Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Threat Blocked but Computer is Slow and Sluggish


  • Please log in to reply
31 replies to this topic

#1 TheAndroid11

TheAndroid11

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 03 May 2017 - 07:35 AM

Hello,

 

Recently, my Avast Free Antivirus detected a threat and blocked it. Soon after, however, I have noticed that my computer performance is really and sluggish.

 

I am worried that it may have been infected with some unwanted programme or some form of malware. Is my computer infected and what can I do?

 

I am using Windows 10.

 

Thank you for your help!



BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,492 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:00 PM

Posted 03 May 2017 - 01:18 PM

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

 

 

Download Malwarebytes Anti-Malware from the provided link.

  1. Launch MBAM by clicking the .EXE file you downloaded.

  2. Run the installation wizard.

  3. Once complete, open MBAM and click Scan.

  4. Let the scan complete, then make sure all threats are selected and click Quarantine.

  5. Once done, go to History > Logs. Select the most recent Scan Log and paste its contents into a post.

 

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

 

 

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.

 

 

Download AdwCleaner and save it to your desktop.

  1. Click on the file you downloaded.

  2. Click Scan to start AdwCleaner's scanning process.

  3. Once done, make sure to delete all found threats.

  4. Open the “Logfile” and paste its contents into a post.


Edited by iMacg3, 03 May 2017 - 01:19 PM.

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#3 TheAndroid11

TheAndroid11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 05 May 2017 - 09:08 AM

Hi iMacg3,

 

Thanks for replying.

 

I will run the scans tomorrow morning and post them here for your reference.



#4 TheAndroid11

TheAndroid11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 05 May 2017 - 10:36 PM

Hi iMacg3,

 

I have ran the tests and have posted the logs below.

 

One thing to note, I ran Eset online scanner but there was no logfile generated. That said, the end of the scan showed that no threats were found.

 

What should I do from here? Thank you.

_______________________________________________________________________________________________________________________

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Admin (administrator) on 05-05-2017 at 19:42:51
Running from "C:\Users\Admin\Desktop"
Microsoft Windows 10 Home  (X64)
Model: Aspire V5-473G Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/04/2017 08:54:23 PM) (Source: Application Hang) (User: )
Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1fb4
 
Start Time: 01d2c4d5281f6786
 
Termination Time: 9
 
Application Path: C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
 
Report Id: c2770d6b-30c8-11e7-8303-c4544417942c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/03/2017 08:17:11 PM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 3.92.72.58 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 19d0
 
Start Time: 01d2c0f23b17432c
 
Termination Time: 9
 
Application Path: C:\Program Files (x86)\Steam\Steam.exe
 
Report Id: 4a9531fe-2ffa-11e7-8303-c4544417942c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/03/2017 08:01:08 PM) (Source: COM) (User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
Error: (05/02/2017 08:46:11 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (05/01/2017 07:28:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Acer)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/30/2017 08:58:32 PM) (Source: COM) (User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
Error: (04/27/2017 09:58:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Acer)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (04/27/2017 09:52:15 PM) (Source: COM) (User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
Error: (04/27/2017 09:52:15 PM) (Source: COM) (User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
Error: (04/27/2017 09:52:15 PM) (Source: COM) (User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
 
System errors:
=============
Error: (05/05/2017 07:51:33 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/05/2017 12:03:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/04/2017 10:24:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (05/04/2017 07:56:47 PM) (Source: DCOM) (User: Acer)
Description: {37998346-3765-45B1-8C66-AA88CA6B20B8}
 
Error: (05/03/2017 11:47:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/03/2017 11:46:12 PM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
%%2147500037 = Unspecified error
 
 
Error: (05/03/2017 11:36:30 PM) (Source: DCOM) (User: Acer)
Description: {37998346-3765-45B1-8C66-AA88CA6B20B8}
 
Error: (05/03/2017 11:34:31 PM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
%%2147500037 = Unspecified error
 
 
Error: (05/03/2017 11:29:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (05/03/2017 08:23:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
 
Microsoft Office Sessions:
=========================
Error: (05/04/2017 08:54:23 PM) (Source: Application Hang)(User: )
Description: dota2.exe0.0.0.01fb401d2c4d5281f67869C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exec2770d6b-30c8-11e7-8303-c4544417942c
 
Error: (05/03/2017 08:17:11 PM) (Source: Application Hang)(User: )
Description: Steam.exe3.92.72.5819d001d2c0f23b17432c9C:\Program Files (x86)\Steam\Steam.exe4a9531fe-2ffa-11e7-8303-c4544417942c
 
Error: (05/03/2017 08:01:08 PM) (Source: COM)(User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
Error: (05/02/2017 08:46:11 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (05/01/2017 07:28:07 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Acer)
Description: Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen-2144927142
 
Error: (04/30/2017 08:58:32 PM) (Source: COM)(User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
Error: (04/27/2017 09:58:08 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Acer)
Description: Microsoft.Windows.ShellExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy+App
 
Error: (04/27/2017 09:52:15 PM) (Source: COM)(User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
Error: (04/27/2017 09:52:15 PM) (Source: COM)(User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
Error: (04/27/2017 09:52:15 PM) (Source: COM)(User: )
Description: {2CD39202-3A2F-4935-9A86-65B919919A7F}
 
 
CodeIntegrity Errors:
===================================
  Date: 2017-02-18 10:15:46.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-18 10:15:45.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-25 09:27:49.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-25 09:27:49.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3006 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3104.3 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.3104.6 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Aloha TriPeaks (HKLM-x32\...\WTA-fba58c25-9dce-4948-959f-d82371090453) (Version: 2.2.0.98 - WildTangent) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Batman™: Arkham Origins (HKLM\...\Steam App 209000) (Version:  - WB Games Montreal)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-212e01e7-f2c2-4214-a0fc-2eebb3016aa4) (Version: 2.2.0.110 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKLM-x32\...\Dropbox) (Version: 25.4.28 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-eeda6a6f-5b95-4909-b5ef-42a14941e77c) (Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-e651cb04-878b-46bd-ad26-14cbe4e3157c) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-08715f80-06f1-4e0f-a057-80071e75a8bc) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mark of the Ninja (HKLM\...\Steam App 214560) (Version:  - Klei Entertainment)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4919.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\NARA) (Version: 4.5.0.9 - Symantec Corporation) Hidden
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Peggle Nights (HKLM-x32\...\WTA-0693a05b-0e71-4d06-993a-f0015cd82b50) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-f2ee8d98-8654-4d54-889a-f25b90527c0c) (Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-a3f4261c-6aa4-4ec7-9feb-8fedf17edad0) (Version: 3.0.2.32 - WildTangent) Hidden
The Stanley Parable (HKLM\...\Steam App 221910) (Version:  - Galactic Cafe)
The Wolf Among Us (HKLM\...\Steam App 250320) (Version:  - Telltale Games)
Trinklit Supreme (HKLM-x32\...\WTA-9b27d782-db46-4890-9f13-285231aeb009) (Version: 2.2.0.98 - WildTangent) Hidden
Update for CHS Microsoft IME HAP Dictionary (HKLM\...\{50822466-5571-4B7A-B3FC-A58760DDAEE9}) (Version: 16.0.1560.1 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 67%
Total physical RAM: 3976.27 MB
Available physical RAM: 1277.55 MB
Total Virtual: 7137.34 MB
Available Virtual: 2669.16 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Acer) (Fixed) (Total:223.35 GB) (Free:66.55 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:224.11 GB) (Free:223.64 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ACER
 
Admin                    Administrator            DefaultAccount           
Guest                    UpdatusUser              
 
========================= Restore Points ==================================
 
20-04-2017 15:04:52 Scheduled Checkpoint
02-05-2017 12:45:53 Windows Update
 
**** End of log ****
________________________________________________________________________________________________
 
# AdwCleaner v6.046 - Logfile created 06/05/2017 at 11:17:58
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-05.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Admin - ACER
# Running from : C:\Users\Admin\Desktop\adwcleaner_6.046.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
 
 
***** [ Web browsers ] *****
 
[-] Firefox preferences cleaned: "weboftrust.search.ask.display" -  "Ask.com Web Search"
[-] Firefox preferences cleaned: "weboftrust.search.avg.url" -  "^hxxp(s)?\\:\\/\\/isearch\\.avg\\.com\\/search\\?"
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1509 Bytes] - [06/05/2017 11:17:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [1920 Bytes] - [06/05/2017 11:16:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1655 Bytes] ##########
______________________________________________________________________________________________________________________
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Admin (Administrator) on Sat 06/05/2017 at 11:28:22.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/05/2017 at 11:30:09.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#5 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,492 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:00 PM

Posted 06 May 2017 - 08:32 AM

Any speed improvements after a restart?

 

 

Download Rkill from one of the below three links. (Use the one that runs on your PC without being blocked).

Link 1

Link 2

Link 3

 

  1. Double-click on the file you downloaded (either rkill.exe, iExplore.exe, or rkill.com) to launch Rkill.

  2. If a black box appears, the program is running correctly. If nothing happens, then try another link.

  3. Let the scan complete, then paste the contents of the text file that pops up at the end into a post.

  4. Important: Do not restart your computer once the scan is done!

 

 

Download Hitman Pro and save it to your desktop.(32 bit)(64 bit)

  1. Double-click on the Hitman Pro EXE file on your desktop.

  2. Download Hitman Pro. Right click it and select Run as Administrator.

  3. Once it's open, click Settings, then uncheck Scan for Tracking Cookies. 

  4. Click OK, then click Next.

  5. Select No, I only want to perform a one time scan then click Next.

  6. . HitmanPro will start scanning your system. Once done scanning, HitmanPro will display a screen with any threats found. Important: Click on the drop-down tab next to the infection name and then click Apply to All > Ignore. If not, you could cause damage to your operating system! Make sure you choose to Ignore the files and then click next. You will be at the results window. Click "Save Log" and save it to your desktop. Paste its contents into a post.

 

 

Download Malwarebytes Anti-Rootkit and save it to your desktop.

  1. Double-click on the .EXE file that you downloaded and follow the extracting prompt.

  2. Find the MBAR folder and launch the executable in the folder.

  3. Select the option to Update the virus definitions.

  4. Once done updating, MBAR will scan your computer.

  5. When complete, please click Cleanup to remove the threats. Do NOT click inside the window when MBAR is doing the cleanup process.

  6. When finished, restart the PC.

  7. Post these logs in a forum post, which are inside the MBAR folder: mbar-log(date) and system-log.txt.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#6 TheAndroid11

TheAndroid11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 06 May 2017 - 09:46 AM

Hi iMacg3,

 

Yes, there seems to be speed improvements after the scans and a restart. It feels less 'choppy' now.

 

I have a few questions before proceeding with the next few scans.

 

1. What does Hitman Pro do? Considering the possibility that it can damage the OS, is it necessary to run Hitman Pro?

 

2. After running Rkill, you mentioned that I should not restart the computer after the scan is done. That said, if I were to run Mbar after that, I will have to restart the PC. Is this ok? When is a good time to restart after running Rkill?

 

Thank you.



#7 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,492 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:00 PM

Posted 06 May 2017 - 10:11 AM

Hitman Pro will catch any malware that is hidden in your computer that other anti-malware programs can't detect. It's a more "intense" scanner. It only damages the OS if you remove files that were found without letting me looking at the log files, since the files found may be a false positive of a system file.

 

It is only required not to restart the computer if malicious processes are closed by Rkill. If anything malicious is found, do not run MBAR. Instead, I'll look at the log file of Rkill and see what the processes are. If no processes are found, go ahead and run MBAR.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#8 TheAndroid11

TheAndroid11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 06 May 2017 - 10:18 AM

1. In this case, am I right to assume that if Rkill finds anything malicious I should not restart the computer? So if anything malicious is found, I should post the log here before doing anything else. Am I right to say that.

 

2. On the other hand, if Rkill does not find anything malicious, I can go ahead and run MBAR and restart the computer?

 

Thanks!



#9 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,492 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:00 PM

Posted 06 May 2017 - 10:32 AM

You're correct. RKill just stops the services of malware running. It doesn't actually delete them. If you restart the PC, those malicious processes will come back again. If malware is stopped, you can just use a scan tool to remove the actual malware files.


Edited by iMacg3, 06 May 2017 - 10:34 AM.

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#10 TheAndroid11

TheAndroid11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 07 May 2017 - 12:42 AM

Hi iMacg3,

 

Thanks for answering my questions. I have ran Rkill and have posted the log below.

 

Let me know if I need to run HitmanPro and MBAR-(with a restart) after this?

 

_____________________________________________________________________________________________--

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/07/2017 01:38:12 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * agp440 [Missing ImagePath]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/07/2017 01:39:32 PM
Execution time: 0 hours(s), 1 minute(s), and 20 seconds(s)


#11 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,492 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:00 PM

Posted 07 May 2017 - 09:58 AM

Go ahead and run Hitman Pro and MBAR. Rkill didn't detect any malware processes.

 

How long ago did the computer start becoming slow?


Edited by iMacg3, 07 May 2017 - 10:05 AM.

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#12 TheAndroid11

TheAndroid11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 08 May 2017 - 07:12 AM

Hi iMacg3,

 

Due to my schedule, I will not have time to run both Hitman and MBAR in one night (I hope you do not mind). I will post the MBAR log once I am done. That said, I have already ran Hitman Pro and posted the log below.

 

To answer your question, I think I noticed it sometime within the past 2 few weeks. 

 

Also, is it safe to manually delete the exe files that were downloaded and their respective folders in the drive? Or, will I need to run a tool like Delfix to remove the disinfection tools?

 

Thank you.

 

____________________________________________________________________________________________________________

 

HitmanPro 3.7.18.284
www.hitmanpro.com
 
   Computer name . . . . : ACER
   Windows . . . . . . . : 10.0.0.14393.X64/4
   User name . . . . . . : Acer\Admin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2017-05-08 19:39:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 16m 28s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0
 
   Objects scanned . . . : 2,528,480
   Files scanned . . . . : 154,695
   Remnants scanned  . . : 863,325 files / 1,510,460 keys
 
 


#13 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,492 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:00 PM

Posted 08 May 2017 - 08:56 AM

That's fine if you run MBAR at another time. It seems Hitman Pro didn't detect anything. 

 

Using Delfix is recommended to remove the anti-malware tools.

 

Is your computer back to normal or still slow?

What was the name of the threat Avast blocked?


Edited by iMacg3, 08 May 2017 - 08:57 AM.

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda


#14 TheAndroid11

TheAndroid11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 10 May 2017 - 04:00 AM

Hi iMacg3,

 

I will be posting the Mbar log later today. Hopefully, the scan can finish as it is taking quite a while.

 

I am not sure what was the name of the threat that was blocked as I have already deleted the notification from the history. That said, the computer is definitely much faster and smoother now, compared to the time before I started this post. Thanks for your help!

 

Anyway, would like to check how should I run Delfix after all this? Should I check everything when using Delfix?

Also, do the disinfection tools have to be on the desktop when I run Delfix?

 

Thank you.



#15 TheAndroid11

TheAndroid11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 10 May 2017 - 04:52 AM

Hi iMacg3,

 

Just a quick update. I ran Mbar but the test seems to be taking a long time to finish.

 

In the end, I did not finish the MBAR scan as it took too long. The scan was running for over 2 hours and seemed to take a long time scanning .jpg files in the folder clear.fi/OfficeAddin. The last time I ran Mbar the same thing happened and I did not finish the scan. Clear.fi appears to be Acer's cloud service for photos and entertainment related stuff.

 

In this case should I go ahead and run the Mbar scan again?

 

Or, should I just ignore running the Mbar scan, since the other scans have come up clean and performance is much smoother now?

 

Thanks,






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users