1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Looking for some help, Please

Discussion in 'Virus & Other Malware Removal' started by FatDaddy, Feb 11, 2019.

Advertisement
  1. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    104
    My computer has apparently been infected with something. Its running really slowly. I really don't know where to start. Malwarebytes finds nothing, windows defender finds nothing. Any help will be much appreciated.

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Pro, 64 bit
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 4
    RAM: 8086 Mb
    Graphics Card: Intel(R) HD Graphics 3000, -1988 Mb
    Hard Drives: C: 581 GB (214 GB Free);
    Motherboard: Dell Inc., 0NJT03
    Antivirus: Windows Defender, Enabled and Updated
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything, please ask.


    --------------------


    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen pop-up, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, two log files will open - FRST.txt and Addition.txt.
    • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    104
    The messages were too long. I uploaded them as .txt. Please let me know if this works.

    Thanks for your help.
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Hi,

    Can you describe any issues that you are currently experiencing with this computer that you think are related to a malware infection?

    ---------------------------------

    We'll remove a few 'orphaned' entries.

    Highlight the contents of the below code box and press Ctrl + C:
    Code:
    Start::
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File
    AppInit_DLLs: , C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File
    AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => No File
    
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-324364330-410934853-3438704064-1001 -> DefaultScope {C5A4D50C-3818-4448-AADB-BDB061CE0896} URL =
    SearchScopes: HKU\S-1-5-21-324364330-410934853-3438704064-1001 -> {C5A4D50C-3818-4448-AADB-BDB061CE0896} URL =
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    
    2019-02-09 15:00 - 2019-02-09 15:01 - 000000000 ____D C:\Program Files (x86)\GUMC162.tmp
    2019-02-09 15:00 - 2019-02-09 15:00 - 007895040 _____ C:\Program Files (x86)\GUTC163.tmp
    
    CustomCLSID: HKU\S-1-5-21-324364330-410934853-3438704064-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lester\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-324364330-410934853-3438704064-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lester\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll -> No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
    
    Task: {05728E63-0904-44F9-BED8-F881D412B305} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {0F1D1CA6-D9B5-44F9-8235-036A3945F88D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {17134861-8122-40F0-BBED-EA15E7FD74F7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {23F17353-8DCF-48D4-8296-CB7C6493C7CC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {2C305565-47A6-4E65-8EE8-7E105DE3B238} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {2FEC4640-5010-47FE-9B92-D444F44605C2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {44DF388E-9D6C-474E-84C9-4DBFEBE1B24F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {53F6DA42-BC7C-409C-BCAF-A153B4A8F33C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {77EBD92C-BE26-409E-813D-BC35FE57C278} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {859D8E93-5ECC-49D0-94E4-13CAA7102FED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {86FF5AF0-4F22-49B7-B285-AFBD1CF7E105} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9BA9FC98-19AB-413F-A26F-DE1FC457E554} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {BE9E4548-1A9C-454C-9296-50FC03AEAB3F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    
    AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [273]
    
    FirewallRules: [UDP Query User{CB381208-6643-4C2F-88BF-EC2BBE668A48}C:\users\lester\appdata\local\temp\7zs2376\enterprisedu.exe] => (Allow) C:\users\lester\appdata\local\temp\7zs2376\enterprisedu.exe No File
    FirewallRules: [TCP Query User{66AB3B24-CC52-4330-A6B3-B1F5A9D8D5D3}C:\users\lester\appdata\local\temp\7zs2376\enterprisedu.exe] => (Allow) C:\users\lester\appdata\local\temp\7zs2376\enterprisedu.exe No File
    FirewallRules: [{6CB73E15-553C-43D1-B6FE-50A0AA0C7A58}] => (Allow) C:\Users\Lester\AppData\Local\Temp\7zS0EDD\HP.EasyStart.exe No File
    FirewallRules: [{6C9064CF-FF25-4ED0-8CC8-229940CAF7E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
    FirewallRules: [{43BABC62-80B2-4F3C-A616-9C34791B4468}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
    FirewallRules: [{385D26B3-4018-411F-A043-6EBF439B5F45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
    FirewallRules: [{561CB9DE-F82B-4DE4-9B92-0CD7DC487CC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
    FirewallRules: [{1CAEE88E-7AB7-43AA-94A4-B46C144CBA40}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
    FirewallRules: [{29312CE8-27E2-4192-A8F8-250122CB38DA}] => (Allow) C:\Users\Lester\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
    FirewallRules: [{FB0A5A77-77DD-47A4-905A-114279744073}] => (Allow) C:\Users\Lester\AppData\Local\Temp\7zS440.tmp\SymNRT.exe No File
    FirewallRules: [{D78111D6-35CE-4D09-8890-6BDD9EFFB51D}] => (Allow) C:\Users\Lester\AppData\Local\Temp\7zS440.tmp\SymNRT.exe No File
    FirewallRules: [{2F36C4EC-09E5-4441-9BFB-AEB43E475325}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe No File
    FirewallRules: [{2B1982A2-4746-4A23-9BAA-64F468828EFE}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
    FirewallRules: [{16637C85-4B86-406D-9424-F828A1238351}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
    FirewallRules: [{96D4A7FC-6793-46D5-B579-6F6228954266}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe No File
    FirewallRules: [{445FA8EA-FE45-4E4C-A3D6-A5C69FD06C42}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe No File
    FirewallRules: [{647F75BE-6FFF-450B-A9DD-0E8EB713E236}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe No File
    FirewallRules: [{1E4F57AC-AF55-4562-9591-7D936E38BE99}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe No File
    FirewallRules: [{5B42FA20-9519-477E-A6D4-0EB71535512C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMR\PowerDVD13DMREngine.exe No File
    FirewallRules: [{D01CD236-CD3D-4566-A30B-32C5289C0C01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
    FirewallRules: [{D2745853-FBF3-4881-B02E-1B37749752C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
    
    
    VirusTotal: C:\Users\Public\dcmsvcsetup.exe
    VirusTotal: C:\Users\Public\invokesi.exe
    
    End::
    Right-click on FRST/FRST64 and select Run as Administrator.
    Click on Fix.
    Note - there is no need to paste the contents of the code box anywhere.
    If your computer restarts, allow it to do so.
    Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
    Please copy and paste the contents of the fixlog into your next reply.

    Thanks.
     
  5. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    104
    It takes forever for it to boot up.)
     
  6. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    104
    It takes it forever to boot up, and when it does Yahoo.com open up anytime I open google.
     

    Attached Files:

  7. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Hi,

    Which browser does the problem with Yahoo occur in?


    Thanks.
     
  8. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    104
    I normally use Google Chrome so I know that it happens with Google. I'm not sure about Edge, Firefox or Explorer.
     
  9. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Hi,

    Highlight the contents of the below code box and press Ctrl + C:
    Code:
    Start::
    
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.yahoo.com/"
    
    C:\Users\Public\dcmsvcsetup.exe
    C:\Users\Public\invokesi.exe
    
    End::
    Right-click on FRST/FRST64 and select Run as Administrator.
    Click on Fix.
    Note - there is no need to paste the contents of the code box anywhere.
    If your computer restarts, allow it to do so.
    Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
    Please copy and paste the contents of the fixlog into your next reply.

    Let me know if the problem with Yahoo persists.

    Thanks.
     
  10. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    104
    I'm sorry that it took so long, I was out of town.....

    Fix result of Farbar Recovery Scan Tool (x64) Version: 17.02.2019
    Ran by Lester (17-02-2019 20:43:09) Run:2
    Running from C:\Users\Lester\Desktop
    Loaded Profiles: Lester (Available Profiles: Lester & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.yahoo.com/"
    C:\Users\Public\dcmsvcsetup.exe
    C:\Users\Public\invokesi.exe

    *****************

    "Chrome StartupUrls" => removed successfully
    C:\Users\Public\dcmsvcsetup.exe => moved successfully
    C:\Users\Public\invokesi.exe => moved successfully


    The system needed a reboot.

    ==== End of Fixlog 20:43:09 ====
     
  11. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    104
    Oh, and Yahoo did not start up this time.
     
  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Hi,

    Excellent (y)

    How is the computer doing?
     
  13. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    104
    It is doing much, much better. I probably need to remove / uninstall a lot of apps / programs that I no longer use. It's still slow booting up, but I think that removing some stuff will help that.
    I'm running Microsoft Defender and Malwarebytes Pro. Do you recommend anything else? Thanks again for your help.
     
  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Hi,

    Windows Defender and Malwarebytes are good protection.

    To speed up the boot time, you can disable Startup items you don't need.

    Press Ctrl + Shift + Esc to open Task Manager. Click the Startup tab. A list of startup items will open.
    Select program/s you don't need to run on every boot, and click Disable.

    I recommend you keep some items like Windows Defender notifications enabled.
    However, you can disable programs that you don't want to launch on startup. This will speed up the boot time.

    Let me know how it goes.

    Thanks.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1222999

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice