Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 is slow in Normal mode but perfectly fast in Safe mode? Any fix ??


  • This topic is locked This topic is locked
6 replies to this topic

#1 Joey-Sarkaria

Joey-Sarkaria

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 12 June 2017 - 02:42 AM

It's been happening from this last week, even there is no background apps running or no apps running, my laptop will be releasing hot air and responding super slow. This morning i boot it in safe mode and found out everything is fast and perfect.

My firewall is mostly detecting only 2 things and I don't know how to remove them!

1. Sound.exe
2. Nhqeminer

I don't wanna lose anything on my pc since all my backups are in it and since my pc is already infected I cannot put the files on external harddrive. I would like to get it clean first so i can make a backup of my computer.

Additional Details about my Laptop
Intel core : i3
6Gb Ram
451 hdd

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:36 AM

Posted 12 June 2017 - 08:49 AM

Please run the following scans and post the logs for these scan in your topic.  Do NOT wrap your logs in "quote" or "code" brackets.  Do NOT use spoilers. 
 
These scan cannot be run in the Windows Forums, for this reason I will request that this topic be moved to the Am I Infected forum where these tolls are allowed.
 
Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

mbam1_zps98e7fba9.png

3)  Click on Settings, you will see a image like the one below.

malware%20settings_zpsixkea5sd.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

malwarenew_zps34b58fdc.png

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please run AdwCleaner

Please download AdwCleaner and install it.

When AdwCleaner opens you will see an image like the one below.

adwcleaner11_zps48314883.png

Click on Scan to start the scan.

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive the following message.

adwcleaner%20111_zpsiduqrrrp.png  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

Edited by dc3, 12 June 2017 - 08:50 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 01 July 2017 - 09:11 PM

 

Please run the following scans and post the logs for these scan in your topic.  Do NOT wrap your logs in "quote" or "code" brackets.  Do NOT use spoilers. 
 
These scan cannot be run in the Windows Forums, for this reason I will request that this topic be moved to the Am I Infected forum where these tolls are allowed.
 
Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

mbam1_zps98e7fba9.png

3)  Click on Settings, you will see a image like the one below.

malware%20settings_zpsixkea5sd.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

malwarenew_zps34b58fdc.png

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please run AdwCleaner

Please download AdwCleaner and install it.

When AdwCleaner opens you will see an image like the one below.

adwcleaner11_zps48314883.png

Click on Scan to start the scan.

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive the following message.

adwcleaner%20111_zpsiduqrrrp.png  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2017-07-01
Scan Time: 7:13 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Prabh
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 407469
Time Elapsed: 43 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by Joey-Sarkaria, 01 July 2017 - 10:05 PM.


#4 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 01 July 2017 - 10:10 PM

 

Please run the following scans and post the logs for these scan in your topic.  Do NOT wrap your logs in "quote" or "code" brackets.  Do NOT use spoilers. 
 
These scan cannot be run in the Windows Forums, for this reason I will request that this topic be moved to the Am I Infected forum where these tolls are allowed.
 
Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

mbam1_zps98e7fba9.png

3)  Click on Settings, you will see a image like the one below.

malware%20settings_zpsixkea5sd.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

malwarenew_zps34b58fdc.png

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please run AdwCleaner

Please download AdwCleaner and install it.

When AdwCleaner opens you will see an image like the one below.

adwcleaner11_zps48314883.png

Click on Scan to start the scan.

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive the following message.

adwcleaner%20111_zpsiduqrrrp.png  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

 

AdwCleaner LogFile :

 

 

# AdwCleaner v6.047 - Logfile created 01/07/2017 at 20:10:22
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Prabh - GAME-OVER
# Running from : C:\Users\Prabh\Downloads\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: majjphhgppkndjjkmhhnbgafooenebhd
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C10].txt - [2480 Bytes] - [25/06/2017 13:02:36]
C:\AdwCleaner\AdwCleaner[C11].txt - [949 Bytes] - [01/07/2017 20:10:22]
C:\AdwCleaner\AdwCleaner[C1].txt - [2730 Bytes] - [09/08/2016 21:00:09]
C:\AdwCleaner\AdwCleaner[C2].txt - [1692 Bytes] - [11/08/2016 11:53:25]
C:\AdwCleaner\AdwCleaner[C3].txt - [5692 Bytes] - [18/08/2016 17:14:30]
C:\AdwCleaner\AdwCleaner[C4].txt - [1656 Bytes] - [23/08/2016 08:58:56]
C:\AdwCleaner\AdwCleaner[C5].txt - [2103 Bytes] - [06/09/2016 11:49:18]
C:\AdwCleaner\AdwCleaner[C6].txt - [2204 Bytes] - [14/09/2016 02:21:00]
C:\AdwCleaner\AdwCleaner[C7].txt - [2716 Bytes] - [16/10/2016 21:12:06]
C:\AdwCleaner\AdwCleaner[C8].txt - [2234 Bytes] - [17/10/2016 18:40:48]
C:\AdwCleaner\AdwCleaner[C9].txt - [2348 Bytes] - [22/11/2016 22:37:20]
C:\AdwCleaner\AdwCleaner[S10].txt - [2461 Bytes] - [04/03/2017 07:40:12]
C:\AdwCleaner\AdwCleaner[S11].txt - [2817 Bytes] - [25/06/2017 13:00:58]
C:\AdwCleaner\AdwCleaner[S12].txt - [3001 Bytes] - [01/07/2017 20:07:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [2764 Bytes] - [09/08/2016 20:57:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [1506 Bytes] - [11/08/2016 11:50:57]
C:\AdwCleaner\AdwCleaner[S3].txt - [5735 Bytes] - [18/08/2016 17:09:16]
C:\AdwCleaner\AdwCleaner[S4].txt - [1756 Bytes] - [23/08/2016 08:58:21]
C:\AdwCleaner\AdwCleaner[S5].txt - [2145 Bytes] - [06/09/2016 11:46:16]
C:\AdwCleaner\AdwCleaner[S6].txt - [2407 Bytes] - [14/09/2016 02:20:31]
C:\AdwCleaner\AdwCleaner[S7].txt - [2765 Bytes] - [16/10/2016 21:11:25]
C:\AdwCleaner\AdwCleaner[S8].txt - [2333 Bytes] - [17/10/2016 18:31:48]
C:\AdwCleaner\AdwCleaner[S9].txt - [2448 Bytes] - [22/11/2016 20:27:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C11].txt - [2558 Bytes] ##########
 

Edited by Joey-Sarkaria, 01 July 2017 - 10:16 PM.


#5 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 02 July 2017 - 04:00 AM

ESET Online Scanner Log File
 
C:\$RECYCLE.BIN\S-1-5-21-2243171186-2860035005-3469232857-1001\$RK520DD.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\$RECYCLE.BIN\S-1-5-21-2243171186-2860035005-3469232857-1002\$RFESW7X.exe Win32/InstallCore.AUE potentially unwanted application cleaned by deleting
C:\Program Files (x86)\iMCS Productions\Advanced Warfare - Recovery Tool\Advanced Warfare - Recovery Tool.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{0D3F1B66-1A1A-4F09-8A78-FA19DB28561E}\hkcmd.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{0FF19F1E-5AC4-4DDA-B788-0AE00D903EC4}\explorer.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{1AE1D92C-128D-4BDD-B1A6-F0C1BCBD93B3}\explorer.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{1BCEC568-0357-4B4F-97C3-EA76B79ACCBA}\wscript.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{1DE3C1DC-AADF-4333-ADB3-1653A735BFC9}\WerFault.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{1ED1FECE-82BD-4EFB-97FA-5B1F071BCDC8}\Microsoft.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{2CFA0223-D00D-4646-88EC-BD3D608EA597}\Internet.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{349098CE-256E-4428-AEF7-CF077372E91D}\Windows.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{389D4FAE-7F7D-4937-8AAC-69BC84097AE0}\Defender.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{5FB696B7-2F74-454B-A8FD-776114F1E2EC}\wscript.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{66D182BE-810E-4F11-9535-5E735C756557}\iexplore.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{6A2924D2-D8B0-47A7-8031-899452090770}\Internet.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{6FB931F2-F4B1-4237-83C4-08EDE8C6C81C}\explorer.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{7A94112D-0922-423D-B970-2E7FFCCFE0B7}\Skype.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{82342157-9BDA-40ED-8019-4877FA97A76E}\config.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{82B78927-9812-4B15-8B6A-33EF6E0A1320}\Defender.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{8537E620-33F3-45B5-9BD3-1C59A15829AD}\services.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{8B802D75-824D-415A-882D-607D2C34D32D}\Java.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{936E9B80-C10C-49A1-9ED1-B9565105B77F}\taskeng.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{A62EDD38-A55A-4063-8679-8808C2EC0EC6}\wuauclt.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{A797C39F-52AB-4094-93D9-C66150B052B6}\taskmgr.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{AC708A1D-E37A-4E98-A3F5-10AB1C4004C3}\Defender.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{AD13D19C-586B-4406-887F-DBCEA3F73F23}\csrss.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{B0516CE8-8909-4806-B6C0-EEB69AD1F53F}\WerFault.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{B7133ADD-8605-48B0-85A2-5A172A359BAE}\chrome.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{C5F9B88E-4B27-4A14-B7F1-1CED676ED786}\chrome.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{D297D91E-61C9-48D7-96BD-A5B633693B36}\wuauclt.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{D699868B-6C0E-46C6-8773-990F043CBFB5}\cscript.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{E2D8DA80-8280-4868-9214-141C1E494819}\cleanmgr.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{E658ED41-BA12-4F92-B600-47D7893B1A6A}\Internet.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{FDDBC394-E234-4934-92F7-7F9BFBBEFBA8}\cleanmgr.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Microsoft\Windows\{FDFD2D29-2238-43B9-8653-B212F36B733B}\iexplore.exe a variant of Win32/Injector.DPPR trojan cleaned by deleting
C:\Users\Prabh\AppData\Local\Temp\RarSFX2\Zec64.exe a variant of Win64/BitCoinMiner.BX potentially unsafe application cleaned by deleting
C:\Users\Prabh\AppData\Roaming\3vbw0.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\40zTG.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\CNZD7.exe BAT/CoinMiner.PP trojan deleted
C:\Users\Prabh\AppData\Roaming\ElOgE.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\EyqWa.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\KdYDB.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\lxHQx.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\MZYEt.exe a variant of MSIL/TrojanDropper.Agent.DBQ trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\nRhpR.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\QoKR9.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\tADJ0.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\tLz77.exe a variant of Generik.IPEEDDM trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\UQ0PT.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\uwLDB.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\Wx1gT.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\YtaoF.exe a variant of MSIL/TrojanDropper.Agent.DBQ trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\BitTorrent\updates\7.9.2_38914.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msceInter.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msceIntern.exe BAT/CoinMiner.PP trojan cleaned by deleting
C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prog.exe a variant of Win64/BitCoinMiner.BX potentially unsafe application deleted
C:\Users\Prabh\Desktop\Call of DDoS (PS3 Edition).exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\Prabh\Documents\lanc full install.rar a variant of Win32/FreeNew.B potentially unwanted application deleted
C:\Users\Prabh\Documents\Advance Warfare\Project_Execution_AW.Rar a variant of Generik.NQHKHNL trojan deleted
C:\Users\Prabh\Documents\Advance Warfare\setup-awrt-1.10.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\Advance Warfare\MrModzFTWxD AW Tool 1.20\MrModzFTWxD AW Tool 1.20\MrModzFTWxD Advanced Warfare RTM Tool.exe a variant of MSIL/Packed.Confuser.P suspicious application cleaned by deleting
C:\Users\Prabh\Documents\Android Backup\Download\com.range.wifi.android.extender.downloader.apk a variant of Android/Aio.A potentially unwanted application deleted
C:\Users\Prabh\Documents\Black Ops2\Destiny by Enstone.rar a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\Prabh\Documents\Black Ops2\Project HaZe Injector - Unpacked by God.rar a variant of Win32/Packed.NoobyProtect.G suspicious application deleted
C:\Users\Prabh\Documents\Black Ops2\Purple Haze V2.rar a variant of MSIL/Packed.Confuser.J suspicious application deleted
C:\Users\Prabh\Documents\Black Ops2\Quickz Advanced Non Host v1.2.rar a variant of MSIL/Packed.Confuser.J suspicious application deleted
C:\Users\Prabh\Documents\Black Ops2\BO2 RTM Tool 1.19 By Geo\BO2 RTM Tool 1.19 By Geo\MsHost.exe a variant of Win64/CoinMiner.BB trojan cleaned by deleting
C:\Users\Prabh\Documents\Black Ops2\Destiny by Enstone\BO2DestinyV1.12_CCAPI_package.rar a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\Prabh\Documents\Black Ops2\Destiny by Enstone\BO2Destiny_CCAPI.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\Black Ops2\Destiny by Enstone\BO2DestinyV1.12_CCAPI_package\BO2Destiny_CCAPI.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\Black Ops2\Purple Haze V2\Purple Haze V2\PURPLEHAZEV2.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\Prabh\Documents\Black Ops2\Quickz Advanced Non Host v1.2\Quickz Advanced Non Host v1.2\Quickz Advanced Non Host v 1.2.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\Prabh\Documents\BlackOps3\Black Ops 3 - Public Cheater (DEX&CEX).rar a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\Prabh\Documents\BlackOps3\setup-bo3pc-1.00.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\Ghosts\GHOSTSEternityV1.03_CCAPI_package.rar a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\Prabh\Documents\Ghosts\GHOSTSEternity\GHOSTSEternity_CCAPI.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\MEGAsync Downloads\AW (S).zip a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\Prabh\Documents\MEGAsync Downloads\B777x RTM Tool (Public).exe a variant of MSIL/Injector.MUW trojan cleaned by deleting
C:\Users\Prabh\Documents\MEGAsync Downloads\Black Ops 3 RTM Tool by Brevz [1.07].exe a variant of MSIL/Packed.Confuser.P suspicious application cleaned by deleting
C:\Users\Prabh\Documents\MEGAsync Downloads\Jovian Multi-Tool Version 1.0.1.rar a variant of Generik.KXRNRPX trojan deleted
C:\Users\Prabh\Documents\MEGAsync Downloads\MrModzFTWxD AW Tool 1.20.zip a variant of MSIL/Packed.Confuser.P suspicious application deleted
C:\Users\Prabh\Documents\MEGAsync Downloads\AW (S)\AW (S)\AW Editor 1.1.6 (S).exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\MEGAsync Downloads\bleep Tool By HackAndModz.Net - Gregs Grabber\GregsGrabber.exe a variant of Generik.DFDSGRF trojan cleaned by deleting
C:\Users\Prabh\Documents\MW3\MW3 EBOOT Builder - Build 1.5.0.0.rar a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\Prabh\Documents\MW3\MW3 EBOOT Builder 1.6.0.0.rar a variant of MSIL/Packed.Confuser.P suspicious application deleted
C:\Users\Prabh\Documents\MW3\MW3 Recovery Tool - v3.3.rar a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\Prabh\Documents\MW3\MW3PhantomV1.12_CCAPI_package.rar a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\Prabh\Documents\MW3\Unbanned DEX v3.exe a variant of Win32/Packed.Themida.ACU trojan cleaned by deleting
C:\Users\Prabh\Documents\MW3\CIDStealerScanner\CID Stealer Scanner.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\MW3\MW3 EBOOT Builder - Build 1.5.0.0\MW3 EBOOT Builder - Build 1.5.0.0\MW3 EBOOT Builder.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\MW3\MW3 Recovery Tool - v3.3\MW3 Recovery Tool - v3.3\MW3 Recovery Tool - v3.3.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\MW3\MW3 Recovery Tool by edub22 v2\MW3 Recovery Tool by edub22 v2\Bandar_RTM_MW3_Nnn_Host\Bandar_RTM_MW3_Nnn_Host\Bandar_RTM_MW3_Nnn_Host.exe a variant of Win32/Packed.Themida.AJJ trojan cleaned by deleting
C:\Users\Prabh\Documents\MW3\MW3PhantomV1.12_CCAPI_package\MW3PhantomV1_CCAPI_package\MW3Phantom_CCAPI.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\MW3\MW3ProjectMemoriesV3.86_CCAPI_package\MW3ProjectMemories_CCAPI.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Prabh\Documents\MW3\Unbanned DEX v2\Unbanned DEX v3.exe a variant of Win32/Packed.Themida.ACU trojan cleaned by deleting
C:\Users\Prabh\Documents\Prabh\MW3\Call of DDoS 1.0.9.2 (PS3 Edition)\Call of DDoS (PS3 Edition).exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\Prabh\Documents\Prabh\Red-EyeX32 - Black Ops II Save Editor\Red-EyeX32 - Black Ops II Save Editor.exe a variant of MSIL/Packed.Confuser.P suspicious application cleaned by deleting
C:\Users\Prabh\Downloads\Bandar_RTM_MW3_Nnn_Host.rar a variant of Win32/Packed.Themida.AJJ trojan deleted
C:\Users\Prabh\Downloads\Black Ops 3 - Public Cheater (DEX&CEX).rar a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\Prabh\Downloads\Call Of DDoS 1.0.9.2.zip a variant of MSIL/Packed.Confuser.J suspicious application deleted
C:\Users\Prabh\Downloads\latest_version.zip a variant of Generik.GHWEPAC trojan deleted
C:\Users\Prabh\Downloads\MW3 Aesir Cheats.rar a variant of Win32/DllInject.DY potentially unsafe application deleted
C:\Users\Prabh\Downloads\MW3 Aesir Cheats_mpgh.net.rar a variant of Win32/DllInject.DY potentially unsafe application deleted
C:\Users\Prabh\Downloads\myCOM - BitTorrent Pro 7.9.2.38914 S+C.rar a variant of Win32/OpenCandy.A potentially unsafe application deleted
C:\Users\Prabh\Downloads\PamelaSetup_Basic.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting
C:\Users\Prabh\Downloads\PowerISO6-x64.exe Win32/FusionCore.L potentially unwanted application cleaned by deleting
C:\Users\Prabh\Downloads\SkullGrabber.zip a variant of MSIL/Packed.Confuser.J suspicious application deleted
C:\Users\Prabh\Downloads\vShareHelper_setup.exe a variant of Win32/FusionCore.L potentially unwanted application cleaned by deleting
C:\Users\Prabh\Downloads\Call of Octo\OctoSniff\OctoSniff.exe a variant of Generik.DZBBBFR trojan cleaned by deleting
C:\Users\Prabh\Downloads\myCOM - BitTorrent Pro 7.9.2.38914 S+C\myCOM - BitTorrent Pro 7.9.2.38914 S+C\BitTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Prabh\Downloads\SkullGrabber\SkullGrabber.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\Prabh\Downloads\VPN's\VPNium 1.9.1 Setup + Universal Crack.zip a variant of MSIL/HackTool.StuffFull.K potentially unsafe application deleted
C:\Users\Prabh\Downloads\VPN's\VPNium 1.9.1 Setup + Universal Crack\Crack\VPNium Any Version Crack.exe a variant of MSIL/HackTool.StuffFull.K potentially unsafe application cleaned by deleting
C:\Users\Prabh\Music\Malwarebytes Anti-Exploit Premium 1.09.1.1232 + KeyGen\Malwarebytes Anti-Exploit Premium 1.09.1.1232 + KeyGen\KeyGen-SND\keygen.exe Win32/Keygen.HV potentially unsafe application cleaned by deleting


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:36 AM

Posted 02 July 2017 - 10:13 AM

You need to start a topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum.  You will need to do the following prior to starting your topic.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

   * If you cannot complete a step, then skip it and continue with the next.
   * In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done this, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so this topic can be closed.

DO NOT bump your new topic. Wait for a response from one of the Malware Response Team Members.  The MRT members look for topics which have not been addressed.  If you bump your topic it will make it appear that your topic is being addressed.





 


Edited by dc3, 02 July 2017 - 10:48 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 Platypus

Platypus

  • Global Moderator
  • 15,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:36 PM

Posted 09 July 2017 - 08:43 AM

Continued here:

 

https://www.bleepingcomputer.com/forums/t/651090/windows-10-is-slow-in-normal-mode-but-perfectly-fast-in-safe-mode/?p=4280270

 

Topic closed to avoid any confusion.


Top 5 things that never get done:

1.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users