Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eliminating Ping.exe efficiently


  • Please log in to reply
13 replies to this topic

#1 gmansam

gmansam

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 08 January 2017 - 10:30 PM

Hi

 

I believe I have been infected by Ping.exe and have no idea how to remove of it. I have tried using a avira virus scan to attempt to fix it and it did not find anything. I am not sure on how to proceed. I would very much appreciate some guidance. Thanks!

 

-Gmansam



BC AdBot (Login to Remove)

 


#2 gmansam

gmansam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 08 January 2017 - 11:46 PM

Here is a scan from malware bytes
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/8/17
Scan Time: 7:50 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.954
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Gaming_PC\Gmansam
 
-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 370301
Time Elapsed: 55 min, 19 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.Amonetize, C:\USERS\GMANSAM\DESKTOP\DESKTOP STUFF\ADOBE+PHOTOSHOP+CC+2014+C.ACE, No Action By User, [13], [91815],1.0.954
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#3 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:04 AM

Posted 09 January 2017 - 06:23 AM

Welcome to BC...

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"
  • NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 gmansam

gmansam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 09 January 2017 - 11:09 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18376
Gmansam :: GAMING_PC [administrator]
 
1/9/2017 15:34:54
mbar-log-2017-01-09 (15-34-54).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 600394
Time elapsed: 12 minute(s), 19 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Next log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18376
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 4.100000 GHz
Memory total: 8535773184, free: 515465216
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18376
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 4.100000 GHz
Memory total: 8535773184, free: 474230784
 
=======================================
 
 
Downloaded database version: v2017.01.09.11
Canceled update
Downloaded database version: v2017.01.09.11
Canceled update
Initializing...
=======================================
------------ Kernel report ------------
     01/09/2017 15:32:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\bflwfx64.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e22w7x64.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\uvhid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\RzSurroundVAD.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\rzudd.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\rzendpt.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\DRIVERS\xb1usb.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\rzpmgrk.sys
\??\C:\Windows\system32\drivers\rzpnk.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ws2_32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B7DC76DC
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953316272
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 87470C62
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 488190320
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 976773166
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 950251376
    GPT Header CurrentLba = 1 BackupLba 976773166
    GPT Header FirstUsableLba 34  LastUsableLba 976773133
    GPT Header Guid e95bf11a-bf71-4049-be9b-5fbaeeb0e03f
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 950251376
    Backup GPT header CurrentLba = 976773166 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773133
    Backup GPT header Guid e95bf11a-bf71-4049-be9b-5fbaeeb0e03f
    Backup GPT header Contains 128 partition entries starting at LBA 976773134
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 22e9c59-36ba-42de-b01e-e201d75f99f
    FirstLBA 40  Last LBA 409639
    Attributes 0
    Partition Name                 EFI System Partition
 
    GPT Partition 0 is bootable
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d1e29c00-743a-4439-a474-41a860cada7c
    FirstLBA 411648  Last LBA 976771071
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 500107861504 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
 
ADW Cleaner Scan:
# AdwCleaner v6.042 - Logfile created 09/01/2017 at 16:00:08
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-09.3 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Gmansam - GAMING_PC
# Running from : C:\Users\Gmansam\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[-] Folder deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Folder deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
[-] File deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
[-] File deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_analytics.app.amazonbrowserapp.com_0.localstorage
[-] File deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_analytics.app.amazonbrowserapp.com_0.localstorage-journal
[-] File deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_match.amazonbrowserapp.com_0.localstorage
[-] File deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_match.amazonbrowserapp.com_0.localstorage-journal

JRT Scan:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Gmansam (Administrator) on Mon 01/09/2017 at 16:06:17.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 75 
 
Successfully deleted: C:\Users\Gmansam\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07QFBMEZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KZRE45B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XEBK220 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46Y2EYR9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XBHX16H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87VSNS9F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PBN74YU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CUWOHPR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L3DJFEZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NODBQKJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWX4AKUR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C00F2MCV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7WNLBM5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPR27MPB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZ27N4UA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS4A9JAT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDRQ9FBE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF0Q2DDM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE34HATM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NICSJQSD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NV0KFYAQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZV3NWZM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZIAPVNF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4F8CQ0G (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGC0OJTM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYTGVPKG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5GDTIF8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTN7S6WF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5783ATL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8EGM95C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZD8FBB9H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gmansam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUURN62I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07QFBMEZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KZRE45B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XEBK220 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46Y2EYR9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XBHX16H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87VSNS9F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PBN74YU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CUWOHPR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L3DJFEZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NODBQKJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWX4AKUR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C00F2MCV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7WNLBM5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPR27MPB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZ27N4UA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS4A9JAT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDRQ9FBE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF0Q2DDM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE34HATM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NICSJQSD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NV0KFYAQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZV3NWZM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZIAPVNF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4F8CQ0G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGC0OJTM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYTGVPKG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5GDTIF8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTN7S6WF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5783ATL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8EGM95C (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZD8FBB9H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUURN62I (Temporary Internet Files Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{841263D3-B7F7-42B7-9C72-0959BDBEC346} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{841263D3-B7F7-42B7-9C72-0959BDBEC346} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4DB8FC50-B206-44B3-9B28-442F326056B9} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/09/2017 at 16:09:16.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scan

C:\Users\Gmansam\AppData\Local\GoPro\FirmwareCache\BCK.01\UPDATE\system\app\BuckhornApp.apk a variant of Android/Fobus.X trojan deleted
C:\Users\Gmansam\AppData\Local\GoPro\FirmwareCache\BCK.01\UPDATE.zip a variant of Android/Fobus.X trojan deleted
C:\Users\Gmansam\Documents\desktop bleep\fklogger.zip a variant of Win32/KeyLogger.FreeKeylogger.B application deleted
C:\Users\Gmansam\Documents\sfk_setup\config.exe Win32/KeyLogger.Spyrix.G application cleaned by deleting
C:\Users\Gmansam\Documents\fklogger.zip a variant of Win32/KeyLogger.FreeKeylogger.B application deleted
F:\Users\Gmansam\Documents\desktop bleep\fklogger.zip a variant of Win32/KeyLogger.FreeKeylogger.B application deleted
F:\Users\Gmansam\Documents\sfk_setup\config.exe Win32/KeyLogger.Spyrix.G application cleaned by deleting
F:\Users\Gmansam\Documents\fklogger.zip a variant of Win32/KeyLogger.FreeKeylogger.B application deleted
F:\Users\Gmansam\Downloads\shadow-keylogger.zip Win32/KeyLogger.ShadowKeylogger.B application deleted
 


#5 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:04 AM

Posted 10 January 2017 - 05:52 AM

Eset removed a Keylogger....Spyrix

Were you aware that a keylogger was installed on your computer?

Eset removed a trojan from GoPro firmware cache....do you have a GoPro camera?

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 gmansam

gmansam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 10 January 2017 - 05:47 PM

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run CyberGhost "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
Yes HKCU:Run Discord Hammer & Chisel, Inc. C:\Users\Gmansam\AppData\Local\Discord\app-0.0.296\Discord.exe
Yes HKCU:Run DisplayFusion Binary Fortress Software "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
Yes HKCU:Run dualmonitor Cristi C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
Yes HKCU:Run Gyazo Nota Inc. C:\Program Files (x86)\Gyazo\GyStation.exe
Yes HKCU:Run Pushbullet Pushbullet inc "C:\Program Files (x86)\Pushbullet\pushbullet.exe" -show false
No HKCU:Run Unified Remote V3 Unified Intents AB "C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe"
Yes HKCU:Run Uploader Seagate Technology LLC C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
Yes HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
Yes HKLM:Run Avira SystrayStartTrigger Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
No HKLM:Run BlueStacks Agent C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Yes HKLM:Run DBAgent Seagate Technology LLC "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
Yes HKLM:Run EEventManager SEIKO EPSON CORPORATION "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
No HKLM:Run iTunesHelper "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run PwmConsole.exe Trend Micro Inc. "C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe" -s
Yes HKLM:Run Razer Synapse Razer Inc. "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run Sound Blaster Cinema 2 Creative Technology Ltd "C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe" /r
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Yes HKLM:Run UpdReg Creative Technology Ltd. C:\Windows\UpdReg.EXE
Yes Startup Common Killer Network Manager.lnk Flexera Software LLC C:\Windows\Installer\{7364C716-1212-4EAE-B0C9-A31D1E797BF8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe
Yes Startup User Rainmeter.lnk Open Source Developer, Rainmeter C:\Program Files\Rainmeter\Rainmeter.exe

Next one:

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore1d12ff48873a777 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA1d12ff4888f462e Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Next one:

 

Adobe Flash Player 19 ActiveX Adobe Systems Incorporated 11/11/2015 4.48 MB 19.0.0.245
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 11/11/2015 5.04 MB 19.0.0.245
Adobe Reader XI (11.0.13) Adobe Systems Incorporated 10/14/2015 186 MB 11.0.13
Adobe Shockwave Player 12.1 Adobe Systems, Inc. 6/10/2015 12.1.8.158
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 12/29/2014 26.2 MB 3.0.864.0
Avira Antivirus Avira Operations GmbH & Co. KG 12/17/2016 298 MB 15.0.24.146
Avira Connect Avira Operations GmbH & Co. KG 12/17/2016 13.0 MB 1.2.76.27124
CCleaner Piriform 1/9/2017 5.25
Counter-Strike: Global Offensive Valve 4/26/2015
Defraggler Piriform 11/14/2015 2.19
Discord Hammer & Chisel, Inc. 6/24/2016 47.0 MB 0.0.296
Epson Customer Participation SEIKO EPSON CORPORATION 1/12/2015 3.27 MB 1.0.0.0
Epson Event Manager SEIKO EPSON CORPORATION 1/12/2015 40.5 MB 2.50.0000
EPSON NX430 Series Printer Uninstall SEIKO EPSON Corporation 1/12/2015
EPSON Scan Seiko Epson Corporation 1/12/2015
EpsonNet Print SEIKO EPSON CORPORATION 1/12/2015 2.4j
Fallout 4 Bethesda Game Studios 12/27/2015
Fraps (remove only) 1/8/2015
Google Chrome Google Inc. 12/29/2014 55.0.2883.87
Google Update Helper 12/29/2014
Grand Theft Auto V Rockstar North 12/17/2016
HFSExplorer 0.23.1 Catacombae Software 10/29/2015 0.23.1
Java 8 Update 60 Oracle Corporation 9/15/2015 20.6 MB 8.0.600.27
Just Cause 2 Avalanche Studios 2/8/2015
Just Cause 2: Multiplayer Mod Avalanche Studios 2/9/2015
Lagarith lossless video codec (Remove Only) 12/6/2015
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2/11/2015 38.8 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 1/8/2015 1.59 MB 4.0.40804.0
Microsoft Office Home and Student 2010 Microsoft Corporation 1/8/2015 14.0.7015.1000
Microsoft Report Viewer 2012 Runtime Microsoft Corporation 7/21/2015 28.6 MB 11.1.3452.0
Microsoft Silverlight Microsoft Corporation 12/23/2016 299 MB 5.1.50428.0
Microsoft System CLR Types for SQL Server 2012 Microsoft Corporation 7/21/2015 1.52 MB 11.1.3000.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 1/8/2015 298 KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 3/9/2015 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 12/6/2015 1.41 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/25/2015 238 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 3/9/2015 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 3/16/2015 15.2 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 3/16/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2/14/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Corporation 7/21/2015 11.0.51106.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2/14/2015 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 11/24/2015 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 11/24/2015 17.1 MB 12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/11/2015 10.0.50903
Mozilla Firefox 42.0 (x86 en-US) Mozilla 11/9/2015 86.8 MB 42.0
Mozilla Maintenance Service Mozilla 11/9/2015 401 KB 42.0
Mozilla Thunderbird 38.5.0 (x86 en-US) Mozilla 12/31/2015 79.8 MB 38.5.0
NVIDIA 3D Vision Controller Driver 369.04 NVIDIA Corporation 12/16/2016 369.04
NVIDIA 3D Vision Driver 376.33 NVIDIA Corporation 12/16/2016 376.33
NVIDIA GeForce Experience 2.11.4.1 NVIDIA Corporation 12/18/2016 2.11.4.1
NVIDIA Graphics Driver 376.33 NVIDIA Corporation 12/16/2016 376.33
NVIDIA HD Audio Driver 1.3.34.17 NVIDIA Corporation 12/16/2016 1.3.34.17
NVIDIA PhysX System Software 9.16.0318 NVIDIA Corporation 12/16/2016 9.16.0318
paint.net dotPDN LLC 10/29/2015 26.4 MB 4.0.6
PAYDAY 2 OVERKILL - a Starbreeze Studio. 1/1/2017
Qualcomm Atheros Killer Network Manager Suite Qualcomm Atheros 12/29/2014 1.1.39.1040
QuickTime 7 Apple Inc. 1/30/2015 69.1 MB 7.76.80.95
Rainmeter 3/22/2015 3.2 r2384
Razer Surround Razer Inc. 12/22/2016 175 MB 1.05.26
Razer Synapse Razer Inc. 12/22/2016 9.33 MB 2.20.15.1104
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/29/2014 6.0.1.7245
Rocket League Psyonix 12/8/2015
Rockstar Games Social Club Rockstar Games 12/17/2016 1.2.1.0
Samsung Data Migration Samsung 11/14/2015 3.0
Seagate Dashboard Seagate 12/29/2014 152 MB 3.2.1801.0
Skype™ 7.30 Skype Technologies S.A. 12/28/2016 85.6 MB 7.30.105
Soda PDF 3D Reader LULU Software Limited 3/9/2015 7.0.9.22165
Software Updater SEIKO EPSON CORPORATION 1/12/2015 8.19 MB 4.2.1
Sound Blaster Cinema 2 Creative Technology Limited 12/29/2014 1.00.06
Steam Valve Corporation 12/29/2014 2.10.91.91
TeamSpeak 3 Client TeamSpeak Systems GmbH 5/25/2015 3.0.16
Trend Micro Password Manager Trend Micro Inc. 8/18/2015 50.0 MB 1.9.1189
Vegas Pro 12.0 (64-bit) Sony 1/11/2015 580 MB 12.0.770
Vulkan Run Time Libraries 1.0.26.0 LunarG, Inc. 12/16/2016 1.66 MB 1.0.26.0
WinZip 19.0 WinZip Computing, S.L. 3/9/2015 232 MB 19.0.11294
µTorrent BitTorrent Inc. 12/21/2016 3.4.2.37951
 

 



#7 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:04 AM

Posted 10 January 2017 - 06:00 PM

You didn't answer my questions...

 

Also, you took no action to remove what MBAM found according to the log you posted in your opening post.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:04 AM

Posted 10 January 2017 - 06:25 PM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run Discord Hammer & Chisel, Inc. C:\Users\Gmansam\AppData\Local\Discord\app-0.0.296\Discord.exe

Yes HKCU:Run Uploader Seagate Technology LLC C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

Yes HKLM:Run EEventManager SEIKO EPSON CORPORATION "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

Yes HKLM:Run PwmConsole.exe Trend Micro Inc. "C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe" -s  (Keep in Startup if you use this password manager)

Yes HKLM:Run UpdReg Creative Technology Ltd. C:\Windows\UpdReg.EXE

 

Disable this Task: Use CCleaner by clicking on it and choosing Disable on the right.

Yes Task GoogleUpdateTaskMachineUA1d12ff4888f462e Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
 
Uninstall these programs:

Adobe Flash Player 19 ActiveX Adobe Systems Incorporated 11/11/2015 4.48 MB 19.0.0.245 (Old Adobe programs are malware magnets)
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 11/11/2015 5.04 MB 19.0.0.245
Adobe Reader XI (11.0.13) Adobe Systems Incorporated 10/14/2015 186 MB 11.0.13 (Uninstall or Update...your choice)
Adobe Shockwave Player 12.1 Adobe Systems, Inc. 6/10/2015 12.1.8.158

Epson Customer Participation SEIKO EPSON CORPORATION 1/12/2015 3.27 MB 1.0.0.0

Google Update Helper 12/29/2014

Java 8 Update 60 Oracle Corporation 9/15/2015 20.6 MB 8.0.600.27

Mozilla Firefox 42.0 (x86 en-US) Mozilla 11/9/2015 86.8 MB 42.0 (Or Update...your choice...missing a lot of security updates...now 50.1)
Mozilla Maintenance Service Mozilla 11/9/2015 401 KB 42.0
QuickTime 7 Apple Inc. 1/30/2015 69.1 MB 7.76.80.95
µTorrent BitTorrent Inc. 12/21/2016 3.4.2.37951 (VERY risky to use to download free stuff...more than half is bundled with malware and adware)
 
 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 gmansam

gmansam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 10 January 2017 - 07:22 PM

I just noticed your questions now, I do have a gopro camera however I did not know I had a keylogger installed on my computer. I have done as you instructed. Thank you for the help!



#10 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:04 AM

Posted 10 January 2017 - 07:32 PM

Keyloggers will send all the info it gathers to another computer. That will include passwords, screen names, financial info, screen shots, history, etc.

Suggest you check your accounts, change passwords...what else you need to do depends on what you do on the computer.

If someone else has access to your computer either physically or remotely then that could be how the keylogger got installed.

 

Did you rerun MBAM and allow it to remove what it found?

  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

Is the problem mentioned in your opening post solved?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 gmansam

gmansam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 13 January 2017 - 09:36 PM

No the problem is not fixed still, here is what comes up everytime I shut down my computer requiring me to force shut down my computer...
http://imgur.com/JYIK9GG



#12 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:04 AM

Posted 14 January 2017 - 06:10 AM

Uninstall Chrome including your Chrome profile. You can save your bookmarks before uninstalling. Use Download Revo Uninstaller Freeware

Remove all that Revo finds for Chrome.

 

After uninstalling Chrome, run CCleaner, then reboot before reinstalling Chrome.


Edited by buddy215, 14 January 2017 - 06:11 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 gmansam

gmansam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 14 January 2017 - 09:20 PM

I did all the and the same error pops up when I shut down my computer :(
http://imgur.com/JYIK9GG



#14 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:04 AM

Posted 15 January 2017 - 06:51 AM

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users