Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My windows 7 enterprise so slowly


  • Please log in to reply
6 replies to this topic

#1 smartsistemi

smartsistemi

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 26 July 2018 - 04:47 AM

Hello to all.
in recent times I'm having a slowdown of my computer with windows 7 enterprise,  an i7 @ 3.40 Ghz processor and 4 GB RAM with 64 bit operating system.
in particular since about two months when I open internet explorer the page loads very slowly, if I do some research with other browsers (mozilla or chrome) it is too slowly.
Here in attached i send hijack log.
can someone helps me? :)
 
 
Sorry... here hijack log
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:11:07, on 26/07/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19081)

Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
M:\Programmi\PMBVolumeWatcher.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\InfoCert\DiKe 6\dike.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDFViewer\PdfPro7Hook.exe
C:\Program Files (x86)\Common Files\SNP2UVC\vsnp2uvc.exe
C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\giovanni.UNICAL\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort14reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFProHook] "C:\Program Files (x86)\Nuance\PDFViewer\pdfpro7hook.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\Program Files (x86)\Common Files\SNP2UVC\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
O4 - HKCU\..\Run: [WhatsApp] C:\Users\giovanni.UNICAL\AppData\Local\WhatsApp\Update.exe --processStart "WhatsApp.exe"
O4 - HKCU\..\Run: [Scanmarker] "C:\Program Files (x86)\Scanmarker\bin\Scanmarker.exe"
O4 - HKCU\..\Run: [reboot] C:\Program Files (x86)\remoteAP\reboot.exe
O4 - HKCU\..\Run: [Dike 6] "C:\Program Files (x86)\InfoCert\DiKe 6\dike.exe" -o NO_SHELL -f "NO_MAIN_WIN"
O4 - Startup: Invia a OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O8 - Extra context menu item: Invia a &Bluetooth - C:\Program Files (x86)\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://weblabeling.gls-italy.com
O15 - Trusted Zone: http://www.protocollofacile.com
O15 - Trusted Zone: http://*.webcompanion.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - http://www.schoolesuite.it/GSP_NET1/Reserved.ReportViewerWebControl.axd?ReportSession=qrhnwgf1oxusknuie0aqv0zs&Culture=1040&CultureOverrides=True&UICulture=1040&UICultureOverrides=True&ReportStack=1&ControlID=5eceb0fa666f44c69c2ee9516d0c95a1&OpType=PrintCab&Arch=X86
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - http://www.mypix.com/it/it/fw_model/domain/library/aurigma/ImageUploaderPHP/Scripts/ImageUploader7.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - https://www.icloud.com/system/iCloud.cab
O16 - DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - http://supportsiss.lispa.it/components/pdlc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = unical
O17 - HKLM\System\CCS\Services\Tcpip\..\{F45881BF-09C7-4DFA-B375-8AC23BF8F4EC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = unical
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = unical
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: key4hidconvert - TODO: <Company name> - C:\Windows\SysWOW64\k4hidconvert.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - M:\Programmi\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - M:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampapache64 - Apache Software Foundation - P:\PROGRAMMI\wamp\bin\apache\apache2.4.9\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - M:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: wampmysqld64 - Unknown owner - P:\PROGRAMMI\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13116 bytes
 
Mod Edit:  Merged posts - Hamluis.

 

Edited by hamluis, 26 July 2018 - 06:58 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:46 AM

Posted 26 July 2018 - 07:00 AM

Topic moved from Win 7 to Malware Assistance forum.

 

Please provide the FRST data requested at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .

 

Thanks.

 

Louis



#3 smartsistemi

smartsistemi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 26 July 2018 - 07:16 AM

Thanks and sorry louis.

I posted there because I did not think it could be a Malware problem



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 26 July 2018 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please read the preparation guide as requested by Louis and post the FRST.TXT and Addition.txt logs for my review.

Wait for further instructions.

#5 smartsistemi

smartsistemi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 26 July 2018 - 10:52 AM

Thank you so much, nasdaq.

here my files you asked. I hope i did all correct.

 

Waiting for you answer :)

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 26 July 2018 - 01:10 PM

Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
====

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-978102705-3596489155-2490805372-1143\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Extension: (SaveFrom.net helper) - C:\Users\giovanni.UNICAL\AppData\Roaming\Mozilla\Firefox\Profiles\a341pb5d.default-1484835402954-1511951641038\Extensions\helper-sig@savefrom.net.xpi [2018-07-18]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)

Task: {2B82C55A-4368-4331-9515-B7DA64F687F3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
AlternateDataStreams: C:\ProgramData\TEMP:0A8E2C33 [133]
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9 [143]
AlternateDataStreams: C:\ProgramData\TEMP:8FAE08A5 [206]
AlternateDataStreams: C:\ProgramData\TEMP:E5A9D792 [128]
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3 [240]
AlternateDataStreams: C:\Users\giovanni.UNICAL\Downloads\ccsetup527.exe:BDU [0]
AlternateDataStreams: C:\Users\giovanni.UNICAL\Downloads\ControlliCanoneTV_104.exe:BDU [0]
AlternateDataStreams: C:\Users\giovanni.UNICAL\Downloads\Scratch-454.exe:BDU [0]
AlternateDataStreams: C:\Users\giovanni.UNICAL\Downloads\tsetup.1.0.6.exe:BDU [0]
AlternateDataStreams: C:\Users\giovanni.UNICAL\Downloads\z58806en.exe:BDU [0]
AlternateDataStreams: C:\Users\giovanni.UNICAL\Downloads\z58806it.exe:BDU [0]
FirewallRules: [{DD935477-7935-45B7-ADA3-251FAB91B7B8}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{02FA49DB-3A99-4269-89A7-F245149798A2}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{DE34C0D1-AC46-4A09-A2FD-F3F1AA14781A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E302FAA7-D427-42D2-A663-2A71D9E00DA6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{5EF3039F-B8C8-4EEC-B96C-425EA05C55DE}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{6E13752F-65E3-4220-AC9B-73643B401E24}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D1EE6C5D-D777-49D2-AB7B-BBA8FCE6FC53}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{3509D216-85D5-4CAC-8254-93D2D6239577}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

C:\Program Files\KMSpico

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.

J2SE Runtime Environment 5.0 Update 16 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150160}) (Version: 1.5.0.160 - Sun Microsystems, Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java™ 6 Update 32 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416032FF}) (Version: 6.0.320 - Oracle)
Java™ 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)

Please let me know what problem persists with this computer.

p.s.
When the fix is completed the Windows Defender should be updated.
Let me know if you have any problems with this.

FYI,
HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar Recovery Scan Tool from now on to report problems.
<<<>>>

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 01 August 2018 - 07:27 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users