Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

some keys not working qweruiop


  • This topic is locked This topic is locked
4 replies to this topic

#1 Gladsaxe

Gladsaxe

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 06 May 2017 - 06:59 PM

some keys not working qweruiop the rest are working and I was not damaging them. All antiviruses failed or malware programs.ty for help

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by Lenovo (administrator) on LENOVO-PC (07-05-2017 02:39:50)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2wizard.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9771568 2017-02-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2017-02-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-03] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8545424 2017-04-24] (Emsisoft Ltd)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2016-03-19] (alch)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2845926241-1627304296-516518157-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2845926241-1627304296-516518157-1000\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems)
HKU\S-1-5-21-2845926241-1627304296-516518157-1000\...\Run: [uTorrent] => C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe [2403520 2017-04-30] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-05-07]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{557D82CA-EBBC-4AE5-AA35-EECBC1C3D20C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2845926241-1627304296-516518157-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2845926241-1627304296-516518157-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2sy381lh.default
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\2sy381lh.default [2017-05-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2017-05-07]
CHR Extension: (Google Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-29]
CHR Extension: (Google Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-29]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-29]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-29]
CHR Extension: (Google Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-29]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [8147528 2017-04-24] (Emsisoft Ltd)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-03] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-03] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-04-27] (AVG Technologies CZ, s.r.o.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-18] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-03] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-03] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-03] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-03] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-03] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-03] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-04-28] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-03] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-03] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-03] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557912 2017-04-28] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-03] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-03] (AVG Technologies CZ, s.r.o.)
S1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [12309440 2011-09-26] (Intel Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-05-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-07] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-07] (Malwarebytes)
S3 AIDA64Driver; \??\C:\Users\Lenovo\AppData\Local\Temp\AIDA64Driver.sys [X] <==== ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-07 02:39 - 2017-05-07 02:40 - 00015709 _____ C:\Users\Lenovo\Downloads\FRST.txt
2017-05-07 02:39 - 2017-05-07 02:39 - 02429440 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2017-05-07 02:39 - 2017-05-07 02:39 - 00000000 ____D C:\FRST
2017-05-07 02:37 - 2017-05-07 02:37 - 01769984 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST.exe
2017-05-07 02:30 - 2017-05-07 02:34 - 00000000 ____D C:\ProgramData\Emsisoft
2017-05-07 02:29 - 2017-05-07 02:29 - 00000896 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-05-07 02:29 - 2017-05-07 02:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-05-07 02:28 - 2017-05-07 02:34 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-05-07 02:26 - 2017-05-07 02:27 - 253383016 _____ (Emsisoft Ltd. ) C:\Users\Lenovo\Downloads\EmsisoftAntiMalwareSetup.exe
2017-05-07 02:24 - 2017-05-07 02:24 - 00001079 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2017-05-07 02:24 - 2017-05-07 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-05-07 02:24 - 2017-05-07 02:24 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-05-07 02:24 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2017-05-07 02:24 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2017-05-07 02:23 - 2017-05-07 02:23 - 04291320 _____ (BrightFort LLC ) C:\Users\Lenovo\Downloads\spywareblastersetup55.exe
2017-05-07 02:22 - 2017-05-07 02:22 - 11123584 _____ (McAfee, Inc.) C:\Users\Lenovo\Downloads\SecurityScan_Release.exe
2017-05-07 02:22 - 2017-05-07 02:22 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-05-07 02:22 - 2017-05-07 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-05-07 02:22 - 2017-05-07 02:22 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-05-07 02:22 - 2017-05-07 02:22 - 00000000 ____D C:\ProgramData\McAfee
2017-05-07 02:22 - 2017-05-07 02:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-05-07 01:44 - 2017-05-07 01:45 - 05660059 _____ (Swearware) C:\Users\Lenovo\Downloads\ComboFix(1).exe
2017-05-07 01:37 - 2017-05-07 01:37 - 00014376 _____ C:\ComboFix.txt
2017-05-07 01:30 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2017-05-07 01:30 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2017-05-07 01:30 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-05-07 01:30 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-05-07 01:30 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-05-07 01:30 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2017-05-07 01:30 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2017-05-07 01:30 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2017-05-07 01:26 - 2017-05-07 01:37 - 00000000 ____D C:\Qoobox
2017-05-07 01:26 - 2017-05-07 01:36 - 00000000 ____D C:\Windows\erdnt
2017-05-07 01:25 - 2017-05-07 01:26 - 05660059 ____R (Swearware) C:\Users\Lenovo\Downloads\ComboFix.exe
2017-05-07 01:24 - 2017-05-07 01:24 - 04089296 _____ C:\Users\Lenovo\Downloads\AdwCleaner(1).exe
2017-05-07 01:15 - 2017-05-07 01:15 - 00000000 ____D C:\Users\Lenovo\Desktop\New folder123333333333333333333333333
2017-05-07 01:14 - 2017-05-07 01:14 - 06559869 _____ C:\Users\Lenovo\Downloads\PCHunter_free.zip
2017-05-07 00:52 - 2017-05-07 01:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-07 00:52 - 2017-05-07 00:52 - 00000000 ____D C:\Users\Lenovo\Documents\ProcAlyzer Dumps
2017-05-07 00:51 - 2017-05-07 00:51 - 00000000 ____D C:\Users\Lenovo\Downloads\SpybotPortable
2017-05-07 00:50 - 2017-05-07 00:50 - 119710544 _____ (PortableApps.com) C:\Users\Lenovo\Downloads\SpybotPortable_2.5.paf.exe
2017-05-07 00:23 - 2017-05-07 01:24 - 00000000 ____D C:\AdwCleaner
2017-05-07 00:23 - 2017-05-07 00:23 - 01663672 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\JRT.exe
2017-05-07 00:22 - 2017-05-07 00:23 - 04089296 _____ C:\Users\Lenovo\Downloads\AdwCleaner.exe
2017-05-06 23:44 - 2017-05-06 23:44 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Curiolab
2017-05-06 23:43 - 2017-05-07 00:01 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2017-05-06 23:43 - 2017-05-06 23:43 - 00001081 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2017-05-06 23:43 - 2017-05-06 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2017-05-06 23:42 - 2017-05-06 23:42 - 15637544 _____ (CURIOLAB S.M.B.A.) C:\Users\Lenovo\Downloads\ExterminateItSetup.exe
2017-05-06 23:39 - 2017-05-06 23:41 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\.clamwin
2017-05-06 23:39 - 2017-05-06 23:39 - 00001117 _____ C:\Users\Public\Desktop\ClamWin Antivirus.lnk
2017-05-06 23:39 - 2017-05-06 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2017-05-06 23:39 - 2017-05-06 23:39 - 00000000 ____D C:\ProgramData\.clamwin
2017-05-06 23:39 - 2017-05-06 23:39 - 00000000 ____D C:\Program Files (x86)\ClamWin
2017-05-06 23:38 - 2017-05-06 23:38 - 120690586 _____ (alch ) C:\Users\Lenovo\Downloads\clamwin-0.99.1-setup.exe
2017-05-06 23:31 - 2017-05-07 01:57 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-06 23:31 - 2017-05-07 01:40 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-06 23:31 - 2017-05-07 01:40 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-06 23:31 - 2017-05-07 01:40 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-06 23:31 - 2017-05-07 01:40 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-06 23:31 - 2017-05-06 23:31 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-06 23:31 - 2017-05-06 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-06 23:31 - 2017-05-06 23:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-06 23:31 - 2017-05-06 23:31 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-06 23:31 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-06 23:29 - 2017-05-06 23:30 - 60107896 _____ (Malwarebytes ) C:\Users\Lenovo\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-06 22:41 - 2017-05-06 23:06 - 00046778 _____ C:\Users\Lenovo\Desktop\aprilie 20171.ods
2017-05-05 01:40 - 2017-05-05 01:40 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-04 15:18 - 2017-05-06 22:41 - 00000000 ____D C:\Users\Lenovo\Desktop\desktop apr 2017
2017-05-01 23:36 - 2017-05-01 23:36 - 00493367 _____ C:\Users\Lenovo\Downloads\Fundamentals_binder.pdf
2017-05-01 04:24 - 2017-05-01 04:28 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\vlc
2017-04-30 22:29 - 2017-04-30 22:30 - 234988995 _____ C:\Users\Lenovo\Downloads\html deep dive.rar
2017-04-30 20:54 - 2017-05-06 23:09 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Pluto TV
2017-04-30 20:51 - 2017-04-30 20:51 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Opera Software
2017-04-30 20:51 - 2017-04-30 20:51 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Opera Software
2017-04-30 20:50 - 2017-05-01 22:14 - 00000000 ____D C:\Program Files\Opera
2017-04-30 20:50 - 2017-04-30 20:50 - 00002606 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-04-30 20:49 - 2017-05-07 02:28 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\uTorrent
2017-04-30 20:49 - 2017-04-30 20:49 - 02403520 _____ (BitTorrent Inc.) C:\Users\Lenovo\Downloads\uTorrent.exe
2017-04-30 18:29 - 2017-05-06 03:48 - 00000000 ____D C:\Users\Lenovo\Desktop\ScreenShots
2017-04-30 18:25 - 2017-04-30 18:25 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Gadwin
2017-04-30 18:25 - 2017-04-30 18:25 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Gadwin
2017-04-30 18:24 - 2017-04-30 18:24 - 13287142 _____ C:\Users\Lenovo\Downloads\PrintScreen542_Setup.zip
2017-04-30 18:24 - 2017-04-30 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin
2017-04-30 18:24 - 2017-04-30 18:24 - 00000000 ____D C:\Program Files\Gadwin
2017-04-30 18:15 - 2017-04-30 18:15 - 00128553 _____ C:\Users\Lenovo\Downloads\Advanced-SEO-Blueprint.pdf
2017-04-30 17:01 - 2017-04-30 17:35 - 00026468 _____ C:\Users\Lenovo\Desktop\New OpenDocument Spreadsheet.ods
2017-04-30 16:21 - 2017-04-30 16:21 - 01176296 _____ C:\Users\Lenovo\Downloads\UC-WE06O16M.pdf
2017-04-28 03:47 - 2017-04-28 03:47 - 00037341 _____ C:\Users\Lenovo\Desktop\CV-radu-muresan.pdf
2017-04-26 01:14 - 2017-04-26 01:13 - 00271606 _____ C:\Users\Lenovo\Desktop\Digital-Marketing-Plan-Template.pdf
2017-04-26 01:13 - 2017-04-26 01:13 - 00271606 _____ C:\Users\Lenovo\Downloads\Digital-Marketing-Plan-Template.pdf
2017-04-22 01:21 - 2017-04-22 02:11 - 00000000 ____D C:\Program Files (x86)\CgmBetSystems
2017-04-22 01:21 - 2017-04-22 01:21 - 21441856 _____ (CgmBet ) C:\Users\Lenovo\Downloads\CgmBetSetup.exe
2017-04-22 01:21 - 2017-04-22 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CgmBetSystems
2017-04-22 01:21 - 2004-03-09 17:45 - 00609824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2017-04-22 01:21 - 2004-03-09 16:45 - 01010720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mschrt20.ocx
2017-04-22 01:21 - 2004-03-09 16:45 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2017-04-22 01:21 - 2004-03-09 16:45 - 00132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2017-04-21 23:13 - 2017-04-21 23:13 - 00282300 _____ C:\Users\Lenovo\Desktop\DM-Terminology.pdf
2017-04-21 22:05 - 2017-04-21 22:05 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-04-21 22:03 - 2017-04-21 22:03 - 00000000 ____D C:\Users\Lenovo\AppData\LocalLow\Oracle
2017-04-21 20:21 - 2017-05-06 04:00 - 00012288 _____ C:\Users\Lenovo\Desktop\calculator mug - Copy (2) - Copy.xls
2017-04-20 14:53 - 2017-04-18 15:54 - 00104559 _____ C:\Users\Lenovo\Documents\echipe.xls_0.ods
2017-04-20 14:53 - 2017-04-18 15:54 - 00016618 _____ C:\Users\Lenovo\Documents\calculator%20mug%20-%20Copy%20(2).xls_0.ods
2017-04-18 22:17 - 2017-04-18 22:17 - 00000000 ____D C:\Users\Lenovo\AppData\LocalLow\Sun
2017-04-17 01:25 - 2017-05-06 22:36 - 00007891 _____ C:\Users\Lenovo\Desktop\aprilie 2017.ods
2017-04-13 17:16 - 2017-04-14 01:08 - 00000321 _____ C:\Users\Lenovo\Desktop\New Text Document.txt
2017-04-13 17:05 - 2017-04-13 17:06 - 311905879 _____ C:\Users\Lenovo\Desktop\Completare D200.mkv
2017-04-11 20:48 - 2017-04-11 20:48 - 06230616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-07 02:25 - 2017-02-07 11:55 - 00000000 ____D C:\ProgramData\Temp
2017-05-07 02:24 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-05-07 02:24 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-05-07 01:46 - 2009-07-14 07:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-07 01:46 - 2009-07-14 07:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-07 01:41 - 2017-02-07 11:24 - 00000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2017-05-07 01:39 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-07 01:35 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2017-05-07 00:45 - 2017-02-07 15:38 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-07 00:33 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2017-05-07 00:32 - 2017-02-07 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-07 00:32 - 2017-02-07 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-06 01:49 - 2017-02-07 12:12 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-05 08:19 - 2017-02-11 18:13 - 00012288 _____ C:\Users\Lenovo\Desktop\calculator mug - Copy (2).xls
2017-05-05 05:10 - 2009-07-14 08:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-05 01:40 - 2017-02-24 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-03 23:23 - 2017-03-29 02:00 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-03 23:21 - 2017-02-07 12:15 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-05-01 22:15 - 2017-02-07 15:50 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2017-04-28 22:15 - 2017-02-07 12:15 - 00557912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsp.sys
2017-04-28 22:15 - 2017-02-07 12:15 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys
2017-04-28 03:54 - 2017-03-29 01:59 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 03:54 - 2017-03-29 01:59 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-21 22:06 - 2017-02-07 12:29 - 00000000 ____D C:\ProgramData\Oracle
2017-04-21 22:05 - 2017-02-07 12:30 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-04-21 22:05 - 2017-02-07 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-21 22:05 - 2017-02-07 12:30 - 00000000 ____D C:\Program Files\Java
2017-04-21 22:05 - 2017-02-07 12:29 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-21 22:04 - 2017-02-07 12:30 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-21 02:41 - 2017-03-10 13:52 - 00237056 _____ C:\Users\Lenovo\Desktop\echipe.xls
2017-04-20 13:38 - 2017-04-02 22:30 - 00000000 ____D C:\Program Files\CCleaner
2017-04-13 23:55 - 2017-02-07 23:08 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-13 23:23 - 2017-02-07 15:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-11 20:48 - 2017-02-07 15:16 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 20:48 - 2017-02-07 15:16 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 20:48 - 2017-02-07 15:16 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 20:48 - 2017-02-07 15:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 20:48 - 2017-02-07 15:16 - 00000000 ____D C:\Windows\system32\Macromed

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-04 00:33

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 PM

Posted 09 May 2017 - 07:46 AM

Gladsaxe:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
Have you tried plugging in another keyboard to see if that works properly?  What makes you think that the malware is responsible for the keyboard malfunction?
 
I will need some time to review your FRST logs to see if there is any malware being detected.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 PM

Posted 09 May 2017 - 11:20 AM

Gladsaxe:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.


.


:step2: Please uninstall McAfee Security Scan Plus from your computer. Please use the Control Panel, Add/Remove Programs to do so. Please see this link for more information on this program. You should also note that running more than one anti-virus application can cause all sorts of issues with your computer. Please see this link for more information.

You also have AVG, ClamWin, Exterminate It!, Emsisoft, Malwarebytes, McAfee Security Scan Plus, Spybot Search & Destroy (portable version), and Spyware Blaster all installed on your computer. Having that many security programs is certain to cause computer performance issues. You should only have one anti-virus program and one anti-malware program, with real-time protection capabilities, installed and active on your computer at any one time.

You could keep AVG and Malwarebytes; or, Emsisoft combines both anti-virus and anti-malware capabilities and is used by many of the staff here at Bleeping Computer.

My strong recommendation is that you uninstall all "extra" security programs. You decide what you want to keep, and then please uninstall the rest of the security programs.

I would also suggest that you consider uninstalling Exterminate It!. This program is not well regarded. See this link for more information. It is your computer, and the program is a paid software, so you decide what you want to do. I am only making a suggestion. Personally, I would not have that program on my computer. There are lots of better anti-malware programs available.

Please let me know what programs you uninstall from your computer. I am going to request another set of FRST logs, at the very end of this post, after you have run the FRST "fix" script for me, to determine if there are any remnants of the uninstalled programs remaining.


.


:step3: The FRST logs show evidence that ComboFix has been run on this computer. You should be aware that ComboFix is a very powerful program, which can, in some cases, render a computer unbootable. It should not be used except when directed by a qualifed Malware Removal Specialist. Please see this link for more information on why the unsupervised use of ComboFix is NOT recommended.

If you wish, in a later post, I will remove the ComboFix program, and all of its tentacles, from your computer. That has to be done carefully. Please let me know if you want me to remove ComboFix for you.


.


:step4: Please run a FRST fix for me.

Please note that this "fixlist" script will also remove remnants of Spybot Search & Destroy. This program is no longer recommended. Please see this link for more information.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2845926241-1627304296-516518157-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 AIDA64Driver; \??\C:\Users\Lenovo\AppData\Local\Temp\AIDA64Driver.sys [X] <==== ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CMD: type C:\ComboFix.txt
2017-05-07 00:52 - 2017-05-07 01:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-07 00:51 - 2017-05-07 00:51 - 00000000 ____D C:\Users\Lenovo\Downloads\SpybotPortable
2017-05-07 00:50 - 2017-05-07 00:50 - 119710544 _____ (PortableApps.com) C:\Users\Lenovo\Downloads\SpybotPortable_2.5.paf.exe
File: C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.


:step5: Please reboot your computer

Please download the newest version of FRST64.exe from this link. Please run another FRST scan for me.

Please copy and paste the contents of both the "FRST.txt" file and the "Addition.txt" file into your next reply.

.


Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 PM

Posted 12 May 2017 - 09:58 AM

Gladsaxe:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 PM

Posted 14 May 2017 - 04:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users