Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Possible malware

3K views 15 replies 3 participants last post by  DR.M 
#1 ·
I've been having an issue with my pc these couple of days with processes not ending in task manager. When I tried to end a process it will disappear for a second then come back again. It is using most of my ram.

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit, Build 7601, Installed 20170816084210.000000+120
Processor: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz, Intel64 Family 6 Model 23 Stepping 10, CPU Count: 4
Total Physical RAM: 5 GB
Graphics Card: NVIDIA GeForce GT 420
Hard Drives: C: 116 GB (17 GB Free); D: 116 GB (58 GB Free);
Motherboard: Hewlett-Packard 3032h, s/n CZC9183V8X
System: Hewlett-Packard, ver HPQOEM - 20090305, s/n CZC9183V8X
Antivirus: Microsoft Security Essentials, Disabled
 
#2 ·
You have this HP Compaq dc7900 Convertible Minitower PC
It was purchased new in May 2009 and came with Windows XP Pro 32-bit or Windows Vista Business 32-bit.
Windows 7 Ultimate 64-bit was installed in it in August 2017.

----------------------------------------------------------------
 
#4 ·
Hi, atkepatke.

If you think that you are dealing with a malware issue, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt. Please copy and paste the content of these two logs in your next reply.

NOTES:

1. Do not run any tool unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

2. Always ask before act. Do not continue if you are not sure, or if something unexpected happens.

3. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.
 
#8 · (Edited)
Hi, atkepatke.

I'm sorry for the delay. :)

Here are my comments/instructions, regarding your logs. Please, go on, step by step, doing what is recommended.

1. Windows 7 update

It seems that your computer is running with Windows 7 Ultimate edition. Windows 7 stopped reached its end of life in January 2020, meaning that it doesn't receive security updates anymore. An outdated operating system means no security fixes. Therefore, it is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. You should update your computer when we finish the cleaning process.


2. P2P program


You have μttorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 3 below.
  • If you decide to keep it, DON'T use it during the cleaning procedure.

3. Uninstall programs


An anti-virus and an anti-malware product is a necessity.You can stay with the AVG and there is also the antispyware of the operating system, Windows Defender, which is disabled since you have AVG. You have also Microsoft Security Essentials, McAfee Safe Connect and McAfee Security Scan Plus. Have in mind that installing more than one of those programs may conflict with each other and cause the following:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
I recommend you to uninstall Microsoft Security Essentials and the two McAfee products.
At this step, you can also uninstall the outdated 7-zip, as well as the μtorrent, if you decide to do so.
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
7-Zip 9.20
7-Zip 9.20
McAfee Safe Connect
McAfee Security Scan Plus
Microsoft Security Essentials
(μtorrent)
  • Select the above program and click Uninstall.
  • Restart the computer.

4. Uninstall Chrome extensions
  • Open Chrome
  • Type chrome://extensions in the address bar and press Enter.
  • Click Remove under the following extension:
    Code:
    Avast SafePrice
  • Restart the computer.

5. FRST fix


Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
Task: {14D0CE91-BD5E-4700-8B6E-69812042FB4B} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {18CAF36F-D9A3-4786-86DA-086584197FD5} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {4F2B3704-4C7C-461B-ADFA-6C61053C4834} - System32\Tasks\{50E7FF1D-F3BC-4B0C-BF4B-420F264FAE9B} => C:\Windows\system32\pcalua.exe -a C:\Users\HP\Downloads\AUD_Vista_Win7_6620_PV_CNXT\setup.exe -d C:\Users\HP\Downloads\AUD_Vista_Win7_6620_PV_CNXT
Task: {5F2ABB86-D4E9-4E63-A6B3-FDA7C2665FE1} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
FF Extension: (Avast SafePrice | Usporedba cijena, ponude, kuponi) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\3x1bwr2w.default-1584547042417\Extensions\sp@avast.com.xpi [2020-03-29]
FF ProfilePath: C:\Users\HP\AppData\Roaming\AMozilla\AFirefox\Profiles\fnxguewh.default [2018-08-29] <==== ATTENTION
FF Plugin HKU\S-1-5-21-3837930972-3708627630-2198730149-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR Notifications: Default -> hxxps://mail.google.com;
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
S2 AGMService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [X] <==== ATTENTION
S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
U3 aswbdisk; no ImagePath
U3 avgbdisk; no ImagePath
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2018-03-29 20:31 - 2018-03-29 20:31 - 000000000 _____ () C:\Users\HP\AppData\Local\{5CF458F0-A632-442C-8E69-838741DB2B58}
2018-07-21 20:04 - 2018-07-21 20:04 - 000000000 _____ () C:\Users\HP\AppData\Local\{DEE57184-B921-4593-89D2-411F55A17A71}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [432]
AlternateDataStreams: C:\Windows\System32:tdsrset.gfc [5846]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [432]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
AlternateDataStreams: C:\Users\HP\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\HP\Application Data:NT [40]
AlternateDataStreams: C:\Users\HP\Application Data:NT2 [432]
AlternateDataStreams: C:\Users\HP\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT2 [432]
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [462]
MSCONFIG\startupreg: winlogui => C:\Windows\system32\winlogui.exe -o mine.xmrpool.net:80 -u 8AW8EXfdqiT8EmjCBFWh2shwW3sC98KCEFUoNK9G6t6pJL1HkFkMJmifxXrkGS8eJ29o8k7DQPqDq5M6rCu3esd8FWL7jjt -p x
FirewallRules: [{1BCCE77B-A34C-4145-939A-96F0697C53AA}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe No File
FirewallRules: [{D3190D45-0A21-4411-824E-A52B2CE864BB}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe No File
FirewallRules: [{90913057-160E-4B1D-BAD1-22F5055796B4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{4B470603-CCC7-4D24-B077-3B05F78343D1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{D27F2B2B-CC17-4FB2-9657-68FE13B57228}C:\games\counter-strike warzone\hl.exe] => (Allow) C:\games\counter-strike warzone\hl.exe No File
FirewallRules: [UDP Query User{6456C5F5-9126-483B-B6EB-E0F72D499D31}C:\games\counter-strike warzone\hl.exe] => (Allow) C:\games\counter-strike warzone\hl.exe No File
FirewallRules: [{BDF6939F-F24B-4D0F-8091-991317A7465A}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{D12C0654-B43F-45C5-8568-5D0AA92C528D}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{00BBF8C5-B575-4B41-A458-BF444240D8E9}] => (Allow) C:\Program Files (x86)\B-Link Smart Router\Common\ApUI.exe No File
FirewallRules: [TCP Query User{0C528713-70ED-4DCE-95DA-C7CFC747F2CF}C:\program files (x86)\b-link smart router\common\udpclient.exe] => (Allow) C:\program files (x86)\b-link smart router\common\udpclient.exe No File
FirewallRules: [UDP Query User{7794EA51-EE4D-48CA-B585-62C6A93C8D40}C:\program files (x86)\b-link smart router\common\udpclient.exe] => (Allow) C:\program files (x86)\b-link smart router\common\udpclient.exe No File
FirewallRules: [TCP Query User{F30343B1-C475-42C7-A441-1CF0ABD0CF58}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe No File
FirewallRules: [UDP Query User{65E143AA-767D-46FD-8A2C-666A59E564F9}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe No File
FirewallRules: [TCP Query User{C04F696D-AAD2-46E8-8A2A-62570B18F6C7}D:\ros\ros.exe] => (Allow) D:\ros\ros.exe No File
FirewallRules: [UDP Query User{0A62B881-DF3D-4BBB-91F6-9B2E0E16354A}D:\ros\ros.exe] => (Allow) D:\ros\ros.exe No File
FirewallRules: [TCP Query User{A98BBF46-E81E-4193-B628-FEEC62D4976D}D:\ros\ccmini\ccmini.exe] => (Allow) D:\ros\ccmini\ccmini.exe No File
FirewallRules: [UDP Query User{9241B567-760D-48A9-92F3-BF1BAC15C093}D:\ros\ccmini\ccmini.exe] => (Allow) D:\ros\ccmini\ccmini.exe No File
FirewallRules: [TCP Query User{97BB936B-704A-4AFD-8BAA-4F8956C98539}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe No File
FirewallRules: [UDP Query User{FD52AA6E-141B-4923-821E-3AEE9F435F67}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe No File
irewallRules: [{B249A322-7E7B-4AA5-9C24-B7E85EEE4E76}] => (Allow) D:\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe No File
FirewallRules: [{0DAD67FF-6C94-4D51-899B-BB817B0902A2}] => (Allow) D:\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe No File
FirewallRules: [TCP Query User{D773178D-BD61-434D-B73C-324779A1DC25}D:\program files (x86)\mr dj\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\mr dj\fifa 15\fifa15.exe No File
FirewallRules: [UDP Query User{A6CA805C-D15F-48F6-B19E-1179D62884F5}D:\program files (x86)\mr dj\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\mr dj\fifa 15\fifa15.exe No File
FirewallRules: [TCP Query User{6DF5F0BA-D8EF-41AC-AB11-24C54FEE1B3D}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{77FF3EF8-C51E-4F46-A797-5F3B822D34C3}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{A5BC16F8-0A67-48D2-9FFC-DA36675F81A3}D:\creative destruction\client.exe] => (Allow) D:\creative destruction\client.exe No File
FirewallRules: [UDP Query User{596BAD00-EA12-44FB-99F1-DA40A8656346}D:\creative destruction\client.exe] => (Allow) D:\creative destruction\client.exe No File
FirewallRules: [TCP Query User{7F6B02B9-75F7-4E82-8340-5F9BAFA45C83}D:\creative destruction\ccmini\ccmini.exe] => (Allow) D:\creative destruction\ccmini\ccmini.exe No File
FirewallRules: [UDP Query User{FCC9B54E-8CE2-4AB9-A946-09581ABC9B56}D:\creative destruction\ccmini\ccmini.exe] => (Allow) D:\creative destruction\ccmini\ccmini.exe No File
FirewallRules: [TCP Query User{ACB279BB-FE7D-4B70-9077-1AD1A4C1A66C}D:\program files\counter-strike global offensive\7launcher\tools\steamcmd\steamcmd.exe] => (Block) D:\program files\counter-strike global offensive\7launcher\tools\steamcmd\steamcmd.exe No File
FirewallRules: [UDP Query User{2D62D526-0A54-4C0E-AD76-B98B720E8022}D:\program files\counter-strike global offensive\7launcher\tools\steamcmd\steamcmd.exe] => (Block) D:\program files\counter-strike global offensive\7launcher\tools\steamcmd\steamcmd.exe No File
FirewallRules: [TCP Query User{F7168F92-625E-4902-9D4A-D9C4ED26D7BB}D:\program files\counter-strike global offensive\csgo.exe] => (Allow) D:\program files\counter-strike global offensive\csgo.exe No File
FirewallRules: [UDP Query User{2839C459-E809-4D0E-B36B-A89C839CC47F}D:\program files\counter-strike global offensive\csgo.exe] => (Allow) D:\program files\counter-strike global offensive\csgo.exe No File
FirewallRules: [TCP Query User{717CFC27-2FB7-4E6C-AB53-6B5DE3E80ED9}D:\program files\epic games\subnautica\subnautica.exe] => (Allow) D:\program files\epic games\subnautica\subnautica.exe No File
FirewallRules: [UDP Query User{3D7740B0-C987-433C-8DEF-90E5325060FF}D:\program files\epic games\subnautica\subnautica.exe] => (Allow) D:\program files\epic games\subnautica\subnautica.exe No File
FirewallRules: [{CF935E3B-D1B1-4AC8-9271-EAA68E40982D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{C8C19C2C-63F7-40D7-A22E-3D82D78F89C1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{349E18CB-5031-42FF-BBA1-7118F7909E30}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{07CFF373-D1F9-42BA-AB9D-7B5B792C47D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{EA285AB6-E6E6-41B5-95C6-C3EC7E1F61D4}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe No File
FirewallRules: [TCP Query User{F12D02E0-B9C2-4DFF-97BD-E8DCF999230D}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [UDP Query User{3C13A95F-6504-46F9-80CF-CF263A88BC0D}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [TCP Query User{6A9C4F5A-2A91-47CB-B8EC-66781AB08988}C:\users\hp\desktop\gta san andreas\proxy_sa.exe] => (Allow) C:\users\hp\desktop\gta san andreas\proxy_sa.exe No File
FirewallRules: [UDP Query User{996D442F-B65A-4E8E-8C44-6EA2E4D6E74B}C:\users\hp\desktop\gta san andreas\proxy_sa.exe] => (Allow) C:\users\hp\desktop\gta san andreas\proxy_sa.exe No File
FirewallRules: [{C2650AED-9064-453F-9C89-D254EC600698}] => (Allow) D:\Games\Counter-Strike WaRzOnE\hl.exe No File
FirewallRules: [{F8847AB5-0C7F-4483-9031-6BC0036EED1A}] => (Allow) D:\Games\Counter-Strike WaRzOnE\hl.exe No File
FirewallRules: [TCP Query User{F8C0DED1-84DC-4016-B84B-E707FF69E7ED}C:\users\hp\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\hp\appdata\local\gamecenter\gamecenter.exe No File
FirewallRules: [UDP Query User{45851EBB-91C7-48B4-AC69-D7C3C0F55A97}C:\users\hp\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\hp\appdata\local\gamecenter\gamecenter.exe No File
FirewallRules: [{3BA57851-9931-4E5F-895B-1FA29A103078}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe No File
FirewallRules: [{5318B4E9-F9AB-46A3-88A2-E0A676AC37E5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe No File
FirewallRules: [{B27A200C-2D23-4403-ACC1-D40EE2E349D3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe No File
FirewallRules: [{AB936A85-6631-450A-9BBC-1DAC75551424}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe No File
FirewallRules: [{45CA00E7-5EE7-4D18-AA52-5142AF470719}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe No File
FirewallRules: [{3897BF23-1848-4330-A7E7-43D98BC0220C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe No File
FirewallRules: [TCP Query User{EFB9B5A3-3761-44BF-82E1-CD0D06AFFB4D}D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [UDP Query User{1E7AE8A1-B682-4852-AFCF-D46C51D3BBD7}D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [TCP Query User{A73E4353-94A7-48AC-B852-D7E11A75BE25}D:\program files (x86)\r.g. mechanics\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Allow) D:\program files (x86)\r.g. mechanics\stronghold crusader 2\bin\win32_release\crusader2.exe No File
FirewallRules: [UDP Query User{F034764B-6ECE-496F-ACF0-AB7E151A4C37}D:\program files (x86)\r.g. mechanics\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Allow) D:\program files (x86)\r.g. mechanics\stronghold crusader 2\bin\win32_release\crusader2.exe No File
FirewallRules: [TCP Query User{616C46DF-33D7-42A6-B4F0-8FC553693D21}D:\mygames\warface my.com\bin32release\game.exe] => (Allow) D:\mygames\warface my.com\bin32release\game.exe No File
FirewallRules: [UDP Query User{7F13EBE3-F1AD-4453-BEF6-7A1FECC8C841}D:\mygames\warface my.com\bin32release\game.exe] => (Allow) D:\mygames\warface my.com\bin32release\game.exe No File
FirewallRules: [TCP Query User{DF979B66-DDA0-4AD5-85B2-791EBD9E9124}D:\n\half life\hl.exe] => (Allow) D:\n\half life\hl.exe No File
FirewallRules: [UDP Query User{2C3FF9EC-2D28-4618-85E7-65F8F228E358}D:\n\half life\hl.exe] => (Allow) D:\n\half life\hl.exe No File
FirewallRules: [TCP Query User{A252509C-EF52-4B21-97D7-FF0D3748BD1A}D:\program files (x86)\counter strike - condition zero (ultimate edition)\czero.exe] => (Allow) D:\program files (x86)\counter strike - condition zero (ultimate edition)\czero.exe No File
FirewallRules: [UDP Query User{B2F3A269-060E-4180-B8EC-C7644FEFB97B}D:\program files (x86)\counter strike - condition zero (ultimate edition)\czero.exe] => (Allow) D:\program files (x86)\counter strike - condition zero (ultimate edition)\czero.exe No File
FirewallRules: [TCP Query User{02B45A8B-16AE-4358-AE80-0F62E9A4152A}D:\n\call of duty   modern warfare 4 full game  mp-sp  -=aviara=-\call of duty modern warfare\iw3mp.exe] => (Allow) D:\n\call of duty   modern warfare 4 full game  mp-sp  -=aviara=-\call of duty modern warfare\iw3mp.exe No File
FirewallRules: [UDP Query User{94DF2718-1244-430B-AF9E-F63870D411D2}D:\n\call of duty   modern warfare 4 full game  mp-sp  -=aviara=-\call of duty modern warfare\iw3mp.exe] => (Allow) D:\n\call of duty   modern warfare 4 full game  mp-sp  -=aviara=-\call of duty modern warfare\iw3mp.exe No File
FirewallRules: [TCP Query User{09886B3E-8DC0-49AF-857D-471037C0F3C6}D:\ros1\ros.exe] => (Allow) D:\ros1\ros.exe No File
FirewallRules: [UDP Query User{E8FB21E9-9643-43F8-B3C0-8609509C6EC3}D:\ros1\ros.exe] => (Allow) D:\ros1\ros.exe No File
FirewallRules: [TCP Query User{D7C9DFF5-5437-4905-BA63-393F094A0657}D:\ros1\ccmini\ccmini.exe] => (Allow) D:\ros1\ccmini\ccmini.exe No File
FirewallRules: [UDP Query User{2F2B04A4-B5B1-4BCB-9A95-BEC3E19855DF}D:\ros1\ccmini\ccmini.exe] => (Allow) D:\ros1\ccmini\ccmini.exe No File
FirewallRules: [{44A2CF4F-31E0-4E60-B242-AFB7C9C0C965}] => (Allow) D:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe No File
FirewallRules: [{CCDFE91D-8699-4E0D-8248-41F12FBC35BC}] => (Allow) D:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe No File
FirewallRules: [TCP Query User{9B05BEEA-7940-4799-BBD2-1A043B9B3881}D:\program files (x86)\ea sports\fifa 11\game\fifa.exe] => (Allow) D:\program files (x86)\ea sports\fifa 11\game\fifa.exe No File
FirewallRules: [UDP Query User{0C5D63F5-5509-4D4D-B72C-C1511BF14119}D:\program files (x86)\ea sports\fifa 11\game\fifa.exe] => (Allow) D:\program files (x86)\ea sports\fifa 11\game\fifa.exe No File
FirewallRules: [{4C82FD2A-A273-4788-8242-B5DDD6FE7CBF}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe No File
FirewallRules: [{52BFCB02-060B-40E3-A3ED-3C34354152E5}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe No File
FirewallRules: [{78BE2D12-A026-4F99-BE16-A54AEB765800}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe No File
FirewallRules: [{EE8D4C2D-3E22-49A5-9E32-DB99EAA123DE}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe No File
FirewallRules: [{862552AF-0A89-44A0-AB99-DBE03ADDF780}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe No File
FirewallRules: [{EE88C25C-AA04-4F3F-88F4-E4728806E235}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe No File
FirewallRules: [{097FC17B-E510-4EF0-8766-7DD6F07CAF9E}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe No File
FirewallRules: [{4FCC90B6-DF66-4E95-99E8-36CDA5734EDB}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe No File
FirewallRules: [{CE3AFD86-94FE-4022-8145-37AE17E4B74C}] => (Allow) C:\Windows\system32\winrmsrv.exe No File
C:\Windows\system32\winlogui.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient
C:\Users\HP\AppData\Roaming\AMozilla\AFirefox\Profiles\fnxguewh.default
C:\Program Files (x86)\netcut
C:\Program Files (x86)\HiSuite
C:\Program Files (x86)\ProxyGate
C:\Program Files (x86)\TeamViewer
C:\ProgramData\MTA San Andreas All
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
ExportKey: FF HKLM\SOFTWARE\Policies\Mozilla\Firefox
EmptyTemp:
End::
  • Please open the New Folder on your Desktop, and drag the FRST tool from there on to your Desktop.
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

6. Fresh FRST logs

  • Double-click the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

In your next reply please:

  • Post the fixlog.txt (step 5).
  • Post the FRST.txt and Addition.txt (step 6).

NOTE: I have taken care of the mail.google.com notification, as you asked me to do in the pm.
 
#11 · (Edited)
Hi, atkepatke.

Here we are.

Comments:

1. Please do not use any tool (e.g. Hitman Pro), during the cleaning process, unless you are instructed to do so. :)

2. I noticed that you uninstalled your antivirus software (AVG, Microsoft Security Essentials, McAfee Security Scan Plus) and you kept McAfee Safe Connect which is not an antivirus.
Safe Connect is not an antivirus product, and does not scan and protect your devices from viruses and malware.
Safe Connect connects you to the internet through a Virtual Private Network (VPN) to enable these features on your Windows, Android, and iOS devices. All network data that travels through a VPN is encrypted, and Safe Connect uses AES 256-bit encryption by default. This encryption protects your data by preventing anyone else from reading it.
From here.
You should install an antivirus product now. You can choose from these free antivirus products below. If you upgrade to Windows 10 later, Windows Defender which is embedded in the new OS is good enough to protect your computer, and you may uninstall anything else if you wish.

Free antivirus products:

BitDefender
Avira
Kaspersky Security Cloud
Avast

3. Please run again an FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
S2 RaAutoInstSrv_RT2870; C:\Program Files (x86)\B-Link Smart Router\RT2870 Flash Install Wireless LAN Card\AutoInstSvc\RaAutoInstSrv.exe [X]
C:\Users\HP\AppData\Roaming\AMozilla
ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
4. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
5. Scanning with SecurityCheck by glax24
  • Download SecurityCheck by glax24 from here and save the tool on the desktop.
  • Run the program by right-click the icon and choose run as administrator.
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt.
  • Copy the contents of this file to your next post.

In your next reply, please post:

  1. The fixlog.txt
  2. The Eset report
  3. The SecurityType.txt
 
#13 · (Edited)
Hi, atkepatke.

Excellent job! :)

I'll be back to you as soon as possible, for the next steps.

Meanwhile, I pasted here the SecurityCheck's results, so they can be shown clearly. As you can see, there are are many programs outdated, along with your operating system which needs update too.

I recommend to start with updating the following programs, if you want to keep them of course.
  • Team Viewer
  • VLC media player
  • WinRAR
  • Skype
  • Java (Uninstall the old version before installing the new one)
  • Adobe flash player
  • NVIDIA GeForce Experience
  • Internet Explorer
  • Mozilla Firefox
  • Google Chrome
You should also consider uninstalling Microsoft Office Enterprise 2007, which is no longer supported, and try one of the recommended programs. Not a bad idea to use the Microsoft Office Online, taking in mind that you need a Microsoft account to sign in first.

Please, report what you did in your next reply.

_____________________________________________________

SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 04.04.2020 17:47:33
Path starting: C:\Users\HP\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: HP
VersionXML: 7.37is-04.04.2020
__________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: English(0409)
Installation date OS: 16.08.2017 06:42:10
LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [116.3 Gb] Used: [101 Gb] Free: [15.3 Gb]
------------------------------- [ Windows ] -------------------------------
Extended support has ended 14.01.2020, Your operating system may be vulnerable to new types of threats
Internet Explorer 8.0.7601.17514 Warning! Download Update
User Account Control disabled (Level 1)

^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^
Never check for updates
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------- [ HotFix ] --------------------------------
HotFix KB3177467 Warning! Download Update
HotFix KB3125574 Warning! Download Update
HotFix KB4012212 Warning! Download Update
HotFix KB4499175 Warning! Download Update
HotFix KB4474419 Warning! Download Update
HotFix KB4490628 Warning! Download Update
HotFix KB4512486 Warning! Download Update
HotFix KB4474419 Warning! Download Update
HotFix KB4539602 Warning! Download Update
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.4518.1014
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
Disabled the public profile of Windows Firewall
Disabled the standard profile for Windows Firewall

-------------------------- [ SecurityUtilities ] --------------------------
HitmanPro 3.8 v.3.8.18.312
Process Hacker 2.39 (r124) v.2.39.0.124
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft .NET Framework 4.7.1 v.4.7.02558 Warning! Download Update
NVIDIA GeForce Experience 3.20.1.57 v.3.20.1.57 Warning! Download Update
Microsoft Office Enterprise 2007 v.12.0.4518.1014 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
Steam v.2.10.91.91
TeamViewer 14 v.14.1.3399 Warning! Download Update
VLC media player 2.1.3 v.2.1.3 Warning! Download Update
Microsoft .NET Framework 1.1 v.1.1.4322 Warning! This software is no longer supported.
-------------------------------- [ Arch ] ---------------------------------
WinRAR 5.21 (64-bit) v.5.21.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Discord v.0.0.306
Skype version 8.25 v.8.25 Warning! Download Update
Skype™ 6.18 v.6.18.105 Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
TunnelBear v.3.6.3.0 Warning! This app can show ads.
McAfee Safe Connect v.1.6.0.223
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.5.5.45608 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 231 (64-bit) v.8.0.2310.11 Warning! Download Update
Uninstall old version and install new one (jre-8u241-windows-x64.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player ActiveX v.9.0.124.0 Warning! Download Update
Adobe Flash Player 32 NPAPI v.32.0.0.114 Warning! Download Update
Adobe Flash Player 32 PPAPI v.32.0.0.303 Warning! Download Update
Adobe Reader XI (11.0.07) v.11.0.07 Warning! This software is no longer supported. Please uninstall it and use Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 64.0.2 (x64 en-US) v.64.0.2 Warning! Download Update
Google Chrome v.80.0.3987.149 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
HitmanPro Scheduler (HitmanProScheduler) - The service is running
C:\Program Files\HitmanPro\hmpsched.exe v.3.8.18.312
Microsoft Network Inspection (NisSrv) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 
#14 ·
Hi, atkepatke. :)

After updating the programs in my previous post, please do the following, to provide fresh FRST logs:
  • Double-click the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top