1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help with hidden trojan/virus.

Discussion in 'Windows - Virus and spyware problems' started by jmk1011, Oct 6, 2016.

  1. jmk1011

    jmk1011 Member

    Joined:
    Mar 24, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    16
    Please help with virus/trojan. The following is a copy of my HijackThis log.
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 3:42:26 PM, on 10/6/2016
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.14393.0000)

    FIREFOX: 46.0.1 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Gyazo\GyStation.exe
    C:\Users\maxu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\Users\maxu\AppData\Roaming\Spotify\Spotify.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Users\maxu\AppData\Roaming\Spotify\SpotifyCrashService.exe
    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    C:\Users\maxu\AppData\Roaming\Spotify\Spotify.exe
    C:\Users\maxu\AppData\Roaming\Spotify\Spotify.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
    C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
    C:\Users\maxu\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
    C:\Users\maxu\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\SysWoW64\cmd.exe
    C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\conathst.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\maxu\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://asus13.msn.com/?pc=ASJB
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\coIEPlg.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\coIEPlg.dll
    O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [WebStorage] c:\program files (x86)\asus\webstorage\2.1.11.399\asuswsloader.exe
    O4 - HKLM\..\Run: [ASUSPRP] c:\program files (x86)\asus\aprp\aprp.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
    O4 - HKCU\..\Run: [OneDrive] "C:\Users\maxu\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    O4 - HKCU\..\Run: [Spotify Web Helper] c:\users\maxu\appdata\roaming\spotify\spotifywebhelper.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 9] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
    O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{974d42a3-2dee-4b70-bfe0-587e3b78d6cb}: NameServer = 77.234.40.79
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service 9 (AdvancedSystemCareService9) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\N360.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
    O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
    O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
    O23 - Service: Razer Chroma SDK Service - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
    O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14034 bytes

    After the above logfile page, I selected analyze this and the following appeared: http://sourceforge.net/p/hjt/support-requests/
    I didn't go there, thought I would ask the pros at AfterDawn first. Thank you for you help and blessings for a most grateful day.
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Hi jmk1011,
    HijackThis is no longer worthwhile. it hasn't been kept up for years now...

    Do the following:

    Please download Zemana AntiMalware and save it to your Desktop.
    • Install the program and once the installation is complete it will start automatically.
    • Without changing any options, press Scan to begin.
    • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
    • Open Zemana AntiMalware again.
    • Click on [​IMG] icon and double click the latest report.
    • Now click File > Save As and choose your Desktop before pressing Save.
    • The only thing left is to attach saved report in your next message.

    Please attach all reports using [​IMG] button below. Doing this, you make it easier for me to analyze and fix your problem.



    2oG :)

     
    Last edited: Oct 6, 2016
  3. jmk1011

    jmk1011 Member

    Joined:
    Mar 24, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    16
    This was what i got from the smart scan, Do i need to run a deep scan?
     

    Attached Files:

  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Probably need to go deeper. It don't hurt..
    That picked up Conduit which can act like a trojan.
    How are you doing now? any problems?
     
    jmk1011 likes this.
  5. jmk1011

    jmk1011 Member

    Joined:
    Mar 24, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    16
    Well no problems right now but before restarting a few times i had something on my task manager called "pdproxy" running at high disk/memory, and also two nameless processes running in my windows processes on my task manager, i will run a deep scan now. p.s i've heard of something called "sality" that will mess with windows processes and bring trojans.
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    I haven't used HijackThis for so long that I'm pretty rusty with it. lol Anyway, I looked over the HJT log and it looks like you have 2 AntiVirus pgms installed. If so, that's a big no no:

    Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another one as harmful, leaving your system unstable and even damaged. Please choose only one from the list below to stay with and uninstall the others:
    * Norton 360
    * Avast


    After that, let's do a little deep cleaning and see if it helps..

    Scan with ZOEK


    Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
    Please also download the attached scriptfile, named zoekscript.txt.


    [​IMG] Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

    Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:
    [​IMG]

    Please approve any UAC prompt to allow this action to proceed.

    Answer Yes to the following prompt to allow the zoek script to run:

    [​IMG]

    This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

    When the tool finishes, the zoek-results.log is opened in Notepad.
    The log is also found on the systemdrive, normally C:\
    If a reboot is needed, the log is opened after the reboot.

    Please attach the zoek-results.log to your reply.


    2oG :)
     

    Attached Files:

    jmk1011 likes this.
  7. jmk1011

    jmk1011 Member

    Joined:
    Mar 24, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    16
    I'd like to keep the antivirus that will protect me from getting my passwords taken or getting hacked i've heard that norton 360 wont protect from that all it dose is protect from spyware/malware what one will be better?. thanks again for the help so far, also do you need the logs from the deep scan because it is picking up a few trojans/malware.
     
    Last edited: Oct 7, 2016
  8. jmk1011

    jmk1011 Member

    Joined:
    Mar 24, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    16
    Deep scan is done here is the log, now do i run zoek.
     

    Attached Files:

  9. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    My choice is Avast. I personally use it and really like it..
    Yes, go ahead and run zoek it does some browser and registry cleaning. It usually takes awhile so be patient. Be sure to disable AV and any real time scanners so they don't interfere..
     
    jmk1011 likes this.
  10. jmk1011

    jmk1011 Member

    Joined:
    Mar 24, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    16
    i'll run that tomorrow because i'm about to power the pc off for the night, and i will get rid of the rest of my antimalware and keep avast anything i need to do about the stuff found off the deep scan?
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    No it was quarantined. Have a good night.. I'm out too.....
     
    jmk1011 likes this.
  12. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,071
    Likes Received:
    79
    Trophy Points:
    128
    you are always out.
     
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    not always... I lurk-alot,
     
    jmk1011 likes this.
  14. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,071
    Likes Received:
    79
    Trophy Points:
    128
    the wife says you are always out as in "out like a light bulb".
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    stay away from my wife! :mad:
     
    jmk1011 likes this.
  16. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,071
    Likes Received:
    79
    Trophy Points:
    128
    she told me & I have not left Canada in years.
     
  17. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Oh, I feel so sorry for those poor Canadians........ :(
     
    jmk1011 likes this.
  18. jmk1011

    jmk1011 Member

    Joined:
    Mar 24, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    16
    looks like you two had a nice chat lol, anyways hope you all are having a nice day but i'm wondering if whats going on with me is just a normal virus or someone trying to do harm to my computer/accounts, and my windows processes are acting weird the past few days really hope you guys can help me work this one out i'd hate to have someone spying on me. :( p.s i've run the following antivirus scans and found nothing but i have found a few things with Zemana antimalware i will link what i found in that scan.

    -Norton 360 quick scan
    -Norton 360 full system scan
    -Avast free antivirus scan

    Note: i will run "zoek" later today after i upgrade my avast and get rid of the rest of my antimalware, also if you guys haven't looked up "Sality" i'm very suspicious that's what i have, will running the system file checker help im on windows 10 btw.
     

    Attached Files:

    Last edited: Oct 7, 2016
  19. jmk1011

    jmk1011 Member

    Joined:
    Mar 24, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    16
    I also found that "sality" will act as normal processes like "explorer.exe" and "dllhost.exe" and i found them both running in my task manager at high memory.
     

    Attached Files:

  20. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Instead of just picking at it, let's run a full scan that I can look over and, most likely, find any problems that exist.

    Please run FRST for me and that will show me what problems you may have. FRST does NOT fix anything on the first scan, it depends on me to find the problems, isolate them and develop a script that will remove them in the phase two, second running of FRST. Here we go................

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.

      [​IMG]
    • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    2oG :)
     

Share This Page