934905059-176825126-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.33C\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-2009450580-2934905059-176825126-1000: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.33C\npwangwang.dll [No File]
FF Plugin HKU\S-1-5-21-2009450580-2934905059-176825126-1000: @citrixonline.com/appdetectorplugin -> C:\Users\vvind\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-21] (Citrix Online)
FF Extension: FireGestures - C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default\extensions\firegestures@xuldev.org.xpi [2016-08-12]
FF Extension: Titanium - Best Of - C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default\Extensions\{85e871be-3adf-4390-b6ba-2e1224bb7187}.xpi [2014-01-20] [not signed]
FF Extension: Adblock Plus - C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found

Chrome:
=======
CHR Profile: C:\Users\vvind\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\vvind\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-27]
CHR Extension: (Google Drive) - C:\Users\vvind\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-27]
CHR Extension: (YouTube) - C:\Users\vvind\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-27]
CHR Extension: (Adblock Plus) - C:\Users\vvind\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-27]
CHR Extension: (Google Search) - C:\Users\vvind\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-27]
CHR Extension: (Gmail) - C:\Users\vvind\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-02] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-02] (BlueStack Systems, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U0 giou; C:\Windows\System32\drivers\ueyhiw.sys [79064 2016-08-13] (Malwarebytes)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-13 17:17 - 2016-08-13 17:17 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\ueyhiw.sys
2016-08-13 17:13 - 2016-08-13 17:18 - 00000000 ____D C:\Users\vvind\Desktop\fix
2016-08-12 08:00 - 2016-08-12 08:00 - 00001228 _____ C:\Users\vvind\Desktop\scan2.txt
2016-08-12 07:45 - 2016-08-12 07:45 - 00001053 _____ C:\Users\vvind\Desktop\scan1.txt
2016-08-12 07:34 - 2016-08-12 07:34 - 03712064 _____ C:\Users\vvind\Downloads\adwcleaner_5.201.exe
2016-08-12 05:32 - 2016-08-12 05:32 - 00000022 _____ C:\Users\vvind\Downloads\ESETPoweliksCleaner.exe_20160812.053206.3164.zip
2016-08-12 05:31 - 2016-08-12 05:31 - 00224968 _____ (ESET) C:\Users\vvind\Downloads\ESETPoweliksCleaner.exe
2016-08-12 05:31 - 2016-08-12 05:31 - 00000022 _____ C:\Users\vvind\Downloads\ESETPoweliksCleaner.exe_20160812.053146.1756.zip
2016-08-12 05:26 - 2016-08-12 05:26 - 00224968 _____ (ESET) C:\Users\vvind\Desktop\ESETPoweliksCleaner.exe
2016-08-12 04:19 - 2016-08-13 17:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-12 04:19 - 2016-08-12 04:19 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-12 04:19 - 2016-08-12 04:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-12 04:19 - 2016-08-12 04:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-12 04:19 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-12 04:19 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-12 04:19 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-12 04:18 - 2016-08-12 04:18 - 22851472 _____ (Malwarebytes ) C:\Users\vvind\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-12 03:18 - 2016-08-12 03:18 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-12 03:09 - 2016-08-12 03:09 - 00000000 ____D C:\Windows\Profiles\vvind
2016-08-12 02:40 - 2009-08-30 15:06 - 00542312 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe
2016-08-12 02:39 - 2016-08-12 02:39 - 00000000 ____D C:\Users\vvind\Desktop\New folder
2016-08-12 02:39 - 2009-08-28 11:12 - 14299648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 11577192 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-08-12 02:39 - 2009-08-28 11:12 - 10387456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 09493504 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 07629312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 04365312 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 03156480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 02304000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 01706496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 01530472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvencodemft.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 01317480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 01232384 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 00993792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 00930272 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe
2016-08-12 02:39 - 2009-08-28 11:12 - 00733800 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 00678504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 00541216 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe
2016-08-12 02:39 - 2009-08-28 11:12 - 00322152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 00256616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 00221184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 00172032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod164.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 00172032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll
2016-08-12 02:39 - 2009-08-28 11:12 - 00015624 _____ C:\Windows\system32\nvdisp_IH.nvu
2016-08-12 02:39 - 2009-08-28 11:12 - 00011624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd
2016-08-12 02:39 - 2009-08-06 03:03 - 00845848 _____ (Intel Corporation) C:\Windows\system32\igfxcfg.exe
2016-08-12 02:39 - 2009-08-06 03:03 - 00491032 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2016-08-12 02:39 - 2009-08-06 03:03 - 00387608 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2016-08-12 02:39 - 2009-08-06 03:03 - 00365592 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2016-08-12 02:39 - 2009-08-06 03:03 - 00215576 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-08-12 02:39 - 2009-08-06 03:03 - 00165912 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2016-08-12 02:39 - 2009-08-06 03:03 - 00106008 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2016-08-12 02:39 - 2009-07-29 05:21 - 00004436 _____ C:\Windows\system32\iglhxs64.vp
2016-08-12 02:39 - 2009-07-29 04:05 - 07345632 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2016-08-12 02:39 - 2009-07-29 04:05 - 05616128 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2016-08-12 02:39 - 2009-07-29 04:04 - 00982220 _____ C:\Windows\SysWOW64\igkrng500.bin
2016-08-12 02:39 - 2009-07-29 04:04 - 00982220 _____ C:\Windows\system32\igkrng500.bin
2016-08-12 02:39 - 2009-07-29 04:04 - 00439300 _____ C:\Windows\SysWOW64\igcompkrng500.bin
2016-08-12 02:39 - 2009-07-29 04:04 - 00439300 _____ C:\Windows\system32\igcompkrng500.bin
2016-08-12 02:39 - 2009-07-29 04:04 - 00134592 _____ C:\Windows\SysWOW64\igfcg500.bin
2016-08-12 02:39 - 2009-07-29 04:04 - 00134592 _____ C:\Windows\system32\igfcg500.bin
2016-08-12 02:39 - 2009-07-29 04:04 - 00092216 _____ C:\Windows\SysWOW64\igfcg500m.bin
2016-08-12 02:39 - 2009-07-29 04:04 - 00092216 _____ C:\Windows\system32\igfcg500m.bin
2016-08-12 02:39 - 2009-07-29 04:01 - 04233728 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2016-08-12 02:39 - 2009-07-29 03:56 - 00549888 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll
2016-08-12 02:39 - 2009-07-29 03:55 - 03799552 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2016-08-12 02:39 - 2009-07-29 03:53 - 03646976 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2016-08-12 02:39 - 2009-07-29 03:50 - 08095232 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2016-08-12 02:39 - 2009-07-29 03:50 - 05195776 _____ (Intel Corporation) C:\Windows\system32\ig4dev64.dll
2016-08-12 02:39 - 2009-07-29 03:44 - 06042112 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2016-08-12 02:39 - 2009-07-29 03:44 - 03839488 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4dev32.dll
2016-08-12 02:39 - 2009-07-29 03:39 - 00312832 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00306688 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00305664 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00305664 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00305152 _____ (Intel Corporation) C:\Windows\system32\igfxresp.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00301568 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00296960 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00293376 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00291328 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00290304 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00289792 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00283136 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00282112 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00281088 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00279552 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00264704 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00254464 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00251904 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00208896 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00207360 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00181760 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2016-08-12 02:39 - 2009-07-29 03:39 - 00180224 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2016-08-12 02:39 - 2009-07-29 03:36 - 00371712 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2016-08-12 02:39 - 2009-07-29 03:36 - 00246272 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2016-08-12 02:39 - 2009-07-29 03:36 - 00125952 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2016-08-12 02:39 - 2009-07-29 03:35 - 00055808 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2016-08-12 02:39 - 2009-07-29 03:35 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2016-08-12 02:39 - 2009-07-29 03:34 - 05694976 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2016-08-12 02:39 - 2009-07-29 03:34 - 00278016 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2016-08-12 02:39 - 2009-07-29 03:34 - 00258560 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2016-08-12 02:39 - 2009-07-29 03:34 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2016-08-12 02:39 - 2009-07-29 03:34 - 00108544 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2016-08-12 02:39 - 2009-07-29 03:29 - 00216576 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2016-08-12 02:39 - 2009-07-23 11:12 - 02805511 _____ C:\Windows\system32\iglhxa64.cpa
2016-08-12 02:39 - 2009-07-23 11:12 - 00059442 _____ C:\Windows\system32\iglhxg64.vp
2016-08-12 02:39 - 2009-07-23 11:12 - 00059330 _____ C:\Windows\system32\iglhxc64.vp
2016-08-12 02:39 - 2009-07-23 11:12 - 00058839 _____ C:\Windows\system32\iglhxo64.vp
2016-08-12 02:39 - 2009-07-23 11:12 - 00001073 _____ C:\Windows\system32\iglhxa64.vp
2016-08-12 02:39 - 2009-04-30 21:43 - 00081440 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-08-12 02:39 - 2009-04-30 21:43 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\nvhdap64.dll
2016-08-12 02:39 - 2009-04-26 09:32 - 00506400 _____ (NVIDIA Corporation) C:\Windows\system32\nvuhda6.exe
2016-08-12 02:39 - 2009-04-26 09:32 - 00159232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcohda6.dll
2016-08-12 02:39 - 2009-04-26 09:29 - 00001407 _____ C:\Windows\system32\nvhda.nvu
2016-08-12 02:37 - 2016-08-12 02:38 - 119592702 _____ C:\Users\vvind\Downloads\VGA_nVidia_WIN7_64_815118688.zip
2016-08-12 02:37 - 2016-08-12 02:38 - 00116340 _____ C:\Users\vvind\Downloads\VGA_Patch_UL80_Win7_32_64_1001.zip
2016-08-12 02:37 - 2016-08-12 02:37 - 00116770 _____ C:\Users\vvind\Downloads\VGA_Patch_UL80.zip
2016-08-10 05:43 - 2016-08-10 05:43 - 00007605 _____ C:\Users\vvind\AppData\Local\Resmon.ResmonCfg
2016-08-06 23:26 - 2016-08-11 19:14 - 00000000 ____D C:\Users\vvind\AppData\Local\pokemon
2016-08-06 23:26 - 2016-08-07 20:42 - 00000000 ____D C:\Users\vvind\AppData\Local\SquirrelTemp
2016-08-06 23:26 - 2016-08-06 23:45 - 00000000 ____D C:\Users\vvind\AppData\Roaming\pokemon-go-map
2016-08-06 23:25 - 2016-08-06 23:26 - 85075968 _____ (Mike Christopher) C:\Users\vvind\Downloads\PokemonGoMap-Win.exe
2016-08-06 19:58 - 2016-08-06 19:59 - 01065671 _____ C:\Users\vvind\Documents\6XMjKl7TXZlh_com.incorporateapps.fakegps.v4.6-GlobalAPK.Co.apk
2016-08-06 17:30 - 2016-08-12 15:53 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-06 17:30 - 2016-08-06 17:30 - 00007239 _____ C:\Windows\system32\-1.14-windows.xml
2016-08-06 17:30 - 2016-08-06 17:30 - 00001822 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-08-06 17:30 - 2016-08-06 17:30 - 00001822 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-08-06 17:30 - 2016-08-06 17:30 - 00000000 ____D C:\ProgramData\Bluestacks
2016-08-06 17:30 - 2016-08-06 17:30 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2016-08-06 17:29 - 2016-08-06 17:29 - 00000000 ____D C:\Users\vvind\AppData\Local\Bluestacks
2016-08-06 17:09 - 2016-08-06 20:10 - 00000000 ____D C:\Users\vvind\Desktop\pokemon go
2016-08-04 15:40 - 2016-08-04 15:40 - 00000000 ____D C:\Users\vvind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-16 03:00 - 2016-07-16 03:00 - 00000000 ____D C:\Windows\EOONotify

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-13 17:18 - 2013-12-18 20:19 - 00000000 ____D C:\FRST
2016-08-13 17:17 - 2014-10-04 07:53 - 00000000 ____D C:\Windows\SysWOW64\WinDir
2016-08-13 17:17 - 2009-07-13 21:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-13 17:17 - 2009-07-13 21:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-13 17:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-13 17:15 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-13 17:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-13 17:10 - 2013-05-27 21:44 - 00000000 ____D C:\Users\vvind\AppData\Roaming\Skype
2016-08-13 17:10 - 2013-05-27 21:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-13 17:10 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-13 16:55 - 2013-05-27 21:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-13 16:44 - 2014-03-27 16:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4a117376700b.job
2016-08-13 16:21 - 2015-06-17 11:10 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2009450580-2934905059-176825126-1000UA.job
2016-08-13 15:33 - 2013-09-01 02:06 - 00000000 ___RD C:\Users\vvind\Dropbox
2016-08-13 02:21 - 2015-06-17 11:10 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2009450580-2934905059-176825126-1000Core.job
2016-08-12 08:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-08-12 08:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system
2016-08-12 05:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2016-08-12 05:00 - 2013-12-18 07:14 - 00000000 ____D C:\Windows\erdnt
2016-08-12 04:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\L2Schemas
2016-08-12 04:29 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2016-08-12 04:19 - 2014-01-09 04:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-12 03:07 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2016-08-11 20:21 - 2013-05-27 21:40 - 00109296 _____ C:\Users\vvind\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-11 20:19 - 2009-07-13 21:45 - 00409520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-11 19:14 - 2016-01-21 19:15 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-08-11 19:14 - 2013-05-27 21:27 - 00000000 ____D C:\Program Files (x86)\Acro Software
2016-08-11 19:13 - 2016-01-21 19:08 - 00000000 ____D C:\Users\vvind\AppData\Local\Citrix
2016-08-11 19:13 - 2015-01-07 04:01 - 00000000 ____D C:\Windows\system32\appmgmt
2016-08-11 19:12 - 2013-05-27 21:28 - 00000000 ____D C:\Users\vvind\AppData\Roaming\Adobe
2016-08-11 19:10 - 2013-05-27 21:26 - 00000000 ____D C:\Users\vvind\AppData\Roaming\uTorrent
2016-08-11 03:38 - 2013-06-20 02:32 - 00000000 ____D C:\Users\vvind\AppData\Roaming\Media Player Classic
2016-08-10 21:44 - 2016-01-11 03:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-10 21:44 - 2013-05-27 21:30 - 00000000 ____D C:\ProgramData\Skype
2016-08-10 06:11 - 2013-12-17 22:09 - 00000000 ____D C:\Users\vvind\AppData\Local\CrashDumps
2016-08-10 06:11 - 2013-10-18 05:59 - 00000000 ____D C:\Windows\Minidump
2016-08-10 06:11 - 2013-05-27 22:10 - 00000000 ____D C:\Windows\Panther
2016-08-08 11:51 - 2013-05-27 21:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 03:16 - 2015-04-12 03:15 - 00000000 ____D C:\Users\vvind\Desktop\111QINGYI
2016-08-07 03:16 - 2013-05-29 00:14 - 00000000 ____D C:\Users\vvind\Desktop\new cd
2016-08-06 17:30 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-04 15:40 - 2013-09-01 02:04 - 00000000 ____D C:\Users\vvind\AppData\Roaming\Dropbox
2016-07-28 17:39 - 2014-03-27 16:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a117376700b
2016-07-28 17:39 - 2013-05-27 21:26 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 05:47 - 2013-05-28 02:14 - 00000000 ____D C:\Users\vvind\Documents\Tencent Files
2016-07-28 04:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-26 14:24 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-20 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-20 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-14 12:05 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-07-14 11:27 - 2015-04-15 11:36 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 11:27 - 2010-11-21 00:16 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 10:47 - 2016-03-29 21:51 - 00003393 _____ C:\Users\vvind\Desktop\hk movie.txt

==================== Files in the root of some directories =======

2015-04-04 03:06 - 2015-04-04 03:06 - 0001078 _____ () C:\Users\vvind\AppData\Roaming\base64.cer
2013-12-12 13:28 - 2013-12-12 13:28 - 0000095 _____ () C:\Users\vvind\AppData\Roaming\mbam.context.scan
2016-08-10 05:43 - 2016-08-10 05:43 - 0007605 _____ () C:\Users\vvind\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-08 17:56

==================== End of FRST.txt ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 14 August 2016 - 12:42 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Startup: C:\Users\vvind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YVzWJrYn.lnk [2016-01-04]
ShortcutTarget: YVzWJrYn.lnk -> C:\Users\vvind\AppData\Roaming\FLEThjJw\hJFKrvSGxBAr.exe ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2009450580-2934905059-176825126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @alipay.com/npaliedit -> C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-2009450580-2934905059-176825126-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.33C\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-2009450580-2934905059-176825126-1000: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.33C\npwangwang.dll [No File]
FF Extension: Titanium - Best Of - C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default\Extensions\{85e871be-3adf-4390-b6ba-2e1224bb7187}.xpi [2014-01-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
U0 giou; C:\Windows\System32\drivers\ueyhiw.sys [79064 2016-08-13] (Malwarebytes)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
C:\Users\vvind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YVzWJrYn.lnk
C:\Users\vvind\AppData\Roaming\FLEThjJw
C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default\Extensions\{85e871be-3adf-4390-b6ba-2e1224bb7187}.xpi
C:\Windows\System32\drivers\ueyhiw.sys
AlternateDataStreams: C:\Users\vvind\Desktop\20160704_150313.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\20160704_150635.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\20160704_150707.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\aaasddds.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\IMG_20160717_000700.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\Voice 103.m4a:com.dropbox.attributes [168]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version(s) of Adobe Flash are out-or-date and vulnerable.
Go to Start > Control Panel > Programs and Features and uninstall the following programs:
Adobe Flash Player 10 ActiveX

Go to this page with Firefox to download the current version for your browsers:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
---

Please post the log and let me know what problem persists.

#7 supervvind

supervvind
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 14 August 2016 - 04:12 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2016
Ran by vvind (14-08-2016 14:04:00) Run:2
Running from C:\Users\vvind\Desktop\fix
Loaded Profiles: vvind (Available Profiles: vvind)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Startup: C:\Users\vvind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YVzWJrYn.lnk [2016-01-04]
ShortcutTarget: YVzWJrYn.lnk -> C:\Users\vvind\AppData\Roaming\FLEThjJw\hJFKrvSGxBAr.exe ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2009450580-2934905059-176825126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @alipay.com/npaliedit -> C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-2009450580-2934905059-176825126-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.33C\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-2009450580-2934905059-176825126-1000: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.33C\npwangwang.dll [No File]
FF Extension: Titanium - Best Of - C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default\Extensions\{85e871be-3adf-4390-b6ba-2e1224bb7187}.xpi [2014-01-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
U0 giou; C:\Windows\System32\drivers\ueyhiw.sys [79064 2016-08-13] (Malwarebytes)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
C:\Users\vvind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YVzWJrYn.lnk
C:\Users\vvind\AppData\Roaming\FLEThjJw
C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default\Extensions\{85e871be-3adf-4390-b6ba-2e1224bb7187}.xpi
C:\Windows\System32\drivers\ueyhiw.sys
AlternateDataStreams: C:\Users\vvind\Desktop\20160704_150313.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\20160704_150635.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\20160704_150707.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\aaasddds.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\IMG_20160717_000700.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\vvind\Desktop\Voice 103.m4a:com.dropbox.attributes [168]

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\vvind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YVzWJrYn.lnk => moved successfully
C:\Users\vvind\AppData\Roaming\FLEThjJw\hJFKrvSGxBAr.exe => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2009450580-2934905059-176825126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@alipay.com/npaliedit" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-2009450580-2934905059-176825126-1000\Software\MozillaPlugins\@alibaba.com/npAliSSOLogin;version=1.0" => key removed successfully
C:\Program Files (x86)\AliWangWang\8.00.33C\npAliSSOLogin.dll => not found.
"HKU\S-1-5-21-2009450580-2934905059-176825126-1000\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0" => key removed successfully
C:\Program Files (x86)\AliWangWang\8.00.33C\npwangwang.dll => not found.
C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default\Extensions\{85e871be-3adf-4390-b6ba-2e1224bb7187}.xpi => moved successfully
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
giou => service not found.
catchme => service removed successfully
VGPU => service removed successfully
X6va012 => service removed successfully
X6va013 => service removed successfully
"C:\Users\vvind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YVzWJrYn.lnk" => not found.
C:\Users\vvind\AppData\Roaming\FLEThjJw => moved successfully
"C:\Users\vvind\AppData\Roaming\Mozilla\Firefox\Profiles\e1oedp5m.default\Extensions\{85e871be-3adf-4390-b6ba-2e1224bb7187}.xpi" => not found.
"C:\Windows\System32\drivers\ueyhiw.sys" => not found.
C:\Users\vvind\Desktop\20160704_150313.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\vvind\Desktop\20160704_150635.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\vvind\Desktop\20160704_150707.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\vvind\Desktop\aaasddds.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\vvind\Desktop\IMG_20160717_000700.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\vvind\Desktop\Voice 103.m4a => ":com.dropbox.attributes" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12102315 B
Java, Flash, Steam htmlcache => 779 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 108544 B
Firefox => 450367275 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 33253 B
LocalService => 33125 B
NetworkService => 33125 B
vvind => 57989659 B

RecycleBin => 173074 B
EmptyTemp: => 504.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:04:56 ====

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 15 August 2016 - 06:44 AM

How is the computer running now?

#9 supervvind

supervvind
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 15 August 2016 - 06:53 AM

This is what I did

 

1. scan with malwarebytes , do not restart

2. scan with Farbar

3.  then my computer was restarted later on in the day , not sure if this will affect the process

4.  Updated my adobe flash.  Opened FRST and Fix.  Restarted.

 

 

The computer feels abit faster now but still seems kind of slow, some lag

Im not sure if used Malwarebytes to scan again and restart and scan again if the 2 viruses will come back?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 15 August 2016 - 06:59 AM

Restart the Computer normally.

Run the Malwarebytes tool. If it opens then clean everything that will be reported.

===

How is the computer running now?

#11 supervvind

supervvind
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 15 August 2016 - 07:03 AM

Hi

 

 

Do you mean i should restart computer now, and scan again with malwarebytes to see if the two viruses show up?



#12 supervvind

supervvind
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 15 August 2016 - 09:19 AM

HI  Nasdaq

 

I restarted computer, malwarebytes scan - no viruses.  then shutdown, restart and malwarebytes scan,  no viruses.  Then shutdown, restart, scan, no viruses.  I did this few times to make sure it did not come back. 

 

The 2 viruses, svchostexe and wchelerdll are not detected by malwarebytes anymore.  I think i am good now?

 

I was hoping the computer will be faster.  It is much faster than before but its still a bit choppy. 

 

Is it because i need to update my graphics drivers?

 

I looked up my laptop  Asus UL80VT.

https://www.asus.com/support/Download/3/219/0/3/oJ2UcCTkGd6GG7Rs/30/

I went here to the VGA section and there are 3 downloads.  I just installed the nVidia Graphics Driver
nVidia Graphics Driver for Win7 64 bit.   Do i need to install the two other patch files?

 

Also is there anything else I can do to make my laptop faster?  I dont think it should be sometimes choppy.   

 

I have 17.5 GB free out of 111 GB.  Is it because my computer is getting full?

 

Do I need to install windows updates?  Also i think i can upgrade it free to Windows 10.  Is it recommended or much better than windows 7? 

 

Also i read that i can check for dust in the fans,  I blew some out from the side but i will try to blow more like from the bottom. I dont think there is much dust because the laptop is quiet now after blowing the side.

 

 

Thank you !



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 16 August 2016 - 07:34 AM

I looked up my laptop Asus UL80VT.
https://www.asus.com/support/Download/3/219/0/3/oJ2UcCTkGd6GG7Rs/30/
I went here to the VGA section and there are 3 downloads. I just installed the nVidia Graphics Driver
nVidia Graphics Driver for Win7 64 bit. Do i need to install the two other patch files?


Install the other two patch files.
Do it one at a time and restart the computer after each one.

===

Do I need to install windows updates?
Yes to the Wndows Security Updates.

If you get any error message make a note of it and post the exact message for my review.

===

Windows UPGRADE is no longer free.
https://support.microsoft.com/en-us/help/12435/windows-10-upgrade-faq

#14 supervvind

supervvind
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 16 August 2016 - 04:23 PM

I opened both the the two VGA patch files and they seem like the same thing.  The file names are the same.  The two file names are "removedevice" and "silent".   When i open the removedevice.exe  it just says a tool to remove a specific decide. Then  i see nothing happening. Dont see any sort of updating so I am not sure if it works.  Attached photo of the two files

 

 

Also attached photos of the windows updates available right now for me.  

 

When you say Yes to the security updates do you mean I should install the "windows malicious removal tool" in the Important section.  Its just a scan for viruses and works same as Malwarebytes?  Do i still need to do this if malwarebytes detected 0 viruses?

 

In the Optional section, should i install the nvidia graphics adapter update?

 

 

Thanks

 

 

 

Attached Files



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 17 August 2016 - 08:25 AM

When you say Yes to the security updates do you mean I should install the "windows malicious removal tool" in the Important section.


MBAM does not check for Virus. This tool does.
It's your call if you want to install it now or later.

===

In the Optional section, should i install the nvidia graphics adapter update?


I would install. I always keep all my 3rd party programs up to date.

===

Let me know how it goes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users