Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Process Manager 32 bit Virus, Maybe More


  • Please log in to reply

#106
Kirballer

Kirballer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

My laptop is running much better already. The Windows Process Manager (32 bit) is no longer using memory or cpu space. :thumbsup:

 

There are a couple things I'd like to ask about, but after you've finished looking over everything in case you answer my questions along the way.


  • 0

Advertisements


#107
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 134 posts

I see you didn't uninstall uTorrent as I asked you to ....
 

µTorrent (HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)


I strongly advise you to unistall this program.

Use of torrent programs is one of the prime ways that people get infected. By using a torrent you are bypassing the protection provided by your firewall and AV, so it is not surprising that malware purveyors use torrents as their delivery method of preferance. A great many torrent downloads contain things other than what you expect, and in the 14 years or so that I've been helping people on this and other forums, the vast majority of people I've helped, have had torrent programs installed.

It's not coincidental.

If you choose to uninstall uTorrent, and once again I strongly advise that you do ..... reboot your computer once it's uninstalled.

Next ....

Surprise, surprise, there's some orphans left from the programs you've just uninstalled. So let's get rid of them .....
 

  • Start FRST and when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it (don't include Code: Select all) ....
ShortcutTarget: Registry Updater.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (No File)
Startup: C:\Users\Kirby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registry Updater.lnk [2018-01-05]
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-15] (Zemana Ltd.)
C:\WINDOWS\System32\drivers\zamguard64.sys
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
C:\Windows\system32\DRIVERS\mwac.sys
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
C:\WINDOWS\System32\drivers\zam64.sys
2018-01-17 00:37 - 2018-01-17 00:39 - 000031380 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-16 16:33 - 2018-01-17 00:30 - 000183077 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-15 01:36 - 2018-01-15 01:36 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-01-15 01:35 - 2018-01-15 01:59 - 000000000 ____D C:\ProgramData\HitmanPro
2018-01-15 00:51 - 2018-01-17 00:32 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-15 00:51 - 2018-01-15 00:51 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-01-15 00:50 - 2018-01-15 00:50 - 000000000 ____D C:\Users\Kirby\AppData\Local\Zemana
2018-01-13 13:32 - 2018-01-13 13:32 - 000000000 ____D C:\Users\Kirby\AppData\Local\ESET
2018-01-11 11:22 - 2018-01-11 11:40 - 000000000 ____D C:\Users\Kirby\Desktop\mbar
2018-01-11 11:21 - 2018-01-11 11:22 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Kirby\Desktop\mbar-1.10.3.1001.exe
2018-01-07 22:50 - 2018-01-07 22:50 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3131252F.sys
2018-01-07 22:48 - 2018-01-07 22:48 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5355870F.sys
2018-01-07 22:18 - 2018-01-17 00:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-07 22:18 - 2018-01-07 22:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2E740B26.sys
2018-01-07 22:15 - 2018-01-11 11:40 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
CustomCLSID: HKU\S-1-5-21-2127724220-2420722970-824995399-1001_Classes\CLSID\{c31ca596-532d-a36f-e223-ce16b9ac70a56}\InprocServer32 -> 0xA05E04E4A077D2013B2205E4A077D201010000000100000000000000 => No File
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Stereo Service => 2
HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\StartupApproved\Run: => "iFunBox"
DeleteQuarantine:
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP