Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I cant run any antivirus or windows defender [Closed]

malware ntuserlist

  • This topic is locked This topic is locked

#1
isaacluis2k

isaacluis2k

    New Member

  • Member
  • Pip
  • 7 posts

Hello i cant run any antivirus or windows defender whenever i click on a program it says "resource in use" i tried downloading bitdefender, malwarebytes, and various others also windows defender was shut off i dont know how and i cant turn it back on. in the screenshot are the files that im pretty sure are the virus please help also whenever i try to delete the files it says i need permision but im the admin of my computer and whenever i try to end the svcvmx client via task manger it just comes up again please help

Attached Thumbnails

  • Screenshot (77).png

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

Welcome :)

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.

  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 


  • 0

#3
isaacluis2k

isaacluis2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

The system log txt is over 5 mb and is too much to copy how can i send it it?

Attached Files


  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
The system log txt is over 5 mb and is too much to copy how can i send it it?

 

Never mind, the current log was sufficient.

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

 


  • 0

#5
isaacluis2k

isaacluis2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Things are looking better thank you

Attached Files


Edited by isaacluis2k, 25 July 2017 - 03:20 PM.

  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

Please remove the following program:

 

bestadblocker

 

  • Highlight the entire content of the quote box below.

Start::  
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
FirewallRules: [{176F41CB-ACB5-4F98-9CE1-66C92E7D4FB0}] => (Block) LPort=445
FirewallRules: [{DA6DF774-7EC6-463A-BB60-9A47AFD1B512}] => (Block) LPort=445
FirewallRules: [{EB672608-7477-451B-A09C-FE3FA702E1AE}] => (Allow) LPort=2869
FirewallRules: [{CCB2C5E3-E900-489A-ABCD-FCC2651CB216}] => (Allow) LPort=1900
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {12D3AD4F-3BDD-4404-8A49-50D2A3ED0198} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1BAA167D-A88B-4BCD-9B83-9C4F039B3546} - \{047A7D47-790C-7A09-0E11-790F7E04117F} -> No File <==== ATTENTION
Task: {239A0C75-2C3C-4BED-99A4-92933BAA9ADD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25A24FDD-D211-4C11-A372-948AB3AA7C26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {57E463FA-89A7-4AE3-AC2D-F07DBC9AF44D} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\Ifare_000\AppData\Roaming\OpenOffice\CODEXi\Steam" [Argument = overbtc1234.] <==== ATTENTION
Task: {59286D52-5118-49D5-81E2-5111BA070275} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B41AE62-550A-4A63-AEB9-61F607FAD06F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65656D44-B0F2-421C-AF08-BE6A850E583E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67588A2F-D243-4AE7-98DA-03AADCFA3996} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BE96DBE-3B49-4292-A6BF-0AE35723CBB6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {836D72E7-BF7C-43D1-960E-0701F8DA1365} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90A003E9-199C-4CA4-ACF3-F4B984C10BAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9EB284C3-7BD2-4682-AAC6-C8E9DE35C062} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A1B7AF5E-A16F-4ED7-9E12-A15713CF40E1} - \WPD\SqmUpload_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {B9A2899B-F79D-418F-A416-37E27981D0BD} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {D627AE9C-9A10-406C-9F11-06F0FAEA3F3A} - \Wse_taplika -> No File <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
CustomCLSID: HKU\S-1-5-21-2022683308-1078434095-671657706-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {12D3AD4F-3BDD-4404-8A49-50D2A3ED0198} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1BAA167D-A88B-4BCD-9B83-9C4F039B3546} - \{047A7D47-790C-7A09-0E11-790F7E04117F} -> No File <==== ATTENTION
Task: {239A0C75-2C3C-4BED-99A4-92933BAA9ADD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25A24FDD-D211-4C11-A372-948AB3AA7C26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {59286D52-5118-49D5-81E2-5111BA070275} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B41AE62-550A-4A63-AEB9-61F607FAD06F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65656D44-B0F2-421C-AF08-BE6A850E583E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67588A2F-D243-4AE7-98DA-03AADCFA3996} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BE96DBE-3B49-4292-A6BF-0AE35723CBB6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {836D72E7-BF7C-43D1-960E-0701F8DA1365} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90A003E9-199C-4CA4-ACF3-F4B984C10BAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9EB284C3-7BD2-4682-AAC6-C8E9DE35C062} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A1B7AF5E-A16F-4ED7-9E12-A15713CF40E1} - \WPD\SqmUpload_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {B9A2899B-F79D-418F-A416-37E27981D0BD} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {D627AE9C-9A10-406C-9F11-06F0FAEA3F3A} - \Wse_taplika -> No File <==== ATTENTION
2017-07-13 02:10 - 2014-10-03 17:01 - 00000000 ____D C:\Temp
2017-07-19 19:29 - 2017-03-14 08:31 - 1780824 ____N (Adobe Systems Incorporated) C:\Users\Ifare_000\AppData\Local\Temp\AdobePIM.dll
2017-07-19 19:29 - 2016-10-12 17:28 - 3444928 ____N (Adobe Systems Incorporated) C:\Users\Ifare_000\AppData\Local\Temp\Creative Cloud Uninstaller.exe
2017-07-22 14:35 - 2017-07-22 14:35 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-3678565085545059624.dll
2017-07-14 11:03 - 2017-07-14 11:03 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-5498586032966399219.dll
2017-07-17 12:00 - 2017-07-17 12:00 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-5929718948060973609.dll
2017-07-14 11:22 - 2017-07-14 11:22 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-7780383199672281717.dll
2017-07-17 11:56 - 2017-07-17 11:56 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-7890597762605068226.dll
2017-07-14 14:45 - 2017-07-14 14:45 - 8948728 _____ ( ) C:\Users\Ifare_000\AppData\Local\Temp\tmp3F26.tmp.exe
2017-07-15 16:07 - 2017-07-15 16:07 - 8948728 _____ ( ) C:\Users\Ifare_000\AppData\Local\Temp\tmp87D0.tmp.exe
2017-07-19 11:10 - 2017-07-19 11:10 - 3119448 _____ (Lead IT) C:\Users\Ifare_000\AppData\Local\Temp\WcgasLww-prog.exe
2017-07-14 14:45 - 2017-07-14 14:45 - 8948728 _____ ( ) C:\Users\Ifare_000\AppData\Local\Temp\tmp3F26.tmp.exe
2017-07-15 16:07 - 2017-07-15 16:07 - 8948728 _____ ( ) C:\Users\Ifare_000\AppData\Local\Temp\tmp87D0.tmp.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 
  • 0

#7
isaacluis2k

isaacluis2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

How long does the fix process take because i left the computer alone for Hours and it says its still fixing and copied what you sent me and paste it in the FRST program and i also couldn't find bestadblocker anywhere in my system


  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

It shouldn't take long. Please open FRST. Make sure there is a checkmark under addition, and click on Scan. Post both log produced, FRST.txt and Addition.txt.


  • 0

#9
isaacluis2k

isaacluis2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

The addition.txt is checked and i dont know why this is taking forever and something strange happened Microsoft onedreive opened and an extremely long image appeared seems endless 

Attached Thumbnails

  • Screenshot (79).png

Edited by isaacluis2k, 28 July 2017 - 07:22 AM.

  • 0

#10
isaacluis2k

isaacluis2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

update i think it was just a sign in screen

Attached Thumbnails

  • Screenshot (80).png

  • 0

#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

Please download a new copy of FRST:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.


  • 0

#12
isaacluis2k

isaacluis2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Here you go 

Attached Files


  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

Please remove bestadblocker from your computer. It is considered an Unwanted Program.
 

 

 

  • Highlight the entire content of the quote box below.

Start::  
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
FirewallRules: [{176F41CB-ACB5-4F98-9CE1-66C92E7D4FB0}] => (Block) LPort=445
FirewallRules: [{DA6DF774-7EC6-463A-BB60-9A47AFD1B512}] => (Block) LPort=445
FirewallRules: [{EB672608-7477-451B-A09C-FE3FA702E1AE}] => (Allow) LPort=2869
FirewallRules: [{CCB2C5E3-E900-489A-ABCD-FCC2651CB216}] => (Allow) LPort=1900
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {12D3AD4F-3BDD-4404-8A49-50D2A3ED0198} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1BAA167D-A88B-4BCD-9B83-9C4F039B3546} - \{047A7D47-790C-7A09-0E11-790F7E04117F} -> No File <==== ATTENTION
Task: {239A0C75-2C3C-4BED-99A4-92933BAA9ADD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25A24FDD-D211-4C11-A372-948AB3AA7C26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {57E463FA-89A7-4AE3-AC2D-F07DBC9AF44D} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\Ifare_000\AppData\Roaming\OpenOffice\CODEXi\Steam" [Argument = overbtc1234.] <==== ATTENTION
Task: {59286D52-5118-49D5-81E2-5111BA070275} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B41AE62-550A-4A63-AEB9-61F607FAD06F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65656D44-B0F2-421C-AF08-BE6A850E583E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67588A2F-D243-4AE7-98DA-03AADCFA3996} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BE96DBE-3B49-4292-A6BF-0AE35723CBB6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {836D72E7-BF7C-43D1-960E-0701F8DA1365} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90A003E9-199C-4CA4-ACF3-F4B984C10BAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9EB284C3-7BD2-4682-AAC6-C8E9DE35C062} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A1B7AF5E-A16F-4ED7-9E12-A15713CF40E1} - \WPD\SqmUpload_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {B9A2899B-F79D-418F-A416-37E27981D0BD} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {D627AE9C-9A10-406C-9F11-06F0FAEA3F3A} - \Wse_taplika -> No File <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
CustomCLSID: HKU\S-1-5-21-2022683308-1078434095-671657706-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {12D3AD4F-3BDD-4404-8A49-50D2A3ED0198} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1BAA167D-A88B-4BCD-9B83-9C4F039B3546} - \{047A7D47-790C-7A09-0E11-790F7E04117F} -> No File <==== ATTENTION
Task: {239A0C75-2C3C-4BED-99A4-92933BAA9ADD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25A24FDD-D211-4C11-A372-948AB3AA7C26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {59286D52-5118-49D5-81E2-5111BA070275} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B41AE62-550A-4A63-AEB9-61F607FAD06F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65656D44-B0F2-421C-AF08-BE6A850E583E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67588A2F-D243-4AE7-98DA-03AADCFA3996} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BE96DBE-3B49-4292-A6BF-0AE35723CBB6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {836D72E7-BF7C-43D1-960E-0701F8DA1365} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90A003E9-199C-4CA4-ACF3-F4B984C10BAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9EB284C3-7BD2-4682-AAC6-C8E9DE35C062} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A1B7AF5E-A16F-4ED7-9E12-A15713CF40E1} - \WPD\SqmUpload_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {B9A2899B-F79D-418F-A416-37E27981D0BD} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {D627AE9C-9A10-406C-9F11-06F0FAEA3F3A} - \Wse_taplika -> No File <==== ATTENTION
2017-07-13 02:10 - 2014-10-03 17:01 - 00000000 ____D C:\Temp
2017-07-19 19:29 - 2017-03-14 08:31 - 1780824 ____N (Adobe Systems Incorporated) C:\Users\Ifare_000\AppData\Local\Temp\AdobePIM.dll
2017-07-19 19:29 - 2016-10-12 17:28 - 3444928 ____N (Adobe Systems Incorporated) C:\Users\Ifare_000\AppData\Local\Temp\Creative Cloud Uninstaller.exe
2017-07-22 14:35 - 2017-07-22 14:35 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-3678565085545059624.dll
2017-07-14 11:03 - 2017-07-14 11:03 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-5498586032966399219.dll
2017-07-17 12:00 - 2017-07-17 12:00 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-5929718948060973609.dll
2017-07-14 11:22 - 2017-07-14 11:22 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-7780383199672281717.dll
2017-07-17 11:56 - 2017-07-17 11:56 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-7890597762605068226.dll
2017-07-14 14:45 - 2017-07-14 14:45 - 8948728 _____ (http://ohsoft.net/                                          ) C:\Users\Ifare_000\AppData\Local\Temp\tmp3F26.tmp.exe
2017-07-15 16:07 - 2017-07-15 16:07 - 8948728 _____ (http://ohsoft.net/                                          ) C:\Users\Ifare_000\AppData\Local\Temp\tmp87D0.tmp.exe
2017-07-19 11:10 - 2017-07-19 11:10 - 3119448 _____ (Lead IT) C:\Users\Ifare_000\AppData\Local\Temp\WcgasLww-prog.exe
2017-07-14 14:45 - 2017-07-14 14:45 - 8948728 _____ (http://ohsoft.net/                                          ) C:\Users\Ifare_000\AppData\Local\Temp\tmp3F26.tmp.exe
2017-07-15 16:07 - 2017-07-15 16:07 - 8948728 _____ (http://ohsoft.net/                                          ) C:\Users\Ifare_000\AppData\Local\Temp\tmp87D0.tmp.exe
HOSTS:
CMD: for /d %f in (Folders path) do rd /s /q "%f"
CMD: for /d %f in (Files path) do del /q "%f"
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 

 

How is the computer doing?


  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

Are you still with us?


  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, ntuserlist

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP