[isaacluis2k]

Hello i cant run any antivirus or windows defender whenever i click on a program it says "resource in use" i tried downloading bitdefender, malwarebytes, and various others also windows defender was shut off i dont know how and i cant turn it back on. in the screenshot are the files that im pretty sure are the virus please help also whenever i try to delete the files it says i need permision but im the admin of my computer and whenever i try to end the svcvmx client via task manger it just comes up again please help

Attached Thumbnails

• 

[Advertisements]

Welcome

 

• Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
• Right-Click MBAR.exe and select Run as administrator to run the installer.
• Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
• Click Next, followed by Update. Upon update completion, click Next.
• Ensure Drivers, Sectors & System are checked and click Scan.
• Note: Do not use your computer during the scan.
• Upon completion:
  
  • If no infection is found, close the MBAR window.
  • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  
  
• Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

[JSntgRvr]

Welcome

 

• Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
• Right-Click MBAR.exe and select Run as administrator to run the installer.
• Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
• Click Next, followed by Update. Upon update completion, click Next.
• Ensure Drivers, Sectors & System are checked and click Scan.
• Note: Do not use your computer during the scan.
• Upon completion:
  
  • If no infection is found, close the MBAR window.
  • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  
  
• Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

[isaacluis2k]

The system log txt is over 5 mb and is too much to copy how can i send it it?

Attached Files

•  mbar-log-2017-07-24 (20-43-46).txt   2.81MB   139 downloads

[JSntgRvr]

The system log txt is over 5 mb and is too much to copy how can i send it it?

 

Never mind, the current log was sufficient.

 

Please download Junkware Removal Tool to your Desktop.

• Please close your security software to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be moved to Quarantine.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure that under Optional Scans, there is a checkmark on Addition.txt.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

 

[isaacluis2k]

Things are looking better thank you

Attached Files

•  FRST_25-07-2017 15.03.39.txt   138.55KB   300 downloads
•  Addition_25-07-2017 15.03.39.txt   72.7KB   246 downloads
•  JRT.txt   3.37KB   161 downloads

Edited by isaacluis2k, 25 July 2017 - 03:20 PM.

[JSntgRvr]

Please remove the following program:

 

bestadblocker

 

• Highlight the entire content of the quote box below.

Start::  
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
FirewallRules: [{176F41CB-ACB5-4F98-9CE1-66C92E7D4FB0}] => (Block) LPort=445
FirewallRules: [{DA6DF774-7EC6-463A-BB60-9A47AFD1B512}] => (Block) LPort=445
FirewallRules: [{EB672608-7477-451B-A09C-FE3FA702E1AE}] => (Allow) LPort=2869
FirewallRules: [{CCB2C5E3-E900-489A-ABCD-FCC2651CB216}] => (Allow) LPort=1900
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {12D3AD4F-3BDD-4404-8A49-50D2A3ED0198} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1BAA167D-A88B-4BCD-9B83-9C4F039B3546} - \{047A7D47-790C-7A09-0E11-790F7E04117F} -> No File <==== ATTENTION
Task: {239A0C75-2C3C-4BED-99A4-92933BAA9ADD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25A24FDD-D211-4C11-A372-948AB3AA7C26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {57E463FA-89A7-4AE3-AC2D-F07DBC9AF44D} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\Ifare_000\AppData\Roaming\OpenOffice\CODEXi\Steam" [Argument = overbtc1234.] <==== ATTENTION
Task: {59286D52-5118-49D5-81E2-5111BA070275} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B41AE62-550A-4A63-AEB9-61F607FAD06F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65656D44-B0F2-421C-AF08-BE6A850E583E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67588A2F-D243-4AE7-98DA-03AADCFA3996} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BE96DBE-3B49-4292-A6BF-0AE35723CBB6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {836D72E7-BF7C-43D1-960E-0701F8DA1365} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90A003E9-199C-4CA4-ACF3-F4B984C10BAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9EB284C3-7BD2-4682-AAC6-C8E9DE35C062} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A1B7AF5E-A16F-4ED7-9E12-A15713CF40E1} - \WPD\SqmUpload_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {B9A2899B-F79D-418F-A416-37E27981D0BD} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {D627AE9C-9A10-406C-9F11-06F0FAEA3F3A} - \Wse_taplika -> No File <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
CustomCLSID: HKU\S-1-5-21-2022683308-1078434095-671657706-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {12D3AD4F-3BDD-4404-8A49-50D2A3ED0198} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1BAA167D-A88B-4BCD-9B83-9C4F039B3546} - \{047A7D47-790C-7A09-0E11-790F7E04117F} -> No File <==== ATTENTION
Task: {239A0C75-2C3C-4BED-99A4-92933BAA9ADD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25A24FDD-D211-4C11-A372-948AB3AA7C26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {59286D52-5118-49D5-81E2-5111BA070275} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B41AE62-550A-4A63-AEB9-61F607FAD06F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65656D44-B0F2-421C-AF08-BE6A850E583E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67588A2F-D243-4AE7-98DA-03AADCFA3996} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BE96DBE-3B49-4292-A6BF-0AE35723CBB6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {836D72E7-BF7C-43D1-960E-0701F8DA1365} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90A003E9-199C-4CA4-ACF3-F4B984C10BAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9EB284C3-7BD2-4682-AAC6-C8E9DE35C062} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A1B7AF5E-A16F-4ED7-9E12-A15713CF40E1} - \WPD\SqmUpload_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {B9A2899B-F79D-418F-A416-37E27981D0BD} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {D627AE9C-9A10-406C-9F11-06F0FAEA3F3A} - \Wse_taplika -> No File <==== ATTENTION
2017-07-13 02:10 - 2014-10-03 17:01 - 00000000 ____D C:\Temp
2017-07-19 19:29 - 2017-03-14 08:31 - 1780824 ____N (Adobe Systems Incorporated) C:\Users\Ifare_000\AppData\Local\Temp\AdobePIM.dll
2017-07-19 19:29 - 2016-10-12 17:28 - 3444928 ____N (Adobe Systems Incorporated) C:\Users\Ifare_000\AppData\Local\Temp\Creative Cloud Uninstaller.exe
2017-07-22 14:35 - 2017-07-22 14:35 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-3678565085545059624.dll
2017-07-14 11:03 - 2017-07-14 11:03 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-5498586032966399219.dll
2017-07-17 12:00 - 2017-07-17 12:00 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-5929718948060973609.dll
2017-07-14 11:22 - 2017-07-14 11:22 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-7780383199672281717.dll
2017-07-17 11:56 - 2017-07-17 11:56 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-7890597762605068226.dll
2017-07-14 14:45 - 2017-07-14 14:45 - 8948728 _____ ( ) C:\Users\Ifare_000\AppData\Local\Temp\tmp3F26.tmp.exe
2017-07-15 16:07 - 2017-07-15 16:07 - 8948728 _____ ( ) C:\Users\Ifare_000\AppData\Local\Temp\tmp87D0.tmp.exe
2017-07-19 11:10 - 2017-07-19 11:10 - 3119448 _____ (Lead IT) C:\Users\Ifare_000\AppData\Local\Temp\WcgasLww-prog.exe
2017-07-14 14:45 - 2017-07-14 14:45 - 8948728 _____ ( ) C:\Users\Ifare_000\AppData\Local\Temp\tmp3F26.tmp.exe
2017-07-15 16:07 - 2017-07-15 16:07 - 8948728 _____ ( ) C:\Users\Ifare_000\AppData\Local\Temp\tmp87D0.tmp.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

• Right click on the highlighted text and select Copy.
• Start FRST (FRST64) with Administrator privileges
• Press the Fix button.
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

[isaacluis2k]

How long does the fix process take because i left the computer alone for Hours and it says its still fixing and copied what you sent me and paste it in the FRST program and i also couldn't find bestadblocker anywhere in my system

[JSntgRvr]

It shouldn't take long. Please open FRST. Make sure there is a checkmark under addition, and click on Scan. Post both log produced, FRST.txt and Addition.txt.

[isaacluis2k]

The addition.txt is checked and i dont know why this is taking forever and something strange happened Microsoft onedreive opened and an extremely long image appeared seems endless 

Attached Thumbnails

• 

Edited by isaacluis2k, 28 July 2017 - 07:22 AM.

[isaacluis2k]

update i think it was just a sign in screen

Attached Thumbnails

• 

[JSntgRvr]

Please download a new copy of FRST:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure that under Optional Scans, there is a checkmark on Addition.txt.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also produce another log (Addition.txt ). Please attach this to your reply.

[isaacluis2k]

Here you go 

Attached Files

•  FRST.txt   137.87KB   156 downloads
•  Addition.txt   75.49KB   197 downloads

[JSntgRvr]

Please remove bestadblocker from your computer. It is considered an Unwanted Program.
 

 

 

• Highlight the entire content of the quote box below.

Start::  
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
FirewallRules: [{176F41CB-ACB5-4F98-9CE1-66C92E7D4FB0}] => (Block) LPort=445
FirewallRules: [{DA6DF774-7EC6-463A-BB60-9A47AFD1B512}] => (Block) LPort=445
FirewallRules: [{EB672608-7477-451B-A09C-FE3FA702E1AE}] => (Allow) LPort=2869
FirewallRules: [{CCB2C5E3-E900-489A-ABCD-FCC2651CB216}] => (Allow) LPort=1900
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {12D3AD4F-3BDD-4404-8A49-50D2A3ED0198} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1BAA167D-A88B-4BCD-9B83-9C4F039B3546} - \{047A7D47-790C-7A09-0E11-790F7E04117F} -> No File <==== ATTENTION
Task: {239A0C75-2C3C-4BED-99A4-92933BAA9ADD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25A24FDD-D211-4C11-A372-948AB3AA7C26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {57E463FA-89A7-4AE3-AC2D-F07DBC9AF44D} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\Ifare_000\AppData\Roaming\OpenOffice\CODEXi\Steam" [Argument = overbtc1234.] <==== ATTENTION
Task: {59286D52-5118-49D5-81E2-5111BA070275} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B41AE62-550A-4A63-AEB9-61F607FAD06F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65656D44-B0F2-421C-AF08-BE6A850E583E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67588A2F-D243-4AE7-98DA-03AADCFA3996} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BE96DBE-3B49-4292-A6BF-0AE35723CBB6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {836D72E7-BF7C-43D1-960E-0701F8DA1365} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90A003E9-199C-4CA4-ACF3-F4B984C10BAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9EB284C3-7BD2-4682-AAC6-C8E9DE35C062} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A1B7AF5E-A16F-4ED7-9E12-A15713CF40E1} - \WPD\SqmUpload_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {B9A2899B-F79D-418F-A416-37E27981D0BD} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {D627AE9C-9A10-406C-9F11-06F0FAEA3F3A} - \Wse_taplika -> No File <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
CustomCLSID: HKU\S-1-5-21-2022683308-1078434095-671657706-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {12D3AD4F-3BDD-4404-8A49-50D2A3ED0198} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1BAA167D-A88B-4BCD-9B83-9C4F039B3546} - \{047A7D47-790C-7A09-0E11-790F7E04117F} -> No File <==== ATTENTION
Task: {239A0C75-2C3C-4BED-99A4-92933BAA9ADD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25A24FDD-D211-4C11-A372-948AB3AA7C26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {59286D52-5118-49D5-81E2-5111BA070275} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B41AE62-550A-4A63-AEB9-61F607FAD06F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65656D44-B0F2-421C-AF08-BE6A850E583E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67588A2F-D243-4AE7-98DA-03AADCFA3996} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BE96DBE-3B49-4292-A6BF-0AE35723CBB6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {836D72E7-BF7C-43D1-960E-0701F8DA1365} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90A003E9-199C-4CA4-ACF3-F4B984C10BAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9EB284C3-7BD2-4682-AAC6-C8E9DE35C062} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A1B7AF5E-A16F-4ED7-9E12-A15713CF40E1} - \WPD\SqmUpload_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {B9A2899B-F79D-418F-A416-37E27981D0BD} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION
Task: {D627AE9C-9A10-406C-9F11-06F0FAEA3F3A} - \Wse_taplika -> No File <==== ATTENTION
2017-07-13 02:10 - 2014-10-03 17:01 - 00000000 ____D C:\Temp
2017-07-19 19:29 - 2017-03-14 08:31 - 1780824 ____N (Adobe Systems Incorporated) C:\Users\Ifare_000\AppData\Local\Temp\AdobePIM.dll
2017-07-19 19:29 - 2016-10-12 17:28 - 3444928 ____N (Adobe Systems Incorporated) C:\Users\Ifare_000\AppData\Local\Temp\Creative Cloud Uninstaller.exe
2017-07-22 14:35 - 2017-07-22 14:35 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-3678565085545059624.dll
2017-07-14 11:03 - 2017-07-14 11:03 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-5498586032966399219.dll
2017-07-17 12:00 - 2017-07-17 12:00 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-5929718948060973609.dll
2017-07-14 11:22 - 2017-07-14 11:22 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-7780383199672281717.dll
2017-07-17 11:56 - 2017-07-17 11:56 - 0019968 ____N (Red Hatr, Inc.) C:\Users\Ifare_000\AppData\Local\Temp\jansi-64-7890597762605068226.dll
2017-07-14 14:45 - 2017-07-14 14:45 - 8948728 _____ (http://ohsoft.net/                                          ) C:\Users\Ifare_000\AppData\Local\Temp\tmp3F26.tmp.exe
2017-07-15 16:07 - 2017-07-15 16:07 - 8948728 _____ (http://ohsoft.net/                                          ) C:\Users\Ifare_000\AppData\Local\Temp\tmp87D0.tmp.exe
2017-07-19 11:10 - 2017-07-19 11:10 - 3119448 _____ (Lead IT) C:\Users\Ifare_000\AppData\Local\Temp\WcgasLww-prog.exe
2017-07-14 14:45 - 2017-07-14 14:45 - 8948728 _____ (http://ohsoft.net/                                          ) C:\Users\Ifare_000\AppData\Local\Temp\tmp3F26.tmp.exe
2017-07-15 16:07 - 2017-07-15 16:07 - 8948728 _____ (http://ohsoft.net/                                          ) C:\Users\Ifare_000\AppData\Local\Temp\tmp87D0.tmp.exe
HOSTS:
CMD: for /d %f in (Folders path) do rd /s /q "%f"
CMD: for /d %f in (Files path) do del /q "%f"
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

• Right click on the highlighted text and select Copy.
• Start FRST (FRST64) with Administrator privileges
• Press the Fix button.
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 

 

How is the computer doing?

[JSntgRvr]

Are you still with us?

[JSntgRvr]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.