Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help me post-cleaning my pc (proxy settings 127)


  • Please log in to reply
10 replies to this topic

#1 Akshah

Akshah

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 23 February 2017 - 03:13 PM

Hi,

 

Today i got infected with lot many malwares and adwares. So i run some programs provided by bleeping to clean them (I had been a member of bleeping in past and have some experience in running those programs). I know i should not be doing so without being told by expert but i didnt had any chance of getting online due to proxy error in browser.

 

I run the program and has cleaned the PC but I want to make sure "Am I still not infected ?" and for that I need your help.

 

Steps I did:

 

scan and clean PC by Malwarebytes antimalware (found some malware and deleted)

scan and clean PC by adwcleaner (found threats and deleted)

scan tdsskiller (nothing found)

 

I apologize again. please help me to clean my PC :D



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:16 AM

Posted 23 February 2017 - 04:20 PM

Akshah...follow the directions below for posting the logs, cleaning, and removing malware and adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

For MBAM:

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

For AdwCleaner:

 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Please download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log
  • copy and paste the log into your reply
  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Akshah

Akshah
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 23 February 2017 - 11:32 PM

Hi,

 

Thanks for response and the reply.

 

ccleaner : Run Cleaner done.

MBAM: No threat found.

Adwcleaner: 8 threat found (cleaning done).. (I didn't know this [solvusoft] was still hidden,)

JRT: Nothing found

 

Now will scan by zemana....

 

 


# AdwCleaner v6.043 - Logfile created 24/02/2017 at 09:52:27
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-23.4 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : MayPra - WINDOWS-PC
# Running from : C:\Users\MayPra\Desktop\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
No malicious services found.

***** [ Folders ] *****
No malicious folders found.

***** [ Files ] *****
No malicious files found.

***** [ DLL ] *****
No malicious DLLs found.

***** [ WMI ] *****
No malicious keys found.

***** [ Shortcuts ] *****
No infected shortcut found.

***** [ Scheduled Tasks ] *****
No malicious task found.

***** [ Registry ] *****
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.c
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com

***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [1147 Bytes] - [23/02/2017 22:26:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [2719 Bytes] - [24/02/2017 09:52:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2792 Bytes] ##########

Edited by Akshah, 23 February 2017 - 11:33 PM.


#4 Akshah

Akshah
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 23 February 2017 - 11:55 PM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/24/17
Scan Time: 9:44 AM
Logfile: MBM.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1338
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: WINDOWS-PC\MayPra
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436339
Time Elapsed: 3 min, 45 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-

Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by MayPra (Administrator) on 24-Feb-17 at  9:58:28.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 0
 

Registry: 0
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24-Feb-17 at 10:01:09.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 Akshah

Akshah
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 23 February 2017 - 11:56 PM

Zemana AntiMalware 2.72.2.101 (Installed)
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017-2-24
Operating System       : Windows 10 64-bit
Processor              : 4X AMD Athlon™ II X4 630 Processor
BIOS Mode              : Legacy
CUID                   : 12A80917C95A8C0F2CB02F
Scan Type              : Scheduled Scan
Duration               : 7m 7s
Scanned Objects        : 52761
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
 
Shell Execute Hooks
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\EnableShellExecuteHooks
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Potentially Unwanted Modification
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\EnableShellExecuteHooks = enabled
 
Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : ECB7B4674EF762E51732CC86C49EB4EA
Publisher          : -
Size               : 1189
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - Too many empty lines in Hosts file
                File - %systemroot%\system32\drivers\etc\hosts

Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0


#6 Akshah

Akshah
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 24 February 2017 - 12:02 AM

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 24.02.2017 10:33:19
Path starting: C:\Users\MayPra\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: MayPra
VersionXML: 3.94is-22.02.2017
___________________________________________________________________________
Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 20.08.2016 03:03:15
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16ProfessionalR_Trial edition Initial grace period ends :42393 minutes
LicenseStatus: Office 16, Office16ProfessionalR_Grace edition Initial grace period ends :6018 minutes
LicenseStatus: Office 16, Office16ProPlusVL_KMS_Client edition Windows is in Notification mode
LicenseStatus: Office 16, Office16ProPlusR_Retail edition Initial grace period ends :42397 minutes
Boot Mode: Normal
Default Browser: Microsoft Edge (C:\WINDOWS\system32\LaunchWinApp.exe)
SystemDrive: C: FS: [NTFS] Capacity: [195.2 Gb] Used: [45.7 Gb] Free: [149.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service is running
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Online Scanner v3
Kaspersky Software Updater Beta v.1.5.2.228
Kaspersky Security Scan v.16.0.0.1344
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.0.6.1469 v.3.0.6.1469
HiJackThis v.1.0.0
Zemana AntiMalware v.2.72.101
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.04 (x64) v.16.04
WinRAR 5.01 (64-bit) v.5.01.0 Warning! Download Update
Microsoft Silverlight v.5.1.50901.0
TeamViewer 10 v.10.0.47484 Warning! Download Update
TeamViewer 10 (TeamViewer) - The service has stopped
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.9.43085 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 45 v.8.0.450 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 24 NPAPI v.24.0.0.194 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 52.0 (x86 en-US) v.52.0 [+]
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe v.16.0.0.1344
Malwarebytes Service (MBAMService) - The service is running
E:\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.415
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.0
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.10.14393.0
C:\Program Files\Windows Defender\NisSrv.exe v.4.10.14393.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
E:\Zemana AntiMalware\ZAM.exe v.2.72.0.101
----------------------------- [ End of Log ] ------------------------------


#7 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:16 AM

Posted 24 February 2017 - 05:21 AM

Using p2p programs to download free stuff is very risky and often illegal. More than half of the downloads will contain malware.

Suggest you uninstall µTorrent v.3.4.9.43085

 

Old Java are malware magnets. Most users don't need Java.

Uninstall Java 8 Update 45 v.8.0.450

 

Adobe Flash Player 24 NPAPI v.24.0.0.194 Warning! Download Update

 

Uninstall HiJackThis v.1.0.0

Uninstall Zemana AntiMalware v.2.72.101

 

How is the computer? Any other problem?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Akshah

Akshah
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 24 February 2017 - 05:54 AM

Hi again,

 

Thanks for the reply.

My computer is working fine as normal now. The issue is fixed totally.

 

I just have some query.. I run the HiJackThis and below is the log file in which it shows files are missing. should I be worried about it, clean it or leave it as is.

 

==LOG FILE==

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:10 PM, on 24-Feb-17
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
E:\Malwarebytes\Anti-Malware\mbamtray.exe
E:\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
E:\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - E:\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - E:\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem33.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - E:\Zemana AntiMalware\ZAM.exe
--
End of file - 9068 bytes


#9 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:16 AM

Posted 24 February 2017 - 06:56 AM

Hijack This is no longer used by the security pros. I am not allowed to comment on its report. As stated in

this Forum's guide....No DDS, FRST, HijackThis, or ComboFix logs should be posted in this forum.

 

If you want to start a new topic in the malware removal forum you can do that by following the directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Akshah

Akshah
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 24 February 2017 - 08:32 AM

thanks for the response and assistance for an off topic issue :) As you have asked i have created a new topic here The PC is clean now. No suspicious activity seen. :bananas:

 

​Thanks for your time and assistance :D :clapping: 


Edited by Akshah, 25 February 2017 - 12:24 AM.


#11 Akshah

Akshah
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 February 2017 - 12:28 AM

Cheers!

The issue has been fixed, you may close the topic.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users