Solved Malware or virus, what do I need to do?

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.9 KB · Views: 5
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-05-2017
Ran by Tomi (21-05-2017 02:24:16) Run:1
Running from C:\Users\Tomi\Desktop
Loaded Profiles: Tomi (Available Profiles: Tomi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2015-11-13 14:51 - 2017-05-20 18:13 - 0000074 _____ () C:\Users\Tomi\AppData\Roaming\sp_data.sys
2017-01-25 02:53 - 2017-01-25 02:53 - 0000092 _____ () C:\Users\Tomi\AppData\Local\fusioncache.dat
2016-09-17 08:20 - 2016-09-17 08:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-26 03:19 - 2017-01-26 03:19 - 0000040 _____ () C:\ProgramData\ra3.ini
2014-10-29 07:25 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2017-05-19 04:30 - 2016-11-11 11:13 - 1886344 _____ Microsoft Corporation) C:\Users\Tomi\AppData\Local\Temp\dllnt_dump.dll
2017-01-25 02:53 - 2017-01-25 02:57 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Tomi\AppData\Local\Temp\drm_dyndata_7370014.dll
2017-04-02 01:16 - 2009-06-08 13:29 - 0253952 _____ (Electronic Arts Inc.) C:\Users\Tomi\AppData\Local\Temp\eauninstall.exe
2017-01-04 09:17 - 2017-01-04 09:17 - 1112255 _____ () C:\Users\Tomi\AppData\Local\Temp\ubiAFD3.tmp.exe
2017-03-30 17:39 - 2017-03-30 17:39 - 14456872 _____ (Microsoft Corporation) C:\Users\Tomi\AppData\Local\Temp\vc_redist.x86.exe
Task: {03B39CDA-DE98-4C42-9482-C85EBCA73AFA} - \WPD\SqmUpload_S-1-5-21-2587465482-1460188549-1100274292-1001 -> No File <==== ATTENTION
Task: {06EF1C31-B747-4DFD-AAC0-F08C34D5AC98} - McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {08ADFBD5-EFA2-427C-B502-E26E30CEEDDF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3BCD67F6-2EFF-4EF5-8BD0-B7584A468F58} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3E08E406-F783-4FF8-A5EF-6D46CC41B2BD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {46C17FFC-512D-4C60-B641-895D9998F230} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5D84CDE4-CD24-4255-BF05-0323D97D705A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6378BF89-38A5-4536-8ABF-9D4658095BC9} - Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6611E6E9-32C9-4A33-BF15-9B00AB1A13EE} - Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AB4032B3-69C5-4742-83FF-75C3EA18D90A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C28C8CE7-4709-403D-BBA0-305022A099E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D96E54D0-74F3-4C40-B67A-E6825D12E2F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EB4B3ED5-DCB8-4A09-B55E-88D7C198EBC4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EFF34368-FEC4-404D-A9FD-242432A2995B} - Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

*****************

HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
ibtsiva => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
C:\Users\Tomi\AppData\Roaming\sp_data.sys => moved successfully
C:\Users\Tomi\AppData\Local\fusioncache.dat => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
C:\ProgramData\ra3.ini => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
C:\Users\Tomi\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Tomi\AppData\Local\Temp\drm_dyndata_7370014.dll => moved successfully
C:\Users\Tomi\AppData\Local\Temp\eauninstall.exe => moved successfully
C:\Users\Tomi\AppData\Local\Temp\ubiAFD3.tmp.exe => moved successfully
C:\Users\Tomi\AppData\Local\Temp\vc_redist.x86.exe => moved successfully
HKLM\SOFTWARE Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03B39CDA-DE98-4C42-9482-C85EBCA73AFA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03B39CDA-DE98-4C42-9482-C85EBCA73AFA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2587465482-1460188549-1100274292-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06EF1C31-B747-4DFD-AAC0-F08C34D5AC98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06EF1C31-B747-4DFD-AAC0-F08C34D5AC98} => key removed successfully
HKLM\SOFTWARE\Microsoft Windows NT\CurrentVersion\Schedule\TaskCache\Tree McAfee\McAfee Idle Detection Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08ADFBD5-EFA2-427C-B502-E26E30CEEDDF} => key removed successfully
HKLM\SOFTWARE\Microsoft Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08ADFBD5-EFA2-427C-B502-E26E30CEEDDF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BCD67F6-2EFF-4EF5-8BD0-B7584A468F58} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCD67F6-2EFF-4EF5-8BD0-B7584A468F58} => key removed successfully
HKLM\SOFTWARE Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E08E406-F783-4FF8-A5EF-6D46CC41B2BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E08E406-F783-4FF8-A5EF-6D46CC41B2BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46C17FFC-512D-4C60-B641-895D9998F230} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46C17FFC-512D-4C60-B641-895D9998F230} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D84CDE4-CD24-4255-BF05-0323D97D705A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D84CDE4-CD24-4255-BF05-0323D97D705A} => key removed successfully
HKLM\SOFTWARE\Microsoft Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6378BF89-38A5-4536-8ABF-9D4658095BC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6378BF89-38A5-4536-8ABF-9D4658095BC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6611E6E9-32C9-4A33-BF15-9B00AB1A13EE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6611E6E9-32C9-4A33-BF15-9B00AB1A13EE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB4032B3-69C5-4742-83FF-75C3EA18D90A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB4032B3-69C5-4742-83FF-75C3EA18D90A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C28C8CE7-4709-403D-BBA0-305022A099E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C28C8CE7-4709-403D-BBA0-305022A099E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D96E54D0-74F3-4C40-B67A-E6825D12E2F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D96E54D0-74F3-4C40-B67A-E6825D12E2F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB4B3ED5-DCB8-4A09-B55E-88D7C198EBC4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB4B3ED5-DCB8-4A09-B55E-88D7C198EBC4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFF34368-FEC4-404D-A9FD-242432A2995B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFF34368-FEC4-404D-A9FD-242432A2995B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-05-2017 02:25:43)

C:\ProgramData\DP45977C.lfl => Is moved successfully

==== End of Fixlog 02:25:44 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 9.0.381.0
Windows Defender
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 73
Java version 32-bit out of Date!
Google Chrome (58.0.3029.110)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Tomi (administrator) on 21-05-2017 at 04:52:07
Running from "C:\Users\Tomi\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
2017-05-21 04:31:44.122 Sophos Virus Removal Tool version 2.5.6
2017-05-21 04:31:44.122 Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-05-21 04:31:44.122 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-05-21 04:31:44.122 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2017-05-21 04:31:44.122 Checking for updates...
2017-05-21 04:31:44.137 Update progress: proxy server not available
2017-05-21 04:31:51.203 Option all = no
2017-05-21 04:31:51.203 Option recurse = yes
2017-05-21 04:31:51.203 Option archive = no
2017-05-21 04:31:51.203 Option service = yes
2017-05-21 04:31:51.203 Option confirm = yes
2017-05-21 04:31:51.203 Option sxl = yes
2017-05-21 04:31:51.203 Option max-data-age = 35
2017-05-21 04:31:51.203 Option vdl-logging = yes
2017-05-21 04:31:51.234 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-05-21 04:31:51.234 Machine ID: 511960d443ee4586a3421a0ae9ab2441
2017-05-21 04:31:51.234 Component SVRTcli.exe version 2.5.6
2017-05-21 04:31:51.234 Component control.dll version 2.5.6
2017-05-21 04:31:51.234 Component SVRTservice.exe version 2.5.6
2017-05-21 04:31:51.234 Component engine\osdp.dll version 1.44.1.2281
2017-05-21 04:31:51.234 Component engine\veex.dll version 3.68.1.2281
2017-05-21 04:31:51.234 Component engine\savi.dll version 9.0.7.2281
2017-05-21 04:31:51.234 Component rkdisk.dll version 1.5.31.1
2017-05-21 04:31:51.234 Version info: Product version 2.5.6
2017-05-21 04:31:51.234 Version info: Detection engine 3.68.1
2017-05-21 04:31:51.234 Version info: Detection data 5.38
2017-05-21 04:31:51.234 Version info: Build date 04/04/2017
2017-05-21 04:31:51.234 Version info: Data files added 371
2017-05-21 04:31:51.234 Version info: Last successful update (not yet updated)
2017-05-21 04:32:15.387 Downloading updates...
2017-05-21 04:32:15.403 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-05-21 04:32:15.403 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-05-21 04:32:15.403 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-05-21 04:32:15.403 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-05-21 04:32:15.403 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-05-21 04:32:15.403 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product IDE539 LATEST path=]
2017-05-21 04:32:15.403 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-05-21 04:32:15.403 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-05-21 04:32:15.403 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-05-21 04:32:15.403 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-05-21 04:32:16.340 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-05-21 04:32:16.340 Update progress: [I19463] Product download size 162626989 bytes
2017-05-21 04:32:18.888 Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-05-21 04:32:18.888 Update progress: [I19463] Product download size 2453408 bytes
2017-05-21 04:32:19.232 Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-05-21 04:32:19.232 Update progress: [I19463] Product download size 1784068 bytes
2017-05-21 04:32:20.107 Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-05-21 04:32:20.107 Update progress: [I19463] Product download size 1436450 bytes
2017-05-21 04:32:20.560 Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-05-21 04:32:25.579 Installing updates...
2017-05-21 04:32:26.204 Error level 1
2017-05-21 04:32:46.182 Update successful
2017-05-21 04:32:57.589 Option all = no
2017-05-21 04:32:57.589 Option recurse = yes
2017-05-21 04:32:57.589 Option archive = no
2017-05-21 04:32:57.589 Option service = yes
2017-05-21 04:32:57.589 Option confirm = yes
2017-05-21 04:32:57.589 Option sxl = yes
2017-05-21 04:32:57.589 Option max-data-age = 35
2017-05-21 04:32:57.589 Option vdl-logging = yes
2017-05-21 04:32:57.589 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-05-21 04:32:57.589 Machine ID: 511960d443ee4586a3421a0ae9ab2441
2017-05-21 04:32:57.589 Component SVRTcli.exe version 2.5.6
2017-05-21 04:32:57.589 Component control.dll version 2.5.6
2017-05-21 04:32:57.589 Component SVRTservice.exe version 2.5.6
2017-05-21 04:32:57.589 Component engine\osdp.dll version 1.44.1.2281
2017-05-21 04:32:57.589 Component engine\veex.dll version 3.68.1.2281
2017-05-21 04:32:57.589 Component engine\savi.dll version 9.0.7.2281
2017-05-21 04:32:57.589 Component rkdisk.dll version 1.5.31.1
2017-05-21 04:32:57.589 Version info: Product version 2.5.6
2017-05-21 04:32:57.589 Version info: Detection engine 3.68.1
2017-05-21 04:32:57.589 Version info: Detection data 5.38
2017-05-21 04:32:57.589 Version info: Build date 04/04/2017
2017-05-21 04:32:57.589 Version info: Data files added 371
2017-05-21 04:32:57.589 Version info: Last successful update 21/05/2017 05:32:46

2017-05-21 07:36:28.761 Could not open C:\hiberfil.sys
2017-05-21 07:36:30.668 Could not open C:\pagefile.sys
2017-05-21 08:17:23.529 Could not open C:\swapfile.sys
2017-05-21 08:17:26.827 Could not open C:\System Volume Information\{2858f1fe-3c53-11e7-82f4-7824afb1deb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-05-21 08:17:26.827 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-05-21 08:17:26.827 Could not open C:\System Volume Information\{48f4ada8-3dc4-11e7-82f5-7824afb1deb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-05-21 08:17:26.827 Could not open C:\System Volume Information\{c3be35f7-38fe-11e7-82ed-7824afb1deb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-05-21 08:18:45.598 Could not open C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Profile 1\Current Session
2017-05-21 08:18:45.629 Could not open C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Profile 1\Current Tabs
2017-05-21 08:33:32.337 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-05-21 08:33:39.823 Could not open C:\Windows\System32\config\BBI
2017-05-21 08:33:40.573 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-05-21 08:33:40.620 Could not open C:\Windows\System32\config\RegBack\SAM
2017-05-21 08:33:40.635 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-05-21 08:33:40.682 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-05-21 08:33:40.713 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-05-21 09:00:38.582 >>> Virus 'Mal/Swizzor-D' found in file D:\Governor of Poker\GovernorofPoker.exe
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RA3.exe
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generals.exe
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CNC3EP1.exe
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CNC3.exe
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RA3.exe
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generals.exe
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CNC3EP1.exe
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CNC3.exe
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-05-21 09:00:38.597 >>> Virus 'Mal/Swizzor-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-05-21 09:02:26.055 Could not open LOGICAL:0004:00000000
2017-05-21 09:02:26.055 Could not open E:\
2017-05-21 09:02:26.055 Could not open LOGICAL:0005:00000000
2017-05-21 09:02:26.055 Could not open F:\
2017-05-21 09:02:26.055 Could not open LOGICAL:0008:00000000
2017-05-21 09:02:26.055 Could not open I:\
2017-05-21 09:02:27.058 Could not open PHYSICAL:0081:0000:0000:0001
2017-05-21 09:02:27.996 The following items will be cleaned up:
2017-05-21 09:02:27.996 Mal/Swizzor-D
 
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
My computer is doing a lot better. Thank you. There were still some sites poping up every time I clicked here to respond. Sites like Reimage Repair it is about windows 10 PC repair, is that normal? Maybe advertising for this site?
 
What browser?
Did you try to use different browser to see if same thing happens?
Do you use any adblocker like Adblock Plus?
 
You must log in or register to reply here.

Similar threads

bruno167573
What should i do?
Replies
3
Views
98
bruno167573
bruno167573
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
466
eriksnyman1
E
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
122
James Ryan
J

Latest posts

Back