Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scans found issues:


  • Please log in to reply
9 replies to this topic

#1 56curious

56curious

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 13 May 2017 - 01:30 PM

Hello, so this "friend" sent me a link that was an imgur link with just a 1x1 pixel in size after I shouted at him because he kept playing music thorugh his mic. Anyway, I heard him say to someone something about a rat so I grabbed a new IP (he kept calling places out in the country I live, nowhere close however) and then monitered processes and network traffic for a while. I then stumbled upon this post,

https://www.bleepingcomputer.com/forums/t/602475/laptop-using-way-too-much-broadband/

and there were a bunch of detection programs.

I got to the end of the first post and here is what it out putted:

NOTE Secuirty Check wasn't accessable so...

 

Adwr Cleaner:

 

# AdwCleaner v6.046 - Logfile created 13/05/2017 at 18:32:40
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-13.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : User - CURIOUS
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\ProgramData\Auslogics
Folder Found:  C:\ProgramData\Application Data\Auslogics


***** [ Files ] *****

File Found:  C:\END


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKU\S-1-5-21-3147170597-1186621066-2491712165-1001\Software\distromatic
Key Found:  HKCU\Software\distromatic
Key Found:  HKLM\SOFTWARE\Auslogics
Key Found:  [x64] HKCU\Software\distromatic


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1232 Bytes] - [13/05/2017 18:32:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1305 Bytes] ##########
 

 

Malwarebytes Anti rootkit:

 

No malware was found (No option to copy logs)

 

if you lot could help me from here that would be awesome :D



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:13 PM

Posted 13 May 2017 - 03:22 PM

Welcome to BC....

 

Rerun AdwCleaner and be sure to click on Clean when scan finishes.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 56curious

56curious
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 14 May 2017 - 03:07 AM

Hello Buddy215 and thank you for the reply, here is the contents of the log files:

 

Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/13/17
Scan Time: 10:37 PM
Log File: Malw.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1934
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: CURIOUS\User

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406404
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 11 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

 

Junkware Removeal tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by User (Administrator) on 14/05/2017 at  8:58:31.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 58

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N1AQRJJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T40XR2Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41635PJ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DVD16WA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NLAQPP6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UQOJ9AC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGBSJIZF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CAA6OR33 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXXGB1Z3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7WBIARM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8YTFCHQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMMPL92E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQLEZJKF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQR6E4EG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KN0AP5K6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO151RK5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LX887RYY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXZ0A06E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWEZPCQY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SI0ZF3DH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UC0XJM8A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UW9MU757 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQFL9D9I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNKGYX0D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N1AQRJJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T40XR2Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41635PJ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DVD16WA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NLAQPP6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UQOJ9AC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGBSJIZF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CAA6OR33 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXXGB1Z3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7WBIARM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8YTFCHQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMMPL92E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQLEZJKF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQR6E4EG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KN0AP5K6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO151RK5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LX887RYY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXZ0A06E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWEZPCQY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SI0ZF3DH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UC0XJM8A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UW9MU757 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQFL9D9I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNKGYX0D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\REN59D3.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENCDF9.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/05/2017 at  9:00:31.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Protection was shut down and it oopening in a CMD window (I'm on win 7). Scan was about a minute or two so i presume everything seems fine so far. Again, if he hasn't RATted me, I can rest well haha.



#4 56curious

56curious
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 14 May 2017 - 03:11 AM

Unless i'm blind, I couln't see the edit button haha, When I opened my browser this morning after the CCleaner run last night, two websites were blocked and youtube, as I expected was logged out (Cookie clear etc).

 

Here is the report:

 

Block 1:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/14/17
Protection Event Time: 8:54 AM
Log File: log1.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1935
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: dprtb.com
IP Address: 209.15.13.136
Port: [49499]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe



(end)

 

 

 

Block 2:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/14/17
Protection Event Time: 8:54 AM
Log File: log2.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1935
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: dprtb.com
IP Address: 209.15.13.136
Port: [49499]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe



(end)



#5 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:13 PM

Posted 14 May 2017 - 04:50 AM

Please download MiniToolBox and run it.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 56curious

56curious
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 14 May 2017 - 09:30 AM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by User (administrator) on 14-05-2017 at 11:03:24
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

**** End of log ****
 

 

 

SecurityCheck by glax24 & Severnyj v.1.4.0.49 [15.04.17]
WebSite: www.safezone.cc
DateLog: 14.05.2017 12:32:24
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: User
VersionXML: 4.24is-13.05.2017
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 15.12.2014 11:21:33
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Notepad++\notepad++.exe
SystemDrive: C: FS: [NTFS] Capacity: [930.5 Gb] Used: [745.5 Gb] Free: [185 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 10.0.9200.17609 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2017-05-10 21:49:16
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avira Antivirus (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Avira Antivirus (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avira Antivirus v.15.0.26.48
ESET Online Scanner v3
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.50906.0
7-Zip 15.09 beta v.15.09 Warning! Download Update
Uninstall old version and install new one.
FileZilla Client 3.24.0 v.3.24.0 Warning! Download Update
TeamViewer 12 v.12.0.72365 Warning! Download Update
VLC media player v.2.2.4 Warning! Download Update
TeamViewer 12 (TeamViewer) - The service is running
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.33 v.7.33.104 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 77 (64-bit) v.8.0.770.3 Warning! Download Update
Uninstall old version and install new one (jre-8u131-windows-x64.exe).
Java 8 Update 77 v.8.0.770.3 Warning! Download Update
Uninstall old version and install new one (jre-8u131-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.15.0.0.356 Warning! Download Update
Adobe Flash Player 25 ActiveX v.25.0.0.171
Adobe Flash Player 25 NPAPI v.25.0.0.171
Adobe Acrobat Reader DC v.17.009.20044
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 53.0.2 (x86 en-GB) v.53.0.2
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.53.0.2.6333
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avira Scheduler (AntiVirSchedulerService) - The service is running
C:\Program Files (x86)\Avira\Antivirus\sched.exe v.15.0.26.45
Avira Real-Time Protection (AntiVirService) - The service is running
C:\Program Files (x86)\Avira\Antivirus\avguard.exe v.15.0.26.45
Avira Mail Protection (AntiVirMailService) - The service has stopped
Avira Web Protection (AntiVirWebService) - The service has stopped
Avira Service Host (Avira.ServiceHost) - The service is running
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe v.1.2.83.46341
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe v.1.2.83.46341
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe v.15.0.26.48
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe v.15.0.26.45
Windows Defender (WinDefend) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
 



#7 56curious

56curious
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 14 May 2017 - 09:31 AM

ESET Online Scanner Is still going, 4 and a half hours, longer than everything i've done put together.



#8 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:13 PM

Posted 14 May 2017 - 10:31 AM

That is because of the huge volume of data on the hdd.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 56curious

56curious
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 14 May 2017 - 01:07 PM

Scan completed, no threats found.



#10 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:13 PM

Posted 14 May 2017 - 01:43 PM

Uninstall these programs:

Java 8 Update 77 (64-bit) v.8.0.770.3

Java 8 Update 77 v.8.0.770.3

Adobe AIR v.15.0.0.356

 

Update Internet Explorer

 

Do a complete uninstall of Firefox. You should backup your Bookmarks before doing that. Bookmarks > Show All Bookmarks > Import and Backup > Export Bookmarks to HTML. Save that on your Desktop.

Run the uninstaller for Firefox. Once that has completed do searches for Firefox and Mozilla. Delete all that is found. Click on Start > Enter Firefox in Search Box > Repeat for Mozilla.

 

Once completely uninstalled...download from here to reinstall.

Download Firefox — Free Web Browser — Mozilla

 

The reason for that is because whatever was trying to call home that MBAM identified is located in Firefox.


Edited by buddy215, 14 May 2017 - 01:46 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users