Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High Disk Usage


  • This topic is locked This topic is locked
16 replies to this topic

#1 benjaminavi1994

benjaminavi1994

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 04 March 2017 - 02:14 AM

https://www.bleepingcomputer.com/forums/t/641189/high-disk-usage/

 

I was asked to create a new topic and post the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-03-2017
Ran by Avinesh (administrator) on AVINESH (04-03-2017 12:38:38)
Running from C:\Users\Avinesh\Downloads
Loaded Profiles: Avinesh (Available Profiles: Avinesh)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.6.2.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingNews_4.18.41.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-23] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{75b17621-0b79-4f95-b8b0-7790cced1633}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ffcf9875-c1ab-414f-8ecc-a8295be88022}: [DhcpNameServer] 199.85.126.20 199.85.127.20
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Avinesh\AppData\Roaming\Mozilla\Firefox\Profiles\uqysnghm.default-1449838877357 [2017-03-02]
FF Extension: (Firefox Hotfix) - C:\Users\Avinesh\AppData\Roaming\Mozilla\Firefox\Profiles\uqysnghm.default-1449838877357\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\Avinesh\AppData\Roaming\Mozilla\Firefox\Profiles\uqysnghm.default-1449838877357\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-15]
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.co.in/","hxxp://www.mystartsearch.com/?type=hp&ts=1419399512&from=smt&uid=HGSTXHTS541010A9E680_JD1008CHJSJLKVJSJLKVX"
CHR Profile: C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default [2017-03-04]
CHR Extension: (Google Docs) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-09]
CHR Extension: (Google Drive) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-21]
CHR Extension: (YouTube) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-21]
CHR Extension: (Adblock Plus) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-21]
CHR Extension: (Google Docs Offline) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pocket) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-08-09]
CHR Extension: (Save to Pocket) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-08-13] (Broadcom Corporation.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2016-11-16] (ESET)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-03-13] (Foxit Software Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359856 2015-08-13] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-28] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-08-13] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7532760 2014-08-07] (Broadcom Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-16] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [199304 2016-11-16] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-16] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [181384 2016-11-16] (ESET)
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2016-09-17] (ESET)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_6cdbe0c0630ed4a3\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-04 12:38 - 2017-03-04 12:39 - 00017821 _____ C:\Users\Avinesh\Downloads\FRST.txt
2017-03-04 12:38 - 2017-03-04 12:38 - 00000000 ____D C:\FRST
2017-03-04 12:37 - 2017-03-04 12:38 - 02423808 _____ (Farbar) C:\Users\Avinesh\Downloads\FRST64.exe
2017-03-02 16:46 - 2017-03-02 16:46 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-02 16:36 - 2017-03-02 16:54 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-02 16:32 - 2017-03-02 16:36 - 11581544 _____ (SurfRight B.V.) C:\Users\Avinesh\Downloads\HitmanPro_x64.exe
2017-03-01 22:35 - 2017-03-01 22:35 - 00006040 _____ C:\Users\Avinesh\Downloads\cpttosrt.zip
2017-03-01 22:20 - 2017-03-01 22:35 - 00000000 ____D C:\Users\Avinesh\Desktop\LyndaDecryptor
2017-03-01 22:19 - 2017-03-01 22:20 - 01648824 _____ C:\Users\Avinesh\Downloads\LyndaDecryptor.zip
2017-03-01 22:17 - 2017-03-01 22:16 - 12571516 _____ C:\Users\Avinesh\Desktop\Lynda-Decryptor-master.zip
2017-03-01 22:15 - 2017-03-01 22:16 - 12571516 _____ C:\Users\Avinesh\Downloads\Lynda-Decryptor-master.zip
2017-03-01 21:50 - 2017-03-02 02:56 - 00000000 ____D C:\Users\Avinesh\Downloads\Lynda - Programming Fundamentals in the Real World
2017-03-01 21:50 - 2017-03-02 01:34 - 00000000 ____D C:\Users\Avinesh\Downloads\Lynda.com - Foundations of Programming. Fundamentals
2017-03-01 21:49 - 2017-03-02 02:53 - 1168275456 _____ C:\Users\Avinesh\Downloads\Lynda.com - Foundations of Programming Object-Oriented Design.iso
2017-03-01 21:48 - 2017-03-01 22:46 - 00000000 ____D C:\Users\Avinesh\Downloads\Lynda - Up and Running with Git and GitHub
2017-03-01 19:49 - 2017-03-01 19:49 - 00115521 _____ C:\Users\Avinesh\Downloads\Ex_Files_SpeechWriting.zip
2017-03-01 19:45 - 2017-03-01 19:45 - 00000000 ____D C:\Users\Avinesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lynda.com
2017-03-01 19:45 - 2017-03-01 19:45 - 00000000 ____D C:\Users\Avinesh\AppData\Local\lynda.com
2017-03-01 19:45 - 2017-03-01 19:45 - 00000000 ____D C:\Users\Avinesh\AppData\Local\IsolatedStorage
2017-03-01 19:41 - 2017-03-02 19:48 - 00000000 ____D C:\Users\Avinesh\AppData\Local\Deployment
2017-03-01 19:41 - 2017-03-01 19:41 - 00000000 ____D C:\Users\Avinesh\AppData\Local\Apps\2.0
2017-03-01 19:39 - 2017-03-01 19:39 - 00460664 _____ C:\Users\Avinesh\Downloads\Ex_Files_CP_StrongEssay.zip
2017-03-01 19:36 - 2017-03-01 22:16 - 00000000 ____D C:\Users\Avinesh\Desktop\Statement of Purpose Lynda.com
2017-02-12 15:35 - 2017-02-12 15:35 - 00090287 _____ C:\Users\Avinesh\Downloads\Invoice OD40727134742.pdf
2017-02-12 02:12 - 2017-02-12 11:05 - 00000000 ____D C:\Users\Avinesh\Desktop\Justice.League.Dark.2017.1080p.BluRay.H264.AAC-RARBG
2017-02-11 17:00 - 2017-02-11 17:00 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-11 17:00 - 2016-09-09 23:55 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-11 17:00 - 2016-09-09 23:55 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-11 17:00 - 2016-09-09 23:55 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-11 17:00 - 2016-09-09 23:54 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-04 12:15 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-04 12:12 - 2016-10-28 00:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-04 03:13 - 2015-08-09 01:05 - 00000000 ____D C:\Users\Avinesh\AppData\Roaming\vlc
2017-03-03 23:55 - 2015-08-13 15:06 - 00000000 ____D C:\Users\Avinesh\AppData\Roaming\Skype
2017-03-03 23:15 - 2016-10-28 00:23 - 00000000 ____D C:\Users\Avinesh
2017-03-03 23:15 - 2016-10-28 00:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-03 23:15 - 2016-10-28 00:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-03 23:15 - 2015-08-08 21:22 - 00000000 __SHD C:\Users\Avinesh\IntelGraphicsProfiles
2017-03-03 23:12 - 2016-10-28 00:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-03 23:12 - 2016-03-26 13:19 - 00000000 ____D C:\ProgramData\VMware
2017-03-03 17:23 - 2016-07-16 11:34 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-03 15:10 - 2016-07-16 17:15 - 00000000 ____D C:\WINDOWS\INF
2017-03-02 16:55 - 2015-08-09 11:25 - 00000000 ____D C:\Users\Avinesh\AppData\Roaming\uTorrent
2017-03-02 16:20 - 2016-07-16 17:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-02 00:57 - 2017-01-22 02:09 - 00000000 ____D C:\Users\Avinesh\AppData\Local\CrashDumps
2017-02-23 17:43 - 2015-08-10 22:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 17:41 - 2015-08-10 22:37 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 15:19 - 2016-07-16 17:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 13:56 - 2015-08-08 20:58 - 00000000 ____D C:\Users\Avinesh\AppData\Local\Packages
2017-02-17 20:44 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-07 11:13 - 2017-01-22 02:01 - 00000000 ____D C:\Users\Avinesh\AppData\Local\NPE
2017-02-07 10:43 - 2015-08-08 22:35 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 01:18 - 2016-07-16 17:19 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 01:18 - 2016-07-16 17:19 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-06-11 17:34 - 2016-06-11 17:34 - 0003584 _____ () C:\Users\Avinesh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-08 23:16 - 2015-08-08 23:16 - 0000017 _____ () C:\Users\Avinesh\AppData\Local\resmon.resmoncfg
2015-08-10 19:21 - 2015-08-10 19:21 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Avinesh\a.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-03 16:37
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:28 PM

Posted 04 March 2017 - 05:04 AM

Hello benjaminavi1994 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware to your desktop.

  • double-click mbam-setup- mb3-setup-consumer-3.0.4.exe and follow the prompts to install the program
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program).
  • click Finish.
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the “History” tab, the “Application Logs”
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with next post:

AdwCleaner log
JRT.txt
Mbam.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 benjaminavi1994

benjaminavi1994
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 March 2017 - 10:08 AM

Hi Satchfanthanks for helping out :)

Just to inform you a.exe is C program I wrote nothing harmful.

Now the logs.

 

# AdwCleaner v6.044 - Logfile created 05/03/2017 at 20:20:15
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Avinesh - AVINESH
# Running from : C:\Users\Avinesh\Downloads\adwcleaner_6.044.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mystartsearch.com/?type=hp&ts=1419399512&from=smt&uid=HGSTXHTS541010A9E680_JD1008CHJSJLKVJSJLKVX
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1159 Bytes] - [05/03/2017 20:20:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1232 Bytes] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Pro x64 
Ran by Avinesh (Administrator) on 05-03-2017 at 20:28:02.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
File System: 3 
 
Successfully deleted: C:\Users\Avinesh\AppData\Local\{0F376500-DFBE-47DE-A1F0-B86761A82BF2} (Empty Folder)
Successfully deleted: C:\Users\Avinesh\AppData\Local\{6859D162-847E-4525-84F5-77CE958BACA9} (Empty Folder)
Successfully deleted: C:\Users\Avinesh\AppData\Local\{C1C46F64-CDA0-44F3-B198-D652F918E413} (Empty Folder)
 
Registry: 0 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05-03-2017 at 20:30:26.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/5/17
Scan Time: 6:58 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1394
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: AVINESH\Avinesh
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403493
Time Elapsed: 3 min, 45 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 

Edited by benjaminavi1994, 05 March 2017 - 10:13 AM.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:28 PM

Posted 05 March 2017 - 10:17 AM

Thanks for the logs.

You need to run AdwCleaner again and allow it to clean this:
 

Chrome pref Found:  [C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mystartsearch.com/?type=hp&ts=1419399512&from=smt&uid=HGSTXHTS541010A9E680_JD1008CHJSJLKVJSJLKVX

Please do that before anything else.

===================================================

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Uninstall programs

Uninstall the following programs:


UmmyVideoDownloader
Java 7 Update 79


===================================================

When you've done all of the above, please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit ‘Scan’.

Logs to include with next post:

 

AdwCleaner fix log
New Frst.txt
New Addition.txt


Thanks

Satchfan


Edited by satchfan, 05 March 2017 - 10:19 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 benjaminavi1994

benjaminavi1994
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 06 March 2017 - 01:10 PM

# AdwCleaner v6.044 - Logfile created 06/03/2017 at 23:29:08
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Local]
# Operating System : Windows 10 Pro  (X64)
# Username : Avinesh - AVINESH
# Running from : C:\Users\Avinesh\Downloads\adwcleaner_6.044.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.mystartsearch.com/?type=hp&ts=1419399512&from=smt&uid=HGSTXHTS541010A9E680_JD1008CHJSJLKVJSJLKVX
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1180 Bytes] - [05/03/2017 20:20:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1028 Bytes] - [06/03/2017 23:29:08]
C:\AdwCleaner\AdwCleaner[S0].txt - [1311 Bytes] - [05/03/2017 20:20:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [1456 Bytes] - [06/03/2017 23:26:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1247 Bytes] ##########
 
Hi I agree with you about torrents, just have it for when I need to download new ubuntu versions, as for ummydownloader I used it to download certain youtube videos is it unsafe?
as for Java 7 well I do write some code in java :P
 
Here are the FRST logs, thanks for your help so far. The entry that AdwCleaner found the uid has something to do with my Hard disk cause my laptop has hitachi HDD, I don't remember even doing anything related to this, also I noticed in one of the logs eagle get showed up its a download manger I uninstalled a year ago when i saw bad things about it why does it still show up :|

Attached Files


Edited by benjaminavi1994, 06 March 2017 - 01:17 PM.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:28 PM

Posted 06 March 2017 - 05:31 PM

as for ummydownloader I used it to download certain youtube videos is it unsafe?

Yes. I suggest you uninstall it.

Also, whether you use Java or not, it's a big security problem having an old verion on your system. Java is so widely used that it has become the most exploited program around at the moment and old versions are the most easily exploited.

If you choose to disregard my instructions regarding both of these then you will continue to have problems.

================================================

Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning.:

    :filefind
    *mystartsearch*
    
    :folderfind
    *mystartsearch*
    
    :regfind
    mystartsearch
    
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 benjaminavi1994

benjaminavi1994
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 07 March 2017 - 03:58 AM

SystemLook 04.09.10 by jpshortstuff
Log created at 14:19 on 07/03/2017 by Avinesh
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*mystartsearch*"
No files found.
 
========== folderfind ==========
 
Searching for "*mystartsearch*"
No folders found.
 
========== regfind ==========
 
Searching for "mystartsearch"
No data found.
 
-= EOF =-


#8 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:28 PM

Posted 07 March 2017 - 09:50 AM

Now that you’ve run AdwCleaner to ‘clean’ the bad entry, I need another FRST log to see the current state of things.

Please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit ‘Scan’.

Logs to include with next post:

New Frst.txt
New Addition.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 benjaminavi1994

benjaminavi1994
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 07 March 2017 - 12:03 PM

Hi here you go!

Attached Files



#10 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:28 PM

Posted 07 March 2017 - 05:46 PM

You have obviously ignored my advice about UmmyVideoDownloader. I have replied to you because you requested advice on cleaning your computer but if you don’t trust my judgement I may be wasting my time. Read more about it here and then decide.

================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
CHR StartupUrls: Default -> "hxxp://www.google.co.in/","hxxp://www.mystartsearch.com/?type=hp&ts=1419399512&from=smt&uid=HGSTXHTS541010A9E680_JD1008CHJSJLKVJSJLKVX"
CHR Extension: (Chrome Web Store Payments) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Avinesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx <not found>
Task: {016E439D-E44F-4ED5-8D5C-F05CD6958972} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {07A7E5A7-7AA9-4C4A-BA6E-2421CD636432} - \WPD\SqmUpload_S-1-5-21-503293968-797017756-3627548743-1001 -> No File <==== ATTENTION
Task: {0AB4C71E-FD3C-4664-89A4-A3286C9AD961} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {189E28C4-C133-448E-8F9B-6F143A4E0073} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2414A816-997F-42AC-8B31-4003E776B06E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {35379AB8-52C2-49FC-A059-B2810370279E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3B851D5A-BDF7-4CC0-955D-1242F861D50A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4D08ED76-9B33-4803-B5C2-BE7A6B85DFD2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {94ED16EF-99FC-499D-A057-3B70AC18BB4B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A04A43F2-7117-4595-A4BC-24EBCB7B24CE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C4B52162-0B9A-4CC9-A56D-D609FE62AE28} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C4C80773-2E00-4181-9B4E-C71DE153DDAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {D2D387B1-626D-4608-AAC9-A673E0890A32} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E1EFB298-119C-4E2C-9C9D-13D3737D7657} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
C:\Users\Avinesh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Avinesh\AppData\Local\resmon.resmoncfg
C:\ProgramData\Ament.ini
C:\Users\Avinesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader
C:\Users\Avinesh\AppData\Local\UmmyVideoDownloader
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit ‘Scan’.

Logs to include with next post:

Fixlog.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 benjaminavi1994

benjaminavi1994
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 08 March 2017 - 03:33 AM

Hi,

no its not like I don't value your advice, I uninstalled it just that I never had any popups or something from that program so thought it was safe.

 

Now the logs

 

Attached Files



#12 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:28 PM

Posted 08 March 2017 - 09:41 AM

Well done. You’ve followed the instructions well and those logs look fine now but let’s have a final check to be sure there’s nothing left.

Run Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • after extraction, double-click on the new Start Emsisoft Emergency Kit icon on your desktop
  • the first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates: click Yes so that it downloads the latest database updates
  • when update the is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • when the scan has completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan
  • when the threats have been quarantined, click the View report button in the lower-right corner and the scan log will open in Notepad
  • please save the Notepad log on your desktop and post the contents in your next reply
  • when you close Emsisoft Emergency Kit it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Please let post the Emsisoft report.

If all is well I’ll send instructions to tidy up the tools we’ve used.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 benjaminavi1994

benjaminavi1994
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 08 March 2017 - 04:05 PM

Emsisoft Emergency Kit - Version 2017.2
Last update: 09-03-2017 01:50:41
User account: AVINESH\Avinesh
Computer name: AVINESH
OS version: Windows 10x64 
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 09-03-2017 01:53:12
 
Scanned 138958
Found 0
 
Scan end: 09-03-2017 01:59:47
Scan time: 0:06:35


#14 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:28 PM

Posted 08 March 2017 - 05:22 PM

Your computer appears to be clean.

Now that you’re free from malware, as long as it seems to be running well, please follow these simple steps to tidy up your computer and decrease the likelihood of getting infected again:

===================================================

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update installed programs

Your version of Java was out-of-date. You can install the latest version of Java here.

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

===================================================

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 benjaminavi1994

benjaminavi1994
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 09 March 2017 - 06:16 AM

Okay thanks for Helping me cleanup! No issues so far






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users