#1  
Old 03-10-2017, 09:22 AM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
ByteFence Anti-Malware

I let the grandkids use my laptop to 'play games'...apparently, one of them thought he would be smart and try to download a game; consequently, when I got the computer this morning, I found this ByteFence Anti-Malware junk, and can't seem to get rid of it...I am sending the report from my MBAM, also ran DDS and will copy/paste the two logs from that. After the scans, I had MBAM remove what it found, rebooted, and found the culprit still sitting there. Not sure what to do next, so I am depending on help from here, as it has ALWAYS worked before.

EDIT: This little skunk doesn't show in Add/Remove programs, nor does it show in CCleaner Uninstall list, and it doesn't show in my 'Your Uninstaller"...I had to turn off like 3 or 4 entries running in Task Manager for this, also.


Windows 10 64-bit; MBAM; Spybot; CCleaner
Attached Files
File Type: txt mbam.txt (1.1 KB, 12 views)
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #2  
Old 03-10-2017, 09:29 AM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
DDS log part 1:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Bill at 8:48:45 on 2017-03-10
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.7628.5366 [GMT -6:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Updated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Antivirus *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\SysWOW64\tbaseprovisioning.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\Hpservice.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\Speech_OneCore\Common\SpeechRu ntime.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Users\Bill\AppData\Local\Microsoft\OneDrive\One Drive.exe
C:\Program Files (x86)\AVG\Antivirus\avgui.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersServer.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.ex e
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214. 10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uLocal Page = %11%\blank.htm
mStart Page = www.google.com
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll
uRun: [OneDrive] "C:\Users\Bill\AppData\Local\Microsoft\OneDrive\On eDrive.exe" /background
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
mRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
mRun: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
mRun: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 65.38.1.2 65.38.1.4
TCP: Interfaces\{3e6abf4e-dbbe-4353-aee2-0f680375cf16} : DHCPNameServer = 65.38.1.2 65.38.1.4
TCP: Interfaces\{943f56a5-8dcb-4b83-8919-0f443b0ca8fc} : DHCPNameServer = 65.38.1.2 65.38.1.4
TCP: Interfaces\{943f56a5-8dcb-4b83-8919-0f443b0ca8fc}\144545933363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{ae97166a-97bc-4490-b829-1494f619b010} : DHCPNameServer = 65.38.1.2 65.38.1.4
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = www.google.com
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [StartCN] "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
x64-Run: [DeliveryAndStatusCheck] C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs
x64-Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\cdvl86oa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - true
FF - plugin: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll
FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1227197 .dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_ 221.dll
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #3  
Old 03-10-2017, 09:30 AM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
DDS log part 2:

============= SERVICES / DRIVERS ===============
.
R0 amdpsp;AMD PSP Service;C:\WINDOWS\System32\drivers\amdpsp.sys [2017-1-17 260520]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.s ys [2016-11-20 48992]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\dr ivers\MBAMSwissArmy.sys [2017-1-23 250816]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrust edRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrusted RTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-11-20 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-20 227328]
R1 avgbdisk;avgbdisk;C:\WINDOWS\System32\drivers\avgb diska.sys [2017-1-23 165624]
R1 avgSnx;avgSnx;C:\WINDOWS\System32\drivers\avgsnx.s ys [2017-1-23 992488]
R1 avgSP;avgSP;C:\WINDOWS\System32\drivers\avgSP.sys [2017-1-23 555152]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-1-23 77416]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\fi lecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sy s [2016-7-16 8192]
R2 AdaptiveSleepService;AdaptiveSleepService;C:\Progr am Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2016-8-9 138752]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2017-1-17 278544]
R2 AVG Antivirus;AVG Antivirus;C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [2017-1-23 260080]
R2 avgMonFlt;avgMonFlt;C:\WINDOWS\System32\drivers\av gMonFlt.sys [2017-1-23 127072]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2017-2-27 1257384]
R2 CDPUserSvc_39d79;CDPUserSvc_39d79;C:\WINDOWS\Syste m32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sy s [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\Sy stem32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2015-6-29 54448]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-11 31776]
R2 OneSyncSvc_39d79;Sync Host_39d79;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2017-1-17 314624]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2017-2-2 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2017-2-2 4088608]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2017-2-2 235984]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2017-1-17 258152]
R2 tbaseprovisioning;tbaseprovisioning;C:\Windows\Sys WOW64\tbaseprovisioning.exe [2017-1-17 51224]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-20 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.s ys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AmdAS4;AmdAS4 service;C:\WINDOWS\System32\drivers\AmdAS4.sys [2017-1-17 27384]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2017-1-17 118848]
R3 clwvd6;@oem14.inf,%clwvd.DeviceDesc% Service;CyberLink WebCam Virtual Driver 6.0 Service;C:\WINDOWS\System32\drivers\clwvd6.sys [2016-8-27 41400]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-1-23 4317648]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtual Bus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_39d79;Contact Data_39d79;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2016-8-27 301784]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-8-27 886528]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\drivers\rtwlane.sys [2017-2-1 6294016]
R3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driv er_AMDASF.sys [2017-1-11 60008]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 UnistoreSvc_39d79;User Data Storage_39d79;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_39d79;User Data Access_39d79;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-11-20 719360]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
R3 WirelessButtonDriver64;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButton Driver64.sys [2015-8-12 30544]
S2 ByteFenceService;ByteFence Anti-Malware Service;C:\Program Files\ByteFence\ByteFenceService.exe [2017-1-18 146912]
S2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 rtop;ByteFence Security Real-time Protection;C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [2017-3-10 304456]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80x x.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 amdkmcsp;AMD Kernel Mode CSP Service;C:\WINDOWS\System32\drivers\amdkmcsp.sys [2017-1-17 109488]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.s ys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 avgHwid;avgHwid;C:\WINDOWS\System32\drivers\avgHwi d.sys [2017-1-23 39288]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverte r.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-20 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\ch t4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\ System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHu b.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\ svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrup t.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sy s [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\ls i_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\ls i_sas3i.sys [2016-7-16 101216]
S3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\ farflt.sys [2017-1-23 102856]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\Me gaSas2i.sys [2016-11-20 64352]
S3 MessagingService_39d79;MessagingService_39d79;C:\W INDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sy s [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.s ys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.s ys [2017-2-1 114688]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\pe rcsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\pe rcsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.s ys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2016-8-27 402136]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-11-20 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_dr iver_Intel.sys [2015-7-13 33960]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-20 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineServic e.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.s ys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea .sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys .sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\sv chost.exe -k appmodel [2016-7-16 44496]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_39d79;Windows Push Notifications User Service_39d79;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-2-1 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-11-20 43520]
S4 amdacpusrsvc;ACP User Service;C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [2016-8-9 121856]
S4 GamesAppIntegrationService;GamesAppIntegrationServ ice;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2016-11-22 350064]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2016-11-22 210288]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2015-2-17 608520]
S4 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2016-8-27 389896]
S4 SecureLine;Avast SecureLine;C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe [2017-1-11 592392]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #4  
Old 03-10-2017, 09:31 AM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
DDS log part 3:

=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-03-10 13:50:12 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1251CE1-4D9B-4526-A2AD-93099A44AFAF}\gapaengine.dll
2017-03-10 13:49:25 12654400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DAAEA988-9785-49B3-BBAC-DC554C8669AD}\mpengine.dll
2017-03-10 13:44:22 -------- d--h--w- C:\OneDriveTemp
2017-03-10 11:17:04 -------- d-----w- C:\Users\Bill\.frostwire5
2017-03-10 11:17:03 -------- d-----w- C:\ProgramData\Oracle
2017-03-10 11:16:47 -------- d-----w- C:\Program Files\ByteFence
2017-03-09 23:54:54 12654400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-03-09 23:43:08 -------- d-----w- C:\Program Files (x86)\Wolfenstein - Enemy Territory
2017-03-09 23:41:11 -------- d-----w- C:\Program Files (x86)\MyRealGames.com
2017-03-09 23:34:43 -------- d-----w- C:\Users\Bill\AppData\Local\JamesSoftware
2017-03-09 23:33:19 -------- d-----w- C:\Program Files (x86)\MyPlayCity.com
2017-03-09 22:45:59 -------- d-----w- C:\Users\Bill\AppData\Roaming\Full Control
2017-03-09 22:38:28 -------- d-----w- C:\Users\Bill\AppData\Roaming\Invention
2017-03-09 22:32:57 -------- d-----w- C:\Program Files (x86)\GameTop.com
2017-03-08 22:48:48 -------- d-----w- C:\Users\Bill\AppData\Local\ESET
2017-03-08 20:13:52 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C5BE606-C11D-473B-9829-7E3987389AC3}\gapaengine.dll
2017-03-02 10:49:21 -------- d-----w- C:\Program Files (x86)\Constellation Distantia
2017-03-01 20:30:55 -------- d-----w- C:\Program Files (x86)\WinAVI
2017-02-28 06:23:23 -------- d-----w- C:\Users\Bill\AppData\Roaming\Frontier Developments
2017-02-28 06:23:23 -------- d-----w- C:\Users\Bill\AppData\Local\Frontier Developments
2017-02-24 11:38:27 -------- d-----w- C:\Users\Bill\AppData\Roaming\Whitetail Challenge
2017-02-24 11:38:27 -------- d-----w- C:\Users\Bill\AppData\Local\Whitetail Challenge
2017-02-10 00:48:37 -------- d-----w- C:\ProgramData\Freemake
2017-02-10 00:48:29 -------- d-----w- C:\Program Files (x86)\Freemake
2017-02-09 21:30:15 -------- d-----w- C:\Users\Bill\AppData\Roaming\uTorrent
2017-02-09 20:46:29 -------- d-----w- C:\ProgramData\Steam
2017-02-09 01:15:12 -------- d-----w- C:\Users\Bill\AppData\Roaming\quickclick
2017-02-08 20:25:23 3051520 ------w- C:\WINDOWS\UNNeroVision.exe
2017-02-08 18:21:58 -------- d-----w- C:\Users\Bill\AppData\Local\Macromedia
2017-02-08 18:19:24 -------- d-----w- C:\Users\Bill\AppData\Local\Adobe
.
==================== Find3M ====================
.
2017-03-10 14:07:51 250816 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-03-10 13:42:59 65536 ----a-w- C:\WINDOWS\psp_storage.bin
2017-02-06 19:48:07 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-02-06 19:48:07 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-02-05 20:15:11 43968 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-02-05 19:55:52 176064 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-02-05 19:55:48 102856 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-02-01 18:08:33 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2017-02-01 06:38:42 6294016 ----a-w- C:\WINDOWS\System32\drivers\rtwlane.sys
2017-02-01 06:38:42 1164800 ----a-w- C:\WINDOWS\System32\Rtlihvs.dll
2017-01-31 14:59:42 12317 ----a-w- C:\WINDOWS\System32\drivers\rtkhdasetting.zip
2017-01-25 20:51:43 91584 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-01-23 15:47:58 992488 ----a-w- C:\WINDOWS\System32\drivers\avgsnx.sys
2017-01-23 15:47:40 555152 ----a-w- C:\WINDOWS\System32\drivers\avgSP.sys
2017-01-23 15:47:40 311472 ----a-w- C:\WINDOWS\System32\drivers\avgVmm.sys
2017-01-23 15:47:39 75664 ----a-w- C:\WINDOWS\System32\drivers\avgRvrt.sys
2017-01-23 15:47:39 397800 ----a-w- C:\WINDOWS\System32\avgBoot.exe
2017-01-23 15:47:39 39288 ----a-w- C:\WINDOWS\System32\drivers\avgHwid.sys
2017-01-23 15:47:39 127072 ----a-w- C:\WINDOWS\System32\drivers\avgMonFlt.sys
2017-01-23 15:46:59 165624 ----a-w- C:\WINDOWS\System32\drivers\avgbdiska.sys
2017-01-17 20:05:45 902248 ----a-w- C:\WINDOWS\System32\drivers\SynTP.sys
2017-01-17 20:05:45 57448 ----a-w- C:\WINDOWS\System32\drivers\SynRMIHID_Aux.sys
2017-01-17 20:05:45 329832 ----a-w- C:\WINDOWS\System32\SynTPCo54.dll
2017-01-17 20:05:45 278632 ----a-w- C:\WINDOWS\System32\SynTPAPI.dll
2017-01-17 20:05:45 1795952 ----a-w- C:\WINDOWS\System32\WdfCoInstaller01011.dll
2017-01-17 20:05:44 803944 ----a-w- C:\WINDOWS\System32\SynCOM.dll
2017-01-17 20:05:44 428648 ----a-w- C:\WINDOWS\SysWow64\SynCom.dll
2017-01-17 20:05:43 64104 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_Intel_Aux.s ys
2017-01-17 20:05:43 60008 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_AMDASF_Aux. sys
2017-01-17 20:05:43 60008 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
2017-01-17 19:45:10 27384 ----a-w- C:\WINDOWS\System32\drivers\AmdAS4.sys
2016-12-21 08:08:31 245600 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2016-12-21 08:08:17 136032 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2016-12-21 08:04:10 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-21 07:49:39 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationDat a.dll
2016-12-21 07:46:39 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-21 07:43:56 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-12-21 07:43:06 4130440 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-12-21 07:43:01 1454504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-12-21 07:43:00 1071736 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-12-21 07:42:59 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-21 07:42:55 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2016-12-21 07:42:54 1300600 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2016-12-21 07:42:27 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-21 07:41:56 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-12-21 07:37:23 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-21 07:15:01 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-21 07:14:11 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-12-21 07:13:54 119808 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll
2016-12-21 07:12:14 83968 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2016-12-21 07:10:22 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2016-12-21 07:10:09 234496 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2016-12-21 07:09:56 363520 ----a-w- C:\WINDOWS\System32\Windows.UI.BioFeedback.dll
2016-12-21 07:09:13 368640 ----a-w- C:\WINDOWS\System32\OneBackupHandler.dll
2016-12-21 07:08:35 211968 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-12-21 07:08:33 261632 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2016-12-21 07:08:27 360448 ----a-w- C:\WINDOWS\System32\rdpencom.dll
2016-12-21 07:08:23 289792 ----a-w- C:\WINDOWS\System32\DeveloperOptionsSettingsHandle rs.dll
2016-12-21 07:08:14 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2016-12-21 07:08:06 349184 ----a-w- C:\WINDOWS\System32\provengine.dll
2016-12-21 07:08:04 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2016-12-21 07:08:03 1292288 ----a-w- C:\WINDOWS\System32\MSVPXENC.dll
2016-12-21 07:07:10 748544 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2016-12-21 07:06:49 260608 ----a-w- C:\WINDOWS\System32\InstallAgentUserBroker.exe
2016-12-21 07:06:49 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-12-21 07:06:26 310784 ----a-w- C:\WINDOWS\System32\SyncSettings.dll
2016-12-21 07:06:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-21 07:05:21 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-21 07:05:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-21 07:05:01 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-21 07:01:42 9131008 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-12-21 07:00:29 440320 ----a-w- C:\WINDOWS\System32\fhcfg.dll
2016-12-21 06:59:50 883712 ----a-w- C:\WINDOWS\System32\samsrv.dll
2016-12-21 06:59:31 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-12-21 06:57:48 462336 ----a-w- C:\WINDOWS\System32\fhsettingsprovider.dll
2016-12-21 06:56:56 936960 ----a-w- C:\WINDOWS\System32\MCRecvSrc.dll
2016-12-21 06:56:14 947712 ----a-w- C:\WINDOWS\System32\MSVP9DEC.dll
2016-12-21 06:55:16 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-21 06:55:09 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-21 06:54:14 5511680 ----a-w- C:\WINDOWS\System32\aclui.dll
2016-12-21 06:53:19 6664192 ----a-w- C:\WINDOWS\System32\mspaint.exe
2016-12-21 06:53:13 4474368 ----a-w- C:\WINDOWS\System32\D3DCompiler_47.dll
2016-12-21 06:53:10 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.oneco re.dll
2016-12-21 06:51:56 5611008 ----a-w- C:\WINDOWS\System32\d2d1.dll
2016-12-21 06:51:53 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-21 06:51:41 8075776 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-12-21 06:50:57 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-21 06:49:55 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-21 06:49:43 1062912 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
2016-12-21 06:49:25 4149248 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-12-21 06:47:47 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-21 05:59:21 218976 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2016-12-21 05:09:45 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationDat a.dll
2016-12-21 05:02:16 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-21 05:02:12 3892864 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-12-21 05:02:09 1277344 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-12-21 05:02:02 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-12-21 05:02:01 980832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-12-21 05:02:00 1201872 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2016-12-21 04:46:55 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
.
============= FINISH: 8:49:57.82 ===============
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #5  
Old 03-10-2017, 09:32 AM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
attach.txt log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2017 9:28:27 AM
System Uptime: 3/10/2017 7:43:10 AM (1 hours ago)
.
Motherboard: HP | | 80B0
Processor: AMD A10-8700P Radeon R6, 10 Compute Cores 4C+6G | P0 | 1800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 836.425 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.158 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP8: 2/22/2017 7:14:57 PM - Windows Update
RP10: 2/24/2017 5:41:10 AM - Before uninstalling Whitetail Challenge version 1.0
RP13: 3/3/2017 12:56:23 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
12 Labours of Hercules III: Girl Power
ACP Application
Adobe Flash Player 24 NPAPI
Adobe Shockwave Player 12.2
AMD Install Manager
AMD Radeon Settings
AMD Settings
AMD Settings - Branding
AMD Start Now
Ashampoo Burning Studio 18
AVG
AVG Protection
Azkend 2: The World Beneath
Barn Yarn Collector's Edition
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
Catalyst Control Center Next Localization BR
Catalyst Control Center Next Localization CHS
Catalyst Control Center Next Localization CHT
Catalyst Control Center Next Localization CS
Catalyst Control Center Next Localization DA
Catalyst Control Center Next Localization DE
Catalyst Control Center Next Localization EL
Catalyst Control Center Next Localization ES
Catalyst Control Center Next Localization FI
Catalyst Control Center Next Localization FR
Catalyst Control Center Next Localization HU
Catalyst Control Center Next Localization IT
Catalyst Control Center Next Localization JA
Catalyst Control Center Next Localization KO
Catalyst Control Center Next Localization NL
Catalyst Control Center Next Localization NO
Catalyst Control Center Next Localization PL
Catalyst Control Center Next Localization RU
Catalyst Control Center Next Localization SV
Catalyst Control Center Next Localization TH
Catalyst Control Center Next Localization TR
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coyote The Outlander
CyberLink PhotoDirector
CyberLink Power Media Player 14
CyberLink PowerDirector 12
CyberLink YouCam
Delicious: Emily's Wonder Wedding Premium Edition
DisableMSDefender
Energy Star
Entwined: The Perfect Murder
Family Vacation 2: Road Trip
ffdshow [rev 2975] [2009-05-28]
FMW 1
Home Makeover
HP 3D DriveGuard
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP ePrint SW
HP PC Hardware Diagnostics UEFI
HP Recovery Manager
HP Registration Service
HP Support Assistant
HP Support Solutions Framework
HP System Event Utility
HP Welcome
HP Wireless Button Driver
IGT Slots: Paradise Garden
Imperial Island: Birth of an Empire
Invention
Jewel Match Snowscapes
Living Legends: Frozen Beauty Collector's Edition
Lost Lands: Dark Overlord Collector's Edition
Lost Souls: Timeless Fables Collector's Edition
Magic Heroes: Save Our Park
Malwarebytes version 3.0.5.1299
Manor Memoirs Collector's Edition
Microsoft Office
Microsoft OneDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Works
Mozilla Firefox 51.0.1 (x86 en-US)
Mozilla Maintenance Service
Mystery Expedition: Prisoners of Ice
Nero Digital
OEM Application Profile
Plagiarii
Polar Bowler 1st Frame
PowerISO
QuickTime Alternative 2.8.0
Real Alternative 1.8.4 Lite
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Runefall
Rush Hour! Gas Station
Sky High Farm
Sonne DVD Burner 4.3.0.2152
Spybot - Search & Destroy
swMSM
Synaptics ClickPad Driver
Unlocker 1.9.2
Update Installer for WildTangent Games App
VideoPad Video Editor
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player
Vulkan Run Time Libraries 1.0.17.0
WildTangent Games
WildTangent Games App for HP
WinAVI Video Converter
Windows 10 Upgrade Assistant
WinPcap 4.1.2
WinRAR 5.40 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
3/9/2017 9:53:38 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user UNDERCOVER1\Bill SID (S-1-5-21-2684982257-2408754284-3170506343-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neut ral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
3/9/2017 9:06:24 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/8/2017 4:53:02 PM, Error: Service Control Manager [7000] - The eapihdrv service failed to start due to the following error: This driver has been blocked from loading
3/8/2017 4:53:02 PM, Error: Application Popup [1060] -
3/7/2017 2:04:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user UNDERCOVER1\Bill SID (S-1-5-21-2684982257-2408754284-3170506343-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.15.2140.0 _x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.
3/7/2017 12:55:42 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user UNDERCOVER1\Bill SID (S-1-5-21-2684982257-2408754284-3170506343-1001) from address LocalHost (Using LRPC) running in the application container 7333BvG.MahjongSolitaireFree_1.9.1.0_neutral__y1s2 7y3vcjf5c SID (S-1-15-2-2393135667-4117050449-2870407600-500663000-3714586515-770327738-2782887520). This security permission can be modified using the Component Services administrative tool.
3/6/2017 5:29:08 AM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: CDPUserSvc_40356 Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
3/6/2017 2:13:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_40356 service.
3/10/2017 7:46:14 AM, Error: Service Control Manager [7023] - The Connected Devices Platform Service service terminated with the following error: Unspecified error
3/10/2017 7:44:14 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
3/10/2017 7:43:43 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/10/2017 7:42:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #6  
Old 03-10-2017, 11:47 AM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,933
First of all, we do not open attached logs so you must copy/paste the Malwarebytes' log.

The program ByteFence IS a legitimate program, not a very good one, but it is legitimate. The main complaints about it are it is bundled with other downloads and it is difficult to remove.

One good reason on your machine that it is difficult to remove is you are running entirely too many protection programs at one time, therefore hindering the ability to do any normal removals. Those are likely being blocked by one of these programs:
AVG, Windows Defender, SpyBot are ALL running all the time. Even though the log says AVG is disabled but it also shows that it is Up To Date, it very clearly is not because it would not be up to date if it was turned off and it shows in active running files, as does Windows Defender and SpyBot. Malwarebytes' also shows as running all the time too.

My advice is Uninstall SpyBot, it causes more problems with other security programs than it does to protect.
Choose ONE anti-virus program, either AVG or Windows Defender. If you want to use Windows Defender then Uninstall AVG. If you want to use AVG then TURN OFF Windows Defender.

You say that after running MalwareBytes and it said it removed ByteFence it was still there after you rebooted.
If it doesn't show in Uninstall a Program or in CCleaner then how did you know it was there?

Did you look in Start, All Programs to see if there is a ByteFence folder?
Try this:
Start, Settings, System Tile, Apps & features, see if Bytefence Anti-Malware or Bytefence Module is listed. If so then click on it and there should be an Uninstall option.
Try that but do copy/paste the Malwarebytes' log.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #7  
Old 03-10-2017, 12:33 PM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
I am so sorry about the MBAM log, I should have known to copy/paste it like the other logs....
Uninstalled Spybot and AVG, Windows Defender now in use...the MBAM scan only found one item and shows it was to be deleted upon reboot, which I did after the scan. The ByteFence icon is still in my Start menu, had to again close the app from the icon in the hidden icons section of the task bar, had to close 3 running entries in the task manager.

EDIT: " Start, Settings, System Tile, Apps & features, see if Bytefence Anti-Malware or Bytefence Module is listed. If so then click on it and there should be an Uninstall option" ... did not show there...

Anyhow, here is the MBAM logfile:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/10/17
Scan Time: 8:51 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1468
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: UNDERCOVER1\Bill

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341310
Time Elapsed: 11 min, 8 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Agent.E.Generic, C:\WINDOWS\HOSTS, Delete-on-Reboot, [1337], [353524],1.0.1468

Physical Sector: 0
(No malicious items detected)


(end)
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #8  
Old 03-10-2017, 02:32 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,933
Your version of Malwarebytes is out of date. The most current version is 3.0.6.1469-1075 with a component package of 1.0.75.
Have you updated the program recently? It should have been brought fully up to date before running the scan.

You need to uninstall Malwarebytes using Windows 10 Programs and Features. Do NOT use CCleaner or any other 3rd party removal tool.

Then download this MB-Clean tool and run it also to be sure that all of Malwarebytes' has been removed.

https://downloads.malwarebytes.com/file/mb_clean

To run the cleanup tool follow these instructions directly from Malwarebytes'
Close all open applications
Double-click mb-clean.exe to run it
A prompt to confirm the cleanup will appear, select “Yes” or “No”

Yes - will proceed with the cleanup process
No - will exit the utility

Utility will launch a Command Prompt window which will disappear once the the cleanup process completes.
Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot
Upon reboot, your machine will be free of the supported products mentioned above and ready for re-installation of Malwarebytes

When the uninstall is complete then install this new version using this link which will give you the .exe file itself.

Install the new version and run a brand new threat scan with it. Have it remove everything found, reboot the computer and then come back and copy/paste the new scan log.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #9  
Old 03-10-2017, 02:57 PM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
Everything done exactly as directed...problem when I downloaded the link for new install...during install process, window popped up halfway through install saying: " C:\WINDOWS\system\drivers\mbae64.sys "
An error occurred while trying to preplace the existing file: Access is denied.
Click Retry to try again, Ignore to skip this file (not recommended), or Abort to cancel installation.

I clicked Abort, until I hear further
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #10  
Old 03-10-2017, 04:18 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,933
Try this install link instead

https://www.malwarebytes.com/

Question: Based on the log, I see that this computer is either brand new or the install of Windows 10 is either an upgrade or reinstall
Quote:
Install Date: 1/31/2017
Which is it? If it is a reinstall my next question is Why?

If it is an upgrade what operating system was originally on the computer.

There are two other items in the logs that cause me concern;
Quote:
C:\Users\Bill\.frostwire5 - accessed Today
and
C:\Users\Bill\AppData\Roaming\uTorrent - accessed Feb. 9, 2017
Both of those are P2P programs, the easiest way to infect a computer AND programs that we will not work with and not allow.

They don't show on the Installed programs list but they DO show in the logs meaning these Are or were installed in the last 30 days because both were run on the computer in the last 30 days.
Why?

Also I just noticed that Unlocker 1.9.2 is listed in the installed programs list, get rid of it. Has not been recommended since 2013. At that time it was found to have contained malware. Now days the only place it can be found are questionable web sites.
Uninstall it immediately
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #11  
Old 03-10-2017, 04:44 PM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
the new link gave the exact same results as the last time...as for the computer, it is a new one, windows 10 was installed when purchased. As for the 'questionable' entries found in the log, I called the grandson who thinks he is a computer geek and was informed he downloaded and installed the Frostwire 5 and the uTorrent to try and get a game he wanted....that little problem will be handled the next time he visits and asks to use the computer (he said he thought he had uninstalled all of the junk before he returned the laptop to me this morning). Unlocker is uninstalled as well...I have used it for a few years and have had no problems as a result, but it is gone now - for good. The problem I am having now is still the unwanted program, and now no clean reinstall of MBAM
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #12  
Old 03-10-2017, 05:23 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,933
Quote:
Originally Posted by badatti2d View Post
the new link gave the exact same results as the last time...as for the computer, it is a new one, windows 10 was installed when purchased. As for the 'questionable' entries found in the log, I called the grandson who thinks he is a computer geek and was informed he downloaded and installed the Frostwire 5 and the uTorrent to try and get a game he wanted....that little problem will be handled the next time he visits and asks to use the computer (he said he thought he had uninstalled all of the junk before he returned the laptop to me this morning). Unlocker is uninstalled as well...I have used it for a few years and have had no problems as a result, but it is gone now - for good. The problem I am having now is still the unwanted program, and now no clean reinstall of MBAM
I "kind of" had a feeling the two P2P programs may have come from your grandson but didn't want to suggest something that is none of my business.
It is sad that nasty stuff has been put on a brand new computer. I wouldn't want it on any computer of course but its only 38 days old! Really a kick in the pants.
Now for the Malwarebytes' problem. Now this is of course the newest version, 3.0...etc Many people have had problems with this version 3 + and enough people have had a problem that they have linked again the last version 2.2.1
So see if you can that one installed, the link below will give you the executable file:

https://downloads.malwarebytes.com/file/mbam_2x
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #13  
Old 03-10-2017, 05:31 PM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
This install worked on the MBAM!! Scan running now, will fix what it finds, reboot, then copy/paste log when done, prolly a couple hours from now
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #14  
Old 03-10-2017, 05:46 PM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
Wow...scan finished a lot quicker than I thought. Found one item, quarantined and deleted it...rebooted, and here is the MBAM log: (the unwanted program is still in start menu and showing as running processes (3) in task manager, so apparently the item removed by MBAM was not the one I wanted it to be....rats!!)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/10/2017
Scan Time: 5:29 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.10.07
Rootkit Database: v2017.03.10.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Bill

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292590
Time Elapsed: 10 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent.E.Generic, C:\Windows\hosts, Quarantined, [124d7e4a297f1125f4012778e51b629e],

Physical Sectors: 0
(No malicious items detected)


(end)
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #15  
Old 03-10-2017, 06:01 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,933
Ok, that is the same one found by the previous scan. Can you open CCleaner, click on Tools, Start Ups and then in the lower right corner choose Save to Text File.
Then copy/paste that file here.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #16  
Old 03-10-2017, 06:10 PM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
Here it is:

Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Bill\AppData\Local\Microsoft\OneDrive\On eDrive.exe" /background
Yes HKLM:Run AccelerometerSysTrayApplet Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
Yes HKLM:Run DeliveryAndStatusCheck HP C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
No HKLM:Run PowerDVD14Agent CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
No HKLM:Run PWRISOVM.EXE Power Software Ltd C:\Program Files\PowerISO\PWRISOVM.EXE -startup
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run StartCN Advanced Micro Devices, Inc. "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
Yes HKLM:Run WindowsDefender "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #17  
Old 03-10-2017, 06:13 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,933
Quote:
Originally Posted by badatti2d View Post
Here it is:

Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Bill\AppData\Local\Microsoft\OneDrive\On eDrive.exe" /background
Yes HKLM:Run AccelerometerSysTrayApplet Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
Yes HKLM:Run DeliveryAndStatusCheck HP C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
No HKLM:Run PowerDVD14Agent CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
No HKLM:Run PWRISOVM.EXE Power Software Ltd C:\Program Files\PowerISO\PWRISOVM.EXE -startup
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run StartCN Advanced Micro Devices, Inc. "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
Yes HKLM:Run WindowsDefender "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Well, nothing unusual listed there. Can you give me a print screen of the Startup folder or wherever it is that shows the unwanted program?
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #18  
Old 03-10-2017, 06:24 PM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
earlier today, while trying to figure this out, I went to the support page for the little program, and sent an email telling them what I thought about a program that claims to be legitimate, yet installs surreptitiously and takes so much effort to get rid of, even to the point that it is hidden from the add/remove programs list...then asked how to get rid of it....their response was pretty quick by email, and really made me feel a little dumb...they told me the full path to find the folder on my C-drive; I went there, found the uninstall.exe for it, ran the uninstall and it is now gone...from my start menu, from my task manager, everywhere it is gone. I should have thought to try that much sooner than this but I never thought of it before I got the email. I honestly think it got installed from something on the junk the kid installed, so it should NEVER have the opportunity to occur again.

I want to thank you for your time, effort and energy while trying to help me solve a problem I should have solved on my own in the first place. I am sorry to have taken you from time you could have spent helping someone else.
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
  #19  
Old 03-10-2017, 06:27 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,933
Quote:
Originally Posted by badatti2d View Post
earlier today, while trying to figure this out, I went to the support page for the little program, and sent an email telling them what I thought about a program that claims to be legitimate, yet installs surreptitiously and takes so much effort to get rid of, even to the point that it is hidden from the add/remove programs list...then asked how to get rid of it....their response was pretty quick by email, and really made me feel a little dumb...they told me the full path to find the folder on my C-drive; I went there, found the uninstall.exe for it, ran the uninstall and it is now gone...from my start menu, from my task manager, everywhere it is gone. I should have thought to try that much sooner than this but I never thought of it before I got the email. I honestly think it got installed from something on the junk the kid installed, so it should NEVER have the opportunity to occur again.

I want to thank you for your time, effort and energy while trying to help me solve a problem I should have solved on my own in the first place. I am sorry to have taken you from time you could have spent helping someone else.
Very glad you got it removed. You do need to update Malwarebytes' and run another scan, just in case the findings by Malwarebytes' have truly been that program. If they were then nothing will be found, if they were not and the listing is found again then you still do have infection on the computer.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #20  
Old 03-10-2017, 06:45 PM
badatti2d's Avatar
badatti2d badatti2d is offline
Senior Member
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 405
Updated and ran another scan....all clear! Here is the log.....thank you so much for the patient help.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/10/2017
Scan Time: 6:33 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.10.07
Rootkit Database: v2017.03.10.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Bill

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292366
Time Elapsed: 9 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
__________________
~~Bill Jr.
https://vimeo.com/badatti2d12600748/videos
https://www.youtube.com/my_videos?o=U

HP Pavilion Notebook; Windows 10 Home x64; Malwarebyte's AntiMalware, Windows Defender, CCleaner
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:32 AM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 2000-2011 WorldStart, Inc