Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Some kind of a virus

Solved 
6K views 13 replies 3 participants last post by  iMacg3 
#1 · (Edited)
Im not sure when did this happend. my lil brother downlounded samthing and now.. A so called "system" program is using 99% of my cpu plz help u are my last hope.
I cant buy a premium virus cleaner so im stuck like this. A few times i ran a scan on my pc and the anti virus sayd thares 32 devises connected or samthing.
It is also realy hard to do annything on my laptop it takes me about 1minute to open the brouser. I tried using "bleeping coputer" progrems like tdss killer and the kinda programs from. Most of the programs 1. Just stop wotking 2. Dosent load 3 crashes my entire captop. Im suspecting some advaced spy vare




(Edited for more information)

Im typing this on my phone becouse my laptop is realy realy realy slow.
Sometymes the laptoo crashes for no reason.

Windows 7.
And i dont care if i lose my files.
I WILL PROVIDE ANNY INFORMATION NEEDED
 

Attachments

See less See more
1
#7 ·
Hi Mantas101,

The FRST reports are incomplete. Please try running FRST in Safe Mode.
  • This can be done by tapping the F8 key as soon as you start your computer.
  • The Advanced Boot Options menu will open. Use the arrow keys to select Safe Mode.
  • Once in Safe Mode, double-click FRST.
  • When the tool opens, click Scan and wait for it to complete.
  • 2 reports will open on your desktop titled FRST.txt and Addition.txt
  • Reboot your computer to exit safe mode.
  • Copy and paste the contents of FRST.txt and Addition.txt into your next reply please.
 
#9 ·
Hi Mantas101,

---------------------------------------------------
Uninstall a Program

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:
    Driver Support One
  • Select the above program(s) and click Uninstall.
  • Restart the computer if prompted.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Press the Windows key + R.
  • Type notepad in the Run box and press Enter.
  • A blank text file will open in Notepad.
  • Copy and paste the contents of the below code box into Notepad:
Code:
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {8699178F-CA04-4C9E-AF8D-5864CF4616D2} - System32\Tasks\{F1A2E930-464C-4386-9262-D9A68659787A} => C:\Windows\system32\pcalua.exe -a C:\Users\kunde\AppData\Local\Temp\jre-8u171-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {F62AD8F6-E351-4970-AA8F-18471D6B6264} - System32\Tasks\DSOne Agent => C:\Program Files (x86)\Driver Support One\DSOne.exe [1059520 2019-08-21] (Asurvio, LP -> PC Drivers HeadQuarters LP)
S3 JitDriver; C:\Windows\system32\drivers\JitDriver.sys [21496 2019-08-21] (PC DRIVERS HEADQUARTERS I, INC -> )
S2 ynfveglp; C:\Windows\SysWOW64\ynfveglp\bemmkimv.exe [X]
S3 cpuz136; \??\C:\Users\kunde\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-08-21 21:22 - 2019-08-21 21:22 - 000003298 _____ C:\Windows\System32\Tasks\DSOne Agent
2019-08-21 21:21 - 2019-08-21 21:21 - 000021496 _____ C:\Windows\system32\Drivers\JitDriver.sys
2019-08-21 21:21 - 2019-08-21 21:21 - 000000000 ____D C:\ProgramData\Driver Support
2019-08-21 21:20 - 2019-08-21 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support One
2019-08-21 21:14 - 2019-08-22 20:14 - 000000000 ____D C:\Program Files (x86)\Driver Support One
2019-08-21 21:14 - 2019-08-21 21:14 - 000255928 _____ (PC Drivers HeadQuarters LP) C:\Users\kunde\Downloads\DSOne.exe
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
FirewallRules: [{79C65AD2-1CB5-4A9F-9E96-32A52F83C704}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1946BBF4-FCB3-4EFF-B80B-093457D5B577}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{C7B4A03F-75DB-41BD-825A-98FC59B55FDE}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe No File
FirewallRules: [UDP Query User{5A997C3D-5FD1-41DF-88DD-476FF688B884}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe No File
FirewallRules: [TCP Query User{E47C5F02-9651-4F1B-97B1-76CDD496E328}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{D31E2B6A-F25F-496C-9BDC-B850C9A3A0D3}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{DEF1C4BE-C9C4-4A14-A2D8-89D9F22DBD9D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{44229ABB-0497-429C-9417-04A34E254115}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{5D1BD447-842F-4248-9D2E-802ADC39D940}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{55A4DF86-2F28-4637-B851-1905E1E25D15}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{C4FD1F1B-DFAA-48FC-930D-73D81E062C5F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{51A06134-DBB9-4DAA-A07E-08CF6F3006C6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{A0CA3342-BCD2-487A-AD95-DAD43B4F59A4}] => (Allow) C:\Users\kunde\AppData\Local\Programs\Opera\53.0.2907.68\opera.exe No File
FirewallRules: [TCP Query User{50CE97FC-0C56-439F-9625-773EB4C501E3}C:\users\kunde\desktop\zumbi blocks ultimate.exe] => (Allow) C:\users\kunde\desktop\zumbi blocks ultimate.exe No File
FirewallRules: [UDP Query User{ADC09A25-28A3-42B3-A954-13FFD14B003D}C:\users\kunde\desktop\zumbi blocks ultimate.exe] => (Allow) C:\users\kunde\desktop\zumbi blocks ultimate.exe No File
FirewallRules: [TCP Query User{7EA6A5C0-D020-480F-AB51-2871C6DD40E4}C:\users\kunde\desktop\zumbi blocks ultimate 2.5.0\zumbi blocks ultimate.exe] => (Block) C:\users\kunde\desktop\zumbi blocks ultimate 2.5.0\zumbi blocks ultimate.exe No File
FirewallRules: [UDP Query User{F53E6376-D807-4504-9239-9191F29494B8}C:\users\kunde\desktop\zumbi blocks ultimate 2.5.0\zumbi blocks ultimate.exe] => (Block) C:\users\kunde\desktop\zumbi blocks ultimate 2.5.0\zumbi blocks ultimate.exe No File
FirewallRules: [TCP Query User{CA2B1C14-FF71-4299-9271-9149A0A3BB4E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{FCDC5C5D-AAFD-4C20-B2A6-7E9EED24D22C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{4775A677-838E-43EF-91C2-3B5D48537040}C:\program files (x86)\steam\steamapps\common\robocraft\robocraftclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\robocraft\robocraftclient.exe No File
FirewallRules: [UDP Query User{6440B1C8-12AB-4253-9448-3D9111B4425E}C:\program files (x86)\steam\steamapps\common\robocraft\robocraftclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\robocraft\robocraftclient.exe No File
FirewallRules: [TCP Query User{2686CC5F-6E1D-4AA5-88F0-4B4C58936A0C}C:\users\kunde\desktop\new folder\hl.exe] => (Allow) C:\users\kunde\desktop\new folder\hl.exe No File
FirewallRules: [UDP Query User{9FBBBE2B-13B8-4721-B5DB-C27FEABBD470}C:\users\kunde\desktop\new folder\hl.exe] => (Allow) C:\users\kunde\desktop\new folder\hl.exe No File
FirewallRules: [TCP Query User{3FD137F3-5174-49C4-A4AF-0589F66B11E4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{FE3DDC53-58F0-4DE7-9C4C-99EACCB0D19A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{9FA7A1B4-B36F-46E0-94A7-B3ADB3C78741}C:\program files (x86)\slimi\counter-strike 1.6 lt\hl.exe] => (Allow) C:\program files (x86)\slimi\counter-strike 1.6 lt\hl.exe No File
FirewallRules: [UDP Query User{2B2BB507-578B-4562-B7B3-FA5B17278AAC}C:\program files (x86)\slimi\counter-strike 1.6 lt\hl.exe] => (Allow) C:\program files (x86)\slimi\counter-strike 1.6 lt\hl.exe No File
FirewallRules: [TCP Query User{0029611E-6AB0-4B23-90A0-730E6151F432}C:\games\counter-strike 1.6 (cs 1.6) original\hl.exe] => (Allow) C:\games\counter-strike 1.6 (cs 1.6) original\hl.exe No File
FirewallRules: [UDP Query User{50649FDC-E9C0-454D-BBE6-94ACB1D0DBBC}C:\games\counter-strike 1.6 (cs 1.6) original\hl.exe] => (Allow) C:\games\counter-strike 1.6 (cs 1.6) original\hl.exe No File
FirewallRules: [TCP Query User{1B2D23F2-29A2-4A85-969F-F3482EA789AE}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{BC05C516-C896-432C-8300-564C72062286}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{A6677BE3-0095-4B95-A88A-0EE480A36A80}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{62248EC6-F0F2-49C6-9193-C86796D0778A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{59AE2233-6EDD-4C57-8268-81DD49E995E2}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{3EE5940E-3872-4081-B678-F7D290993E51}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe No File
Unlock: C:\Windows\SysWOW64\ynfveglp
C:\Windows\SysWOW64\ynfveglp
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh winsock reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
CMD: Bitsadmin /Reset /Allusers
end
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Save the file as fixlist.txt in the same location as FRST.exe / FRST64.exe
    Note: fixlist.txt must be saved in the same location as FRST or the fix will not work.
  • Boot to Safe Mode by pressing the F8 button as your computer boots, then using the arrow keys to select Safe Mode
  • Right-click FRST.exe/FRST64.exe and select Run as Administrator.
  • When the tool opens, click Fix.
  • A log titled Fixlog.txt will be saved to the same location as FRST.
  • Restart the computer to exit Safe Mode.
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • Let me know how the computer is doing.
 
#11 ·
Hi Mantas101,

---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------
Farbar Service Scanner

Download Farbar Service Scanner and save it to your desktop.
  • Right-click FSS.exe and select Run as Administrator.
  • Check the following boxes:
    Code:
    Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---------------------------------------------------

In your next reply, please include:
  • AdwCleaner[S0*].txt
  • eset.txt
  • FSS.txt
 
#14 ·
Hi Mantas101,

---------------------------------------------------
AdwCleaner - Clean

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please check the following boxes and then click Quarantine
PUP.Optional.DriverAgent
    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start ADWCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

---------------------------------------------------
Tweaking.com - Windows Repair All-In-One (Portable)

Download Windows Repair All-In-One Portable and save it to your desktop.
  • Right-click tweaking.com_windows_repair_aio.zip and select Extract all
  • Extract the file to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click Repair_Windows.exe and select Run as Administrator to start Windows Repair All-In-One.
  • When the tool opens, click the Step 2 tab.
  • Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.
  • Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.
  • Go to Step 3, then click Check in the See If Check Disk Is Needed.
  • If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
  • Go to Step 4, then click Do It.
  • Go to Step 5. Under System Restore click Create.
  • Go to Repairs and click Open Repairs.
  • Uncheck "All Repairs"
  • Check the following boxes:
    • 03 - Reset Service Permissions
    • 25 - Restore Important Windows Services
    • 26 - Set Windows Services To Default Startup
  • Click Start Repairs.
  • Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

---------------------------------------------------

In your next reply, please include:
  • AdwCleaner[C0*].txt
  • Windows Repair log
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top