Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CMD prompt keeps popping up


  • This topic is locked This topic is locked
4 replies to this topic

#1 Steve1989

Steve1989

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 10 March 2017 - 09:12 PM

Hi!

 

This is a follow up topic of this one, in which Broni helped finding a solution.

 

Problem: two CMD prompt windows appear out of nowhere, and disappear just as fast. When using full-screen applications, then it throws me out to the desktop. The CMD popup happens randomly; it can be once a day or once a week, but it could be a dozen times a day. This issue has been persistent for the past 2-3 months, but an IT guy told me not to worry about it.

 

Broni assisted me and we've tried the following so far:

 

- Security Check

- Farbar Service Scanner

- MiniToolBox

- Malwarebytes

- Malwarebytes Anti-Rootkit

- Rkill

- Temp File Cleaner (TFC)

- AdwCleaner

- Junkware Removal Tool

- Sophos Free Virus Removal Tool

- Autoruns

- Powelikscleaner (by ESET) [for which I couldn't post a response with the included log because "the post is too long", but no threats were found]

 

Attached is the txt called Addition. Here is the log for Farbar Recovery Scan Tool:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by PC (administrator) on FELHASZNALO (11-03-2017 02:32:20)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Platform: Windows 8.1 Pro (Update) (X64) Language: magyar (Magyarország)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-1696572180-1912202778-1873796917-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-09] (Valve Corporation)
HKU\S-1-5-21-1696572180-1912202778-1873796917-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1696572180-1912202778-1873796917-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-03-10] ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.246.54 213.46.246.53
Tcpip\..\Interfaces\{C692F01D-4FE6-4E06-8824-7912A1AD3F08}: [DhcpNameServer] 213.46.246.54 213.46.246.53

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7q8ursap.default
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\7q8ursap.default [2017-03-11]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\7q8ursap.default\features\{c9749dc9-cab5-4ab1-98de-2697b7e74dc9}\disableSHA1rollout@mozilla.org.xpi [2017-03-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Google Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-15]
CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-15]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-15]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-15]
CHR Extension: (Google Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-15]
CHR Extension: (Avira Browser Safety) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519144 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2003-02-20] (Microsoft Corporation) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [161824 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [163976 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R3 bomebus; C:\Windows\System32\drivers\bomebus.sys [38616 2014-06-26] (Bome Software GmbH & Co. KG)
R3 bomemidi; C:\Windows\system32\drivers\bomemidi.sys [32472 2014-06-26] (Bome Software GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-03-29] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-03-29] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [394520 2014-09-29] (Intel Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-21] (REALiX™)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [46016 2016-04-27] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-02-08] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-02-08] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
S4 gdrv; \??\C:\Windows\gdrv.sys [X]
S4 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S4 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 02:32 - 2017-03-11 02:32 - 00018229 _____ C:\Users\PC\Desktop\FRST.txt
2017-03-11 02:31 - 2017-03-11 02:32 - 00000000 ____D C:\FRST
2017-03-11 02:30 - 2017-03-11 02:30 - 02423808 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2017-03-11 02:00 - 2017-03-11 02:00 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-03-10 01:04 - 2017-03-10 01:04 - 00000000 ____D C:\Users\PC\Desktop\auto
2017-03-09 06:18 - 2017-03-09 06:18 - 00000000 ____D C:\ProgramData\Sophos
2017-03-09 06:13 - 2017-03-09 06:13 - 01663736 _____ (Malwarebytes) C:\Users\PC\Desktop\JRT.exe
2017-03-09 05:54 - 2017-03-09 06:08 - 00000000 ____D C:\AdwCleaner
2017-03-09 05:54 - 2017-03-09 05:54 - 04031440 _____ C:\Users\PC\Desktop\AdwCleaner.exe
2017-03-09 04:44 - 2017-03-09 04:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-05 19:41 - 2017-03-05 19:41 - 00001766 _____ C:\Users\Public\Desktop\NaturalReader 14.lnk
2017-03-05 19:41 - 2017-03-05 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naturalsoft
2017-03-05 19:41 - 2017-03-05 19:41 - 00000000 ____D C:\Program Files (x86)\TTS1.4
2017-03-05 19:14 - 2017-03-05 19:42 - 00000000 ____D C:\Users\PC\AppData\Local\Downloaded Installations
2017-03-05 19:14 - 2017-03-05 19:39 - 00000000 ____D C:\Program Files (x86)\Naturalsoft
2017-03-01 19:50 - 2017-03-01 19:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-01 19:50 - 2017-03-01 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-24 05:33 - 2017-02-24 05:33 - 00000000 ____D C:\Users\PC\AppData\Roaming\Digiarty
2017-02-22 16:11 - 2017-02-22 16:11 - 00001004 _____ C:\Users\Public\Desktop\Bandicam.lnk
2017-02-22 16:11 - 2017-02-22 16:11 - 00000000 ____D C:\Users\PC\Documents\Bandicam
2017-02-22 16:11 - 2017-02-22 16:11 - 00000000 ____D C:\Users\PC\AppData\Roaming\Bandicam Company
2017-02-22 16:11 - 2017-02-22 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-02-22 16:11 - 2017-02-22 16:11 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2017-02-22 16:11 - 2017-02-22 16:11 - 00000000 ____D C:\Program Files (x86)\Bandicam
2017-02-22 14:57 - 2017-02-22 14:57 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2017-02-22 14:55 - 2017-02-22 14:55 - 00000000 ____D C:\Users\PC\AppData\Roaming\SplitmediaLabs
2017-02-22 14:31 - 2017-02-08 12:57 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-22 14:31 - 2017-02-08 12:57 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-22 14:31 - 2017-02-08 12:57 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-02-22 14:31 - 2017-02-08 12:57 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-02-20 02:37 - 2017-02-20 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-02-19 23:40 - 2017-02-22 14:52 - 00000000 ____D C:\Users\PC\AppData\Local\NVIDIA
2017-02-19 23:08 - 2017-02-19 23:08 - 00000000 ____D C:\Users\PC\AppData\Local\Chromium
2017-02-18 04:00 - 2017-02-18 17:19 - 00000000 ____D C:\Users\PC\Documents\Assetto Corsa
2017-02-18 03:07 - 2017-03-11 00:37 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-18 03:07 - 2017-02-18 03:07 - 00000979 _____ C:\Users\Public\Desktop\Steam.lnk
2017-02-18 03:07 - 2017-02-18 03:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 02:17 - 2016-11-18 01:36 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Mozilla
2017-03-11 02:00 - 2015-04-23 21:50 - 00000000 ____D C:\Users\PC\AppData\Local\Adobe
2017-03-11 01:32 - 2016-09-01 05:25 - 00186883 _____ C:\Users\PC\Desktop\Photoshop Edit Log.txt
2017-03-11 01:32 - 2015-04-22 19:53 - 00000000 ____D C:\Users\PC
2017-03-11 01:18 - 2015-04-23 17:13 - 00000000 ____D C:\Users\PC\AppData\Roaming\Skype
2017-03-10 20:38 - 2015-04-23 22:59 - 00003944 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7C419422-9666-4599-8AE4-573794DE828D}
2017-03-10 03:30 - 2015-04-22 19:58 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1696572180-1912202778-1873796917-1001
2017-03-10 01:54 - 2014-11-21 00:01 - 01938876 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-10 01:54 - 2014-11-20 23:21 - 00805134 _____ C:\Windows\system32\perfh00E.dat
2017-03-10 01:54 - 2014-11-20 23:21 - 00206780 _____ C:\Windows\system32\perfc00E.dat
2017-03-10 01:54 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-03-10 01:47 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-10 01:47 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-03-10 01:39 - 2015-04-23 20:57 - 00000000 ____D C:\Windows\system32\MRT
2017-03-10 01:37 - 2015-04-23 20:57 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-09 06:08 - 2015-10-04 23:32 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-03-09 05:05 - 2013-08-22 15:44 - 05051696 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-09 04:45 - 2016-03-30 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-07 16:07 - 2015-12-27 21:03 - 00000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2017-03-05 19:42 - 2015-04-23 21:59 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-03-02 17:07 - 2015-04-23 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-02 17:06 - 2016-10-14 01:51 - 00048584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-02 17:06 - 2015-04-30 03:35 - 00163976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-02 17:06 - 2015-04-30 03:35 - 00161824 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-02 17:06 - 2015-04-30 03:35 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-02 17:06 - 2015-04-30 03:35 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-01 19:50 - 2017-02-01 21:53 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-01 19:50 - 2015-04-23 17:13 - 00000000 ____D C:\ProgramData\Skype
2017-03-01 19:50 - 2015-04-22 20:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-01 13:58 - 2015-04-22 19:53 - 00000000 ____D C:\Users\PC\AppData\Local\Packages
2017-03-01 13:33 - 2015-06-03 18:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-01 13:33 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-25 17:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2017-02-23 12:53 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-22 14:52 - 2016-05-05 23:04 - 00000000 ____D C:\Users\PC\AppData\Local\NVIDIA Corporation
2017-02-22 14:52 - 2016-05-05 23:04 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-22 14:52 - 2016-05-05 23:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-22 14:52 - 2016-05-05 23:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-22 14:52 - 2016-05-05 23:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-21 16:42 - 2015-05-26 19:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-18 03:09 - 2015-04-25 00:32 - 00000000 ____D C:\Users\PC\AppData\Local\Steam
2017-02-14 23:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 23:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 22:53 - 2016-06-21 04:08 - 00000000 ____D C:\Users\PC\Desktop\PENDRIVE TEMP
2017-02-12 03:23 - 2015-04-23 17:39 - 00007597 _____ C:\Users\PC\AppData\Local\resmon.resmoncfg

==================== Files in the root of some directories =======

2016-02-17 21:18 - 2016-02-17 21:19 - 0003229 _____ () C:\Users\PC\AppData\Roaming\glide_wrapper.zbag.ini
2016-03-26 02:28 - 2016-03-26 02:28 - 0000112 _____ () C:\Users\PC\AppData\Roaming\JP2K CS6 Prefs
2015-09-05 01:21 - 2015-10-01 18:53 - 0001484 _____ () C:\Users\PC\AppData\Local\Adobe Mentés webre 13.0 Prefs
2015-04-23 23:25 - 2015-04-25 03:54 - 2128896 _____ () C:\Users\PC\AppData\Local\file__0.localstorage
2016-11-06 07:45 - 2016-11-06 07:45 - 0000218 _____ () C:\Users\PC\AppData\Local\recently-used.xbel
2015-04-23 17:39 - 2017-02-12 03:23 - 0007597 _____ () C:\Users\PC\AppData\Local\resmon.resmoncfg
2015-04-22 20:00 - 2015-04-22 20:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-07 16:46

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 11 March 2017 - 08:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

]HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
CHR Extension: (Avira Browser Safety) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S4 gdrv; \??\C:\Windows\gdrv.sys [X]
S4 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S4 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]
CustomCLSID: HKU\S-1-5-21-1696572180-1912202778-1873796917-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1696572180-1912202778-1873796917-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1696572180-1912202778-1873796917-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
HKU\S-1-5-21-1696572180-1912202778-1873796917-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
===

Please post the Fixldog.txt and let me know what problem persists.

#3 Steve1989

Steve1989
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 11 March 2017 - 10:07 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017
Ran by PC (11-03-2017 15:56:00) Run:1
Running from C:\Users\PC\Desktop\FRST
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

]HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
CHR Extension: (Avira Browser Safety) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S4 gdrv; \??\C:\Windows\gdrv.sys [X]
S4 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S4 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]
CustomCLSID: HKU\S-1-5-21-1696572180-1912202778-1873796917-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1696572180-1912202778-1873796917-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1696572180-1912202778-1873796917-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
HKU\S-1-5-21-1696572180-1912202778-1873796917-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\] => value not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin => key removed successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKLM\System\CurrentControlSet\Services\gdrv => key removed successfully
gdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\WacHidRouter => key removed successfully
WacHidRouter => service removed successfully
HKLM\System\CurrentControlSet\Services\wacomrouterfilter => key removed successfully
wacomrouterfilter => service removed successfully
HKU\S-1-5-21-1696572180-1912202778-1873796917-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-1696572180-1912202778-1873796917-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-1696572180-1912202778-1873796917-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
HKU\S-1-5-21-1696572180-1912202778-1873796917-1001\Software\Classes\regfile => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39556075 B
Java, Flash, Steam htmlcache => 376754425 B
Windows/system/drivers => 5958722 B
Edge => 0 B
Chrome => 634452113 B
Firefox => 432179537 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19878448 B
NetworkService => 262684 B
PC => 86906718 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:56:09 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 11 March 2017 - 10:10 AM

Let me know in a few days if the problem persists.

#5 Steve1989

Steve1989
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 11 March 2017 - 10:13 AM

Let me know in a few days if the problem persists.

 

I will. Thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users