Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! Ram being eating malwarebytes freezeing [Solved]

virus malware memory

  • This topic is locked This topic is locked

#31
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

weird thing happened when malware bytes froze i restarted my computer and it basically deleted the viruses randomly then i did a rescan but i still have the ram problem dont understand why im losing a gig each 15mins


  • 0

Advertisements


#32
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Did this happen after re-installation? RAM can be consumed by application when they run or are under heavy load. Do the RAM consumption happens all the time or just when you run MBAM?
  • 0

#33
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

it happened before the installation and the ram consumption happens all the time I just want it to stop before it hits 0


  • 0

#34
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi twain1, :)
  • Step #11 Run ComboFix
    Download ComboFix by sUBs from one of the suitable locations listed below and save it to your Desktop.
    Download Link #1
    Download Link #2
    Donwload Link #3

    Warning

    Please acknowledged yourself this warning beforehand. The tool, ComboFix, is an extremely powerful malware removal tool if not one of the most powerful tools ever created. In the hands of an inept person or a simple mistake can render your machine un-bootable. Peruse every step I listed below unless you want a dreadful occurrence.

    ***

    • Disable your security software. For more information, peruse this thread;
    • Right-click and choose Run as administrator to run the program.
    • As a buit-in process, ComboFix will check if you system has Microsoft Windows Recovery Console installed. Let Combofix download and install Microsoft Windows Recovery Console.
      • It requires an active internet connection.
      • If your system already has Microsoft Windows Recovery Console installed, this step will be skipped
    • ComboFix will now scan your system for malwares and will attempt to remove them.
      • Note: ComboFix performs fifty steps during this fix. Please be patient.
    • After the scan your system will reboot and a log will be produced. The log is automatically saved in C:\ComboFix.txt.
    • Post the contents of the log in your next reply.
    Crucial Notes:
    • Do not mouse-click ComboFix is running as it may stall.
    • Do not re-run ComboFix if you face a problem. Ask for my instruction here.
    • ComboFix will make Internet Explorer your default browser and will change number of different Internet Explorer settings.
    • ComboFix prevents autorun functions of all CD and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you, please tell me.
    • It is possible that ComboFix, even on its first run, may have fixed the problems you are having. We strongly suggest that you still post your log into the topic that you are receiving help as you most likely will have infections left over that your helper will need to analyze further.
    • ComboFix will disconnect your system from internet for security measures. The connection is automatically restored after the scan but if it does not, it can be restored by rebooting the PC.
 
  • Required Log(s):
    • ComboFix Log
Regards,
Valinorum
  • 0

#35
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

ComboFix 14-04-20.01 - aarons 04/21/2014   8:16.2.1 - x86
Running from: c:\users\aarons\Downloads\ComboFix.exe
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\www
c:\program files\www\EasySupport\sscommon\common\inc\flowapi.js
c:\program files\www\EasySupport\sscommon\common\inc\pluginlicense.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_buttons.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_config.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_constants.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_container.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_contenttree.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_databag.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_databag_wrapper.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_event.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_event_wrapper.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_flowapi_client_bridge.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_history.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_history_wrapper.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_leave_behind_report.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_localize.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_lockdown.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_log.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_pageinclude.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_rec_engine.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_scriptedaction.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_shellinclude.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_si.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_snapin.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_snapin_wrapper.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_ssagentutil.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_stepapi.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_stepapi_client_bridge.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_subscription_info.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_tablesort.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_ui.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_util.js
c:\program files\www\EasySupport\sscommon\common\inc\ss_xml.js
c:\program files\www\EasySupport\sscommon\common\inc\sstk_automated_remediations.js
c:\program files\www\EasySupport\sscommon\common\inc\sstk_performance.js
c:\program files\www\EasySupport\sscommon\common\inc\sstk_savetodisk_leavebehind.js
c:\program files\www\EasySupport\sscommon\common\inc\sstk_security.js
c:\program files\www\EasySupport\sscommon\common\inc\sstk_steplist_include.js
c:\program files\www\EasySupport\sscommon\common\inc\sstk_system_information.js
c:\program files\www\EasySupport\sscommon\common\inc\sstk_util.js
c:\program files\www\EasySupport\sscommon\common\smartissue\ctss_addons_si.xml
c:\program files\www\EasySupport\sscommon\common\smartissue\ctss_common_si.xml
c:\program files\www\EasySupport\sscommon\common\smartissue\ctss_programs_si.xml
c:\program files\www\EasySupport\sscommon\common\smartissue\ctss_services_si.xml
c:\program files\www\EasySupport\sscommon\common\snapins\shell\lang\en\ss_globals.xml
c:\program files\www\EasySupport\sscommon\common\snapins\shell\lang\en\ss_glossary.xml
c:\program files\www\EasySupport\sscommon\common\snapins\shell\lang\en\ss_shell.xml
c:\program files\www\EasySupport\sscommon\common\snapins\shell\lang\en\ss_ui_dialog.xml
c:\program files\www\EasySupport\sscommon\common\snapins\shell\ss_blank.htm
c:\program files\www\EasySupport\sscommon\common\snapins\shell\ss_err_configbroken.htm
c:\program files\www\EasySupport\sscommon\common\snapins\shell\ss_shell.htm
c:\program files\www\EasySupport\sscommon\common\snapins\shell\ss_ui_dialog.htm
c:\program files\www\EasySupport\sscommon\common\widgets\ctss_wdg_extra_buttons.js
c:\program files\www\EasySupport\sscommon\common\widgets\ctss_wdg_milestones.js
c:\program files\www\EasySupport\sscommon\common\widgets\ctss_wdg_summary_mode.js
c:\program files\www\EasySupport\sscommon\common\widgets\ctss_wdg_system_restore.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_capturestyles.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_contentqualifiers.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_dbp_common.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_debugpanel.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_identity.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_lib_elementpos.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_milestones.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_progress.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_resume.js
c:\program files\www\EasySupport\sscommon\common\widgets\ss_wdg_sizablepanels.js
c:\program files\www\EasySupport\sscommon\solutions\browser-disable_script_debugger.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff_clear_auto_complete_forms.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff_clear_cache.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff_clear_downloadhistory.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff_clear_history.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff_configure_website_cetificates.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff2_clear_auto_complete_forms.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff2_configure_website_cetificates.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff2_delete_cookies.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff3_clear_auto_complete_forms.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff3_configure_website_cetificates.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ff3_delete_cookies.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ffx_disable_password_retention.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ffx_enable_pop-up_blocker.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ffx_set_cache_size.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ie6_clear_auto_complete_forms.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-ie7_clear_auto_complete_forms.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex-clear_history.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex-default_privacy_setting.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex-delete_cookies.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex-enable_open_link_newtab.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex-reset_zone_security.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex-restore_advanced_setting.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex_clear_auto_complete_forms.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex_clear_cache.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex_clear_url_dropdown_list.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex_configure_simultaneous_downloads.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex_enable_popup_blocker.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex_optimize_security_setting.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex_reset_privacy_setting_to_medium.xml
c:\program files\www\EasySupport\sscommon\solutions\browser-iex_set_cache_size.xml
c:\program files\www\EasySupport\sscommon\solutions\cpu-check_speed.xml
c:\program files\www\EasySupport\sscommon\solutions\hw-nvsta_enable_cdrom_autoplay.xml
c:\program files\www\EasySupport\sscommon\solutions\hw-vsta_enable_cdrom_autoplay.xml
c:\program files\www\EasySupport\sscommon\solutions\media-player-optimization.xml
c:\program files\www\EasySupport\sscommon\solutions\os-adjust_animation_effects.xml
c:\program files\www\EasySupport\sscommon\solutions\os-adjust_font_smoothening.xml
c:\program files\www\EasySupport\sscommon\solutions\os-adjust_schedtask_polling.xml
c:\program files\www\EasySupport\sscommon\solutions\os-check_free_memory.xml
c:\program files\www\EasySupport\sscommon\solutions\os-check_invalid_shortcuts.xml
c:\program files\www\EasySupport\sscommon\solutions\os-check_number_startup_programs.xml
c:\program files\www\EasySupport\sscommon\solutions\os-clean_chkdsk_files.xml
c:\program files\www\EasySupport\sscommon\solutions\os-clean_system_prefetch.xml
c:\program files\www\EasySupport\sscommon\solutions\os-clean_windowsold_files.xml
c:\program files\www\EasySupport\sscommon\solutions\os-disable_hibernation.xml
c:\program files\www\EasySupport\sscommon\solutions\os-disable_network_printer_folder_autosearch.xml
c:\program files\www\EasySupport\sscommon\solutions\os-disable_paging_executive.xml
c:\program files\www\EasySupport\sscommon\solutions\os-disable_windows_sidebar.xml
c:\program files\www\EasySupport\sscommon\solutions\os-empty_recycle_bin.xml
c:\program files\www\EasySupport\sscommon\solutions\os-enable-system-restore.xml
c:\program files\www\EasySupport\sscommon\solutions\os-enable_boot_defragment.xml
c:\program files\www\EasySupport\sscommon\solutions\os-erase_recently_used_document_list.xml
c:\program files\www\EasySupport\sscommon\solutions\os-erase_recently_used_program_list_using_run_command.xml
c:\program files\www\EasySupport\sscommon\solutions\os-greenpc-setting.xml
c:\program files\www\EasySupport\sscommon\solutions\os-improve_internal_data_transfer_rate.xml
c:\program files\www\EasySupport\sscommon\solutions\os-nvsta_adjust_menu_appearance.xml
c:\program files\www\EasySupport\sscommon\solutions\os-nvsta_adjust_visual_effects.xml
c:\program files\www\EasySupport\sscommon\solutions\os-nvsta_configure_recycle_bin_size.xml
c:\program files\www\EasySupport\sscommon\solutions\os-nvsta_disable_disk_performance_monitor.xml
c:\program files\www\EasySupport\sscommon\solutions\os-nvsta_set_dns_cache.xml
c:\program files\www\EasySupport\sscommon\solutions\os-optimized_networksettings.xml
c:\program files\www\EasySupport\sscommon\solutions\os-remove_temp_files_from_all_user_profiles.xml
c:\program files\www\EasySupport\sscommon\solutions\os-remove_windows_mail_splash_screen.xml
c:\program files\www\EasySupport\sscommon\solutions\os-set_protocol_setting.xml
c:\program files\www\EasySupport\sscommon\solutions\os-set_system_prefetch.xml
c:\program files\www\EasySupport\sscommon\solutions\os-set_usb_polling_interval.xml
c:\program files\www\EasySupport\sscommon\solutions\os-vst_turn_off_welcome_center.xml
c:\program files\www\EasySupport\sscommon\solutions\os-vsta_configure_recycle_bin_size.xml
c:\program files\www\EasySupport\sscommon\solutions\os-vsta_set_critical_windows_vista_services.xml
c:\program files\www\EasySupport\sscommon\solutions\os-win7_set_critical_windows_win7_services.xml
c:\program files\www\EasySupport\sscommon\solutions\os-win7_show_desktop_shortcuts.xml
c:\program files\www\EasySupport\sscommon\solutions\os-xp-clean-hotfix-uninstallers.xml
c:\program files\www\EasySupport\sscommon\solutions\security-check_antispyware.xml
c:\program files\www\EasySupport\sscommon\solutions\security-check_antivirus.xml
c:\program files\www\EasySupport\sscommon\solutions\security-check_firewall.xml
c:\program files\www\EasySupport\sscommon\solutions\security-questions.xml
c:\program files\www\EasySupport\sscommon\solutions\service-check_number_startup.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_adaptive_brightness_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_application_layer_gateway_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_biometric_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_bitLocker_drive_encryption_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_bluetooth_support_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_branch_cache_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_certificate_propagation_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_credential_manager_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_dfs_replication_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_diagnostic_policy_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_diagnostic_service_host_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_diagnostic_system_host_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_distributed_link_tracking_client_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_indexing_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_internet_connection_sharing_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_linklayer_topology_discovery_mapper_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_messenger_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_microsoft_iscsi_initiator_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_netlogon_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_netmeeting_remote_desktop_sharing.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_network_access_protection_agent_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_parental_controls_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_problem_reports_and_solutions_control_panel_support.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_remote_desktop_help_session_manager.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_remote_registry_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_routing_and_remote_access_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_smart_card_removal_policy_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_smart_card_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_snmp_trap_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_telnet.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_terminal_services.xml
c:\program files\www\EasySupport\sscommon\solutions\service-disable_winhttp_web_proxy_auto_discovery_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-nvsta_disable_error_reporting_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-set_logical_disk_manager_service.xml
c:\program files\www\EasySupport\sscommon\solutions\service-vsta_disable_error_reporting_service.xml
c:\program files\www\EasySupport\sscommon\solutions\sw-clear_office_setup_files.xml
c:\program files\www\EasySupport\sscommon\solutions\sw-erase_windows_media_player_recently_used_files.xml
c:\program files\www\EasySupport\sscommon\solutions\sw-nvsta_erase_qtp_recently_used_files.xml
c:\program files\www\EasySupport\sscommon\solutions\sw-nvsta_erase_realplayer_recently_used_files.xml
c:\program files\www\EasySupport\sscommon\solutions\system-check-eventLogs.xml
c:\program files\www\EasySupport\sscommon\solutions\system-check_memory.xml
c:\program files\www\EasySupport\sscommon\solutions\system-check_os.xml
c:\program files\www\EasySupport\sscommon\solutions\system-check_primaryharddrive.xml
c:\program files\www\EasySupport\sscommon\solutions\system-check_videocard.xml
c:\program files\www\EasySupport\sscommon\solutions\test-all_node_implementations.xml
c:\program files\www\EasySupport\sscommon\solutions\test\browser-iex_configure_simultaneous_downloads.notoptimal.reg
c:\program files\www\EasySupport\sscommon\solutions\test\browser-iex_configure_simultaneous_downloads.optimal.reg
c:\program files\www\EasySupport\sscommon\solutions\test\browser-iex_enable_popup_blocker.notoptimal.reg
c:\program files\www\EasySupport\sscommon\solutions\test\browser-iex_enable_popup_blocker.optimal.reg
c:\program files\www\EasySupport\sscommon\solutions\test\os-improve_internal_data_transfer_rate.notoptimal.reg
c:\program files\www\EasySupport\sscommon\solutions\test\os-improve_internal_data_transfer_rate.optimal.reg
c:\program files\www\EasySupport\sscommon\solutions\test\os-nvsta_adjust_visual_effects_notoptimal.reg
c:\program files\www\EasySupport\sscommon\solutions\test\os-nvsta_adjust_visual_effects_optimal.reg
c:\program files\www\EasySupport\sscommon\solutions\test\Set Protocol Setting (NA).reg
c:\program files\www\EasySupport\sscommon\solutions\test\Set Protocol Setting 1.reg
c:\program files\www\EasySupport\sscommon\solutions\test\Set Protocol Setting 2.reg
c:\program files\www\EasySupport\sscommon\solutions\virus-antiviruspro.xml
c:\program files\www\EasySupport\sscommon\solutions\virus-Backdoor-Revired.xml
c:\program files\www\EasySupport\sscommon\solutions\virus-ffsearcherchecker.xml
c:\program files\www\EasySupport\sscommon\solutions\virus-genericdx.xml
c:\program files\www\EasySupport\sscommon\solutions\virus-kido.xml
c:\program files\www\EasySupport\sscommon\solutions\virus-Trojan-Avalanec.xml
c:\program files\www\EasySupport\sscommon\solutions\virus-virutchecker.xml
c:\program files\www\EasySupport\sscommon\solutions\virus-w32-sillyfdc.xml
c:\program files\www\EasySupport\sscommon\solutions\virus-YahLover.xml
c:\users\aarons\AppData\Local\ws_updater.exe
c:\users\Public\DynamicInstaller.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-21 to 2014-04-21  )))))))))))))))))))))))))))))))
.
.
2014-04-21 14:45 . 2014-04-21 14:45    --------    d-----w-    c:\users\aarons\AppData\Local\temp
2014-04-21 14:45 . 2014-04-21 14:45    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-04-21 14:45 . 2014-04-21 14:45    --------    d-----w-    c:\users\twizzle\AppData\Local\temp
2014-04-21 11:30 . 2014-04-21 11:30    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8226D9DE-4D3C-4D0E-9526-D861C87D5F89}\offreg.dll
2014-04-21 04:46 . 2014-04-21 04:46    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\Apps
2014-04-21 04:43 . 2014-04-21 04:43    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2014-04-21 03:35 . 2014-04-21 03:35    --------    d-----w-    c:\programdata\WindowsSearch
2014-04-20 22:19 . 2014-04-20 22:36    --------    d-----w-    c:\windows\system32\catroot2
2014-04-20 20:02 . 2014-04-20 22:17    --------    d-----w-    c:\windows\system32\wbem\repository
2014-04-20 13:55 . 2014-04-20 21:54    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2014-04-20 13:35 . 2014-04-20 13:35    --------    d-----w-    C:\RegBackup
2014-04-20 12:51 . 2014-04-20 12:51    --------    d-----w-    c:\program files\Tweaking.com
2014-04-19 15:11 . 2014-04-19 15:12    --------    d-----w-    c:\users\aarons\AppData\Local\adawarebp
2014-04-19 14:42 . 2014-04-19 14:42    --------    d-----w-    C:\zoek_backup
2014-04-19 14:00 . 2014-04-19 14:00    --------    d-----w-    c:\windows\ERUNT
2014-04-19 12:47 . 2014-04-19 15:07    --------    d-----w-    C:\AdwCleaner
2014-04-19 12:29 . 2014-04-19 12:29    --------    d-----w-    C:\_OTL
2014-04-19 11:25 . 2014-04-17 10:32    8050496    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8226D9DE-4D3C-4D0E-9526-D861C87D5F89}\mpengine.dll
2014-04-15 21:53 . 2014-04-15 21:53    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\ESET
2014-04-15 21:41 . 2014-04-15 21:41    --------    d-----w-    c:\users\aarons\AppData\Local\ESET
2014-04-14 19:50 . 2014-04-15 19:15    --------    d-----w-    c:\program files\ESET
2014-04-14 08:13 . 2014-04-14 13:04    --------    d-----w-    c:\users\aarons\AppData\Local\NPE
2014-04-14 04:42 . 2014-04-14 04:42    55592    ----a-r-    c:\users\aarons\AppData\Roaming\Microsoft\Installer\{4405EF46-7892-4308-881C-BD893B509B23}\imvuIcon.exe
2014-04-14 01:22 . 2014-04-14 01:22    --------    d-----w-    c:\programdata\PCSettings
2014-04-12 12:16 . 2014-04-12 12:16    --------    d-----w-    c:\program files\Magical Jelly Bean
2014-04-11 23:40 . 2013-09-04 19:57    24040    ----a-w-    c:\windows\system32\drivers\gfiutil.sys
2014-04-11 23:40 . 2013-05-23 13:39    43368    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2014-04-11 23:39 . 2014-04-11 23:40    --------    d-----w-    C:\VIPRERESCUE
2014-04-11 02:40 . 2014-04-11 23:09    --------    d-----w-    c:\users\aarons\AppData\Local\LogMeIn Rescue Applet
2014-04-03 01:04 . 2014-04-04 20:47    --------    d-----w-    c:\programdata\BoostSoftware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-14 12:35 . 2010-09-05 09:48    134656    ------w-    c:\windows\regedit.exe
2014-03-31 14:35 . 2009-10-24 23:02    231584    ----a-w-    c:\windows\system32\MpSigStub.exe
2014-02-21 20:53 . 2014-02-21 20:53    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-02-07 10:38 . 2014-03-12 18:47    2050560    ----a-w-    c:\windows\system32\win32k.sys
2014-02-03 10:37 . 2014-03-12 18:47    505344    ----a-w-    c:\windows\system32\qedit.dll
2014-01-30 07:46 . 2014-03-12 18:47    876032    ----a-w-    c:\windows\system32\wer.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
"DellSystemDetect"="c:\users\aarons\AppData\Local\Apps\2.0\71Q8ZXZ9.NP0\LPEEM8HG.5YJ\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe" [2014-04-14 258160]
"Gyazo"="c:\program files\Gyazo\GyStation.exe" [2013-10-31 2990304]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-26 10828392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-04-26 593920]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-06 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2013-10-30 91688]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51    59240    ----a-w-    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24    16384    ----a-w-    c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-14 13:53    30192    ----a-w-    c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17    49152    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37    81920    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NielsenOnline]
2013-10-30 22:51    91688    ----a-w-    c:\program files\NetRatingsNetSight\NetSight\nielsenonline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2012-04-18 10:00    118784    ----a-w-    c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-276059291-3993976188-3623813286-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page =
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Download Photo... - c:\program files\DelorTech, Ltd\MXDFP 1.0\FBDownloader.dll/500
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{074fd0da-72c3-4bb7-a371-397dc810bb20} - {6636902a-3781-4d94-ab36-af118b839af5} -
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.15.1
DPF: {D89D97A9-12C5-45E3-9353-3540761FE15C} - hxxp://channel.dontblynk.com/Launcher/SealWebLaunch.CAB
FF - ProfilePath - c:\users\aarons\AppData\Roaming\Mozilla\Firefox\Profiles\h3eg7qcu.default\
FF - ExtSQL: !HIDDEN! 2010-03-09 16:35; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-10-25 09:25; [email protected]; c:\users\aarons\AppData\Roaming\2YourFace\ffextension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-Smart Defrag 2_is1 - c:\program files\IObit\Smart Defrag 2\unins000.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
AddRemove-WinLiveSuite - c:\program files\Windows Live\Installer\wlarp.exe
AddRemove-www_phm - c:\program files\www\EasySupport\phc\uninst.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-Video Converter - c:\program files\VideoConverter\Uninstall\Uninstall.exe
AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-21 09:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\program files\IPlayUnlimited\Cabal Reloaded\Byakko.K32"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2014-04-21  09:50:39
ComboFix-quarantined-files.txt  2014-04-21 14:50
.
Pre-Run: 36,758,351,872 bytes free
Post-Run: 36,465,274,880 bytes free
.
- - End Of File - - 2810D02CEFAAB21D0CF405FC02293EBB
5C616939100B85E558DA92B899A0FC36


  • 0

#36
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
How is the system running? Please remove Ad-aware as the program is out-dated.
  • 0

#37
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi twain1, :)

Copy ComboFix to your Desktop
  • Step #12 Run ComboFix Script
    Make sure that you still have Combofix on your Desktop. If not, download it from here.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      KillAll::
      
      Registry::
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"=-
      "WMPNSCFG"=-
      "DellSystemDetect"=-
      "Gyazo"=-
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Ad-Aware Browsing Protection"=-
      
      [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
      
      DDS::
      Trusted Zone: dell.com
      DPF: {D89D97A9-12C5-45E3-9353-3540761FE15C} - hxxp://channel.dontblynk.com/Launcher/SealWebLaunch.CAB
      FF - ExtSQL: !HIDDEN! 2010-03-09 16:35; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
      FF - ExtSQL: !HIDDEN! 2012-10-25 09:25; [email protected]; c:\users\aarons\AppData\Roaming\2YourFace\ffextension
      
      ClearJavaCache::
      Reboot::
      
    • Click on File > Save as...
      • Inside the File Name box type CFScript.txt
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Make sure your security programs are disabled while performing the actions. If you have difficulties, peruse this thread;
    • Drag CFScript.txt into ComboFix.exe as shown in the screenshot below --
      CFScript.gif
    ComboFix will now run a scan on your system. After the scan finishes, it will execute the script and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it. Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered. After a few minutes, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 
  • Required Log(s):
    • ComboFix Log
Regards,
Valinorum
  • 0

#38
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

my computer is moving really fast im doing step 12 now


  • 0

#39
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
I await the log. :)
  • 0

#40
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Im on my phone is the scan supposed to take this long?
  • 0

Advertisements


#41
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
How long has the scan been running?
  • 0

#42
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Almost a day
  • 0

#43
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Unusual. Abort the scan and restart your PC. If you can't do it because there are no Desktop, use the power button or un-plug the PC.
  • 0

#44
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi twain1, :)

Skip Step 12 and do the following.
  • Step #13 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #14 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Go here from Internet Explorer and click on Run ESET Online Scanner.
      • Note: If you use any browser other than Internet Explorer, you will have to download and install esetsmartinstaller_enu.exe when prompt to run the scan.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
    • Click on Advanced Setting and check the following boxes--
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Navigate to the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum
  • 0

#45
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

C:\Users\twizzle\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll    a variant of Win32/PriceGong.A potentially unwanted application
C:\Windows\Installer\317b03b.msi    a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\IMVU_Inc\ldrtbIMV0.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\IMVU_Inc\tbIMV0.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application

 ESET Log


  • 0






Similar Topics


Also tagged with one or more of these keywords: virus, malware, memory

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP