Bitsadmin pops up randomly and immediately disappears.

Page 12 of 13 FirstFirst ... 210111213 LastLast

  1. Posts : 6
    windows
       #111

    Hi i just found this thread!
    i have been noticing this same thing happening to me as well (command prompt window opening for a split second). I first noticed it when i was watching videos. at first i thought it was a flash player glitch. But then i realised i've been getting this bug in Overwatch where my screen goes dark for a split second. i realise it must be some kind of alt-tab bug. i suspect it is caused by the bug mentioned in this thread.

    anyway i have tried powershell and the command does not provide any response after i have entered it. i have used adwcleaner to scan and i have the log file. This folder called Savve Neet in particular caught my attention. but googling it turns up nothing

    any help would be greatly appreciated! I would like to solve this bug ASAP

    LOG FILE:


    Code:
    # AdwCleaner v6.047 - Logfile created 31/05/2017 at 00:07:28# Updated on 19/05/2017 by Malwarebytes# Database : 2017-05-30.1 [Server]# Operating System : Windows 10 Home  (X64)# Username : Justin Wong - JUSTIN# Running from : C:\Users\Justin Wong\Desktop\AdwCleaner.exe# Mode: Scan# Support : https://www.malwarebytes.com/support***** [ Services ] *****Service Found:  DsSvc***** [ Folders ] *****Folder Found:  C:\ProgramData\3f4c18ff632c4c8fFolder Found:  C:\ProgramData\Savve neetFolder Found:  C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmplohFolder Found:  C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\legnpghkalhmjgloiigjdcppondlbnbgFolder Found:  C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfigdpabghhgkponmfepnobiajkbahkFolder Found:  C:\Users\Justin Wong\AppData\Local\ConduitFolder Found:  C:\Users\Justin Wong\AppData\Local\NativeMessagingFolder Found:  C:\Users\Justin Wong\AppData\Local\torchFolder Found:  C:\Users\Justin Wong\AppData\LocalLow\Check Point Software Technologies LTDFolder Found:  C:\Users\EverBright\AppData\Local\torchFolder Found:  C:\ProgramData\TXQMPCFolder Found:  C:\ProgramData\TencentFolder Found:  C:\ProgramData\Application Data\TXQMPCFolder Found:  C:\ProgramData\Application Data\TencentFolder Found:  C:\Users\Public\Documents\TencentFolder Found:  C:\Program Files (x86)\Common Files\TencentFolder Found:  C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmiFolder Found:  C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh***** [ Files ] *****File Found:  C:\WINDOWS\SysNative\drivers\TAOKernel64.sysFile Found:  C:\WINDOWS\SysNative\drivers\TFsFltX64.sysFile Found:  C:\WINDOWS\SysWOW64\drivers\TS888x64.sysFile Found:  C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjndloejlcbpkholmagjbddfkjmmploh_0.localstorageFile Found:  C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjndloejlcbpkholmagjbddfkjmmploh_0.localstorage-journal***** [ DLL ] *****No malicious DLLs found.***** [ WMI ] *****No malicious keys found.***** [ Shortcuts ] *****No infected shortcut found.***** [ Scheduled Tasks ] *****No malicious task found.***** [ Registry ] *****Key Found:  HKCU\Software\b5b77ca3bcf909ddf66de9a4120ad15fKey Found:  HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Classes\TencentKey Found:  HKCU\Software\Classes\TencentKey Found:  HKLM\SOFTWARE\Classes\metnsdKey Found:  HKLM\SOFTWARE\Classes\qmgcfilesKey Found:  [x64] HKCU\Software\Classes\TencentKey Found:  [x64] HKLM\SOFTWARE\Classes\metnsdKey Found:  [x64] HKLM\SOFTWARE\Classes\qmgcfilesKey Found:  HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}Key Found:  HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}Key Found:  HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E}Key Found:  HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23}Key Found:  HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F}Key Found:  HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}Key Found:  HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}Key Found:  HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes\{02949653-9EA2-4181-AE64-216BC55F15CD}Data Found:  HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found:  HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0E20C7A0-4122-46E3-BC5C-3C5D8081248D}Key Found:  HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{02949653-9EA2-4181-AE64-216BC55F15CD}Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0E20C7A0-4122-46E3-BC5C-3C5D8081248D}Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{02949653-9EA2-4181-AE64-216BC55F15CD}Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0E20C7A0-4122-46E3-BC5C-3C5D8081248D}Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.comKey Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\xui.ptlogin2.qq.comKey Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.comKey Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\xui.ptlogin2.qq.comValue Found:  HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtect]Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SearchProtectAll]Value Found:  HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]Value Found:  HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [QQ2009]Key Found:  HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXEKey Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSOKey Found:  HKEY_CLASSES_ROOT\.qmgcKey Found:  HKCU\Software\MozillaPlugins\@1.qq.com/npqqwebgameKey Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPhotoDrawExKey Found:  HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckkKey Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckkKey Found:  [x64] HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk***** [ Web browsers ] *****No malicious Firefox based browser items found.Chrome pref Found:  [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bopakagnckmlgajfccecajhnimjiiedhChrome pref Found:  [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - dgpdioedihjhncjafcpgbbjdpbbkikmiChrome pref Found:  [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kdfbddbdpnahdahmamlolacimfdbeckkChrome pref Found:  [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN35895923612272531&UM=2Chrome pref Found:  [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - aol.comChrome pref Found:  [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - ask.com[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: Fix problems with Chrome sync - Android - Google Chrome Help [!]*************************C:\AdwCleaner\AdwCleaner[S0].txt - [8445 Bytes] - [31/05/2017 00:07:28]########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8518 Bytes] ##########
    Last edited by Brink; 30 May 2017 at 20:08. Reason: code box
      My Computer


  2. Posts : 16,325
    W10Prox64
       #112

    @justin123:
    I've fixed your log so that it can be read. Please go ahead and run "CLEAN", but UNCHECK the one I have in RED, as it may be a FP (false positive). If you really do use Tencent IM, you will have to reinstall it when we're finished, but I suspect it is a big part of your problem so I wouldn't recommend it.

    Code:
    # AdwCleaner v6.047 - Logfile created 31/05/2017 at 00:07:28# Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-05-30.1 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : Justin Wong - JUSTIN
    # Running from : C:\Users\Justin Wong\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support
    ***** [ Services ] *****
    Service Found: DsSvc (do not check this one - it could be a FP)
    ***** [ Folders ] *****
    Folder Found: C:\ProgramData\3f4c18ff632c4c8f
    Folder Found: C:\ProgramData\Savve neet
    Folder Found: C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh
    Folder Found: C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\legnpghkalhmjgloiigjdcppondlbnbg
    Folder Found: C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfigdpabghhgkponmfepnobiajkbahk
    Folder Found: C:\Users\Justin Wong\AppData\Local\Conduit
    Folder Found: C:\Users\Justin Wong\AppData\Local\NativeMessaging
    Folder Found: C:\Users\Justin Wong\AppData\Local\torch
    Folder Found: C:\Users\Justin Wong\AppData\LocalLow\Check Point Software Technologies LTD
    Folder Found: C:\Users\EverBright\AppData\Local\torch
    Folder Found: C:\ProgramData\TXQMPC
    Folder Found: C:\ProgramData\Tencent
    Folder Found: C:\ProgramData\Application Data\TXQMPC
    Folder Found: C:\ProgramData\Application Data\Tencent
    Folder Found: C:\Users\Public\Documents\Tencent
    Folder Found: C:\Program Files (x86)\Common Files\Tencent
    Folder Found: C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
    Folder Found: C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh
    ***** [ Files ] *****
    File Found: C:\WINDOWS\SysNative\drivers\TAOKernel64.sys
    File Found: C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
    File Found: C:\WINDOWS\SysWOW64\drivers\TS888x64.sys
    File Found: C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjndloejlcbpkholmagjbddfkjmmploh_0.localstorage
    File Found: C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjndloejlcbpkholmagjbddfkjmmploh_0.localstorage-journal
    ***** [ DLL ] *****
    No malicious DLLs found.
    ***** [ WMI ] *****
    No malicious keys found.
    ***** [ Shortcuts ] *****
    No infected shortcut found.
    ***** [ Scheduled Tasks ] *****
    No malicious task found.
    ***** [ Registry ] *****
    Key Found: HKCU\Software\b5b77ca3bcf909ddf66de9a4120ad15f
    Key Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Classes\Tencent
    Key Found: HKCU\Software\Classes\TencentKey Found: HKLM\SOFTWARE\Classes\metnsd
    Key Found: HKLM\SOFTWARE\Classes\qmgcfilesKey Found: [x64] HKCU\Software\Classes\Tencent
    Key Found: [x64] HKLM\SOFTWARE\Classes\metnsdKey Found: [x64] HKLM\SOFTWARE\Classes\qmgcfiles
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
    Key Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes\{02949653-9EA2-4181-AE64-216BC55F15CD}
    Data Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
    Key Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0E20C7A0-4122-46E3-BC5C-3C5D8081248D}
    Key Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{02949653-9EA2-4181-AE64-216BC55F15CD}
    Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0E20C7A0-4122-46E3-BC5C-3C5D8081248D}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{02949653-9EA2-4181-AE64-216BC55F15CD}
    Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0E20C7A0-4122-46E3-BC5C-3C5D8081248D}
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.comKey Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\xui.ptlogin2.qq.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.comKey Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\xui.ptlogin2.qq.com
    Value Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtect]
    Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SearchProtectAll]
    Value Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]
    Value Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [QQ2009]
    Key Found: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXEKey Found: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
    Key Found: HKEY_CLASSES_ROOT\.qmgcKey Found: HKCU\Software\MozillaPlugins\@1.qq.com/npqqwebgame
    Key Found: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPhotoDrawExKey Found: HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
    Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckkKey Found: [x64] HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bopakagnckmlgajfccecajhnimjiiedh
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - dgpdioedihjhncjafcpgbbjdpbbkikmi
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kdfbddbdpnahdahmamlolacimfdbeckk
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN35895923612272531&UM=2
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - aol.com
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - ask.com[!] 
    
    You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. 
    Please consult this Google help: Fix problems with Chrome sync - Android - Google Chrome Help [!]
    *************************C:\AdwCleaner\AdwCleaner[S0].txt - [8445 Bytes] - [31/05/2017 00:07:28]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8518 Bytes] ##########
    Reset Chrome and turn off syncing if you have it on.
    Reset Chrome settings to default - Google Chrome Help

    Reset Edge.
    Reset Microsoft Edge to Default in Windows 10 Windows 10 Browsers Email Tutorials

    Reset Internet Explorer
    https://support.microsoft.com/en-us/...lorer-settings

    Let us know if that resolves your problems.
      My Computer


  3. Posts : 6
    windows
       #113

    simrick said:
    @justin123:
    I've fixed your log so that it can be read. Please go ahead and run "CLEAN", but UNCHECK the one I have in RED, as it may be a FP (false positive). If you really do use Tencent IM, you will have to reinstall it when we're finished, but I suspect it is a big part of your problem so I wouldn't recommend it.

    Code:
    # AdwCleaner v6.047 - Logfile created 31/05/2017 at 00:07:28# Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-05-30.1 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : Justin Wong - JUSTIN
    # Running from : C:\Users\Justin Wong\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support
    ***** [ Services ] *****
    Service Found: DsSvc (do not check this one - it could be a FP)
    ***** [ Folders ] *****
    Folder Found: C:\ProgramData\3f4c18ff632c4c8f
    Folder Found: C:\ProgramData\Savve neet
    Folder Found: C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh
    Folder Found: C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\legnpghkalhmjgloiigjdcppondlbnbg
    Folder Found: C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfigdpabghhgkponmfepnobiajkbahk
    Folder Found: C:\Users\Justin Wong\AppData\Local\Conduit
    Folder Found: C:\Users\Justin Wong\AppData\Local\NativeMessaging
    Folder Found: C:\Users\Justin Wong\AppData\Local\torch
    Folder Found: C:\Users\Justin Wong\AppData\LocalLow\Check Point Software Technologies LTD
    Folder Found: C:\Users\EverBright\AppData\Local\torch
    Folder Found: C:\ProgramData\TXQMPC
    Folder Found: C:\ProgramData\Tencent
    Folder Found: C:\ProgramData\Application Data\TXQMPC
    Folder Found: C:\ProgramData\Application Data\Tencent
    Folder Found: C:\Users\Public\Documents\Tencent
    Folder Found: C:\Program Files (x86)\Common Files\Tencent
    Folder Found: C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
    Folder Found: C:\Users\EverBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh
    ***** [ Files ] *****
    File Found: C:\WINDOWS\SysNative\drivers\TAOKernel64.sys
    File Found: C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
    File Found: C:\WINDOWS\SysWOW64\drivers\TS888x64.sys
    File Found: C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjndloejlcbpkholmagjbddfkjmmploh_0.localstorage
    File Found: C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjndloejlcbpkholmagjbddfkjmmploh_0.localstorage-journal
    ***** [ DLL ] *****
    No malicious DLLs found.
    ***** [ WMI ] *****
    No malicious keys found.
    ***** [ Shortcuts ] *****
    No infected shortcut found.
    ***** [ Scheduled Tasks ] *****
    No malicious task found.
    ***** [ Registry ] *****
    Key Found: HKCU\Software\b5b77ca3bcf909ddf66de9a4120ad15f
    Key Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Classes\Tencent
    Key Found: HKCU\Software\Classes\TencentKey Found: HKLM\SOFTWARE\Classes\metnsd
    Key Found: HKLM\SOFTWARE\Classes\qmgcfilesKey Found: [x64] HKCU\Software\Classes\Tencent
    Key Found: [x64] HKLM\SOFTWARE\Classes\metnsdKey Found: [x64] HKLM\SOFTWARE\Classes\qmgcfiles
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
    Key Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes\{02949653-9EA2-4181-AE64-216BC55F15CD}
    Data Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
    Key Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0E20C7A0-4122-46E3-BC5C-3C5D8081248D}
    Key Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{02949653-9EA2-4181-AE64-216BC55F15CD}
    Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0E20C7A0-4122-46E3-BC5C-3C5D8081248D}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{02949653-9EA2-4181-AE64-216BC55F15CD}
    Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0E20C7A0-4122-46E3-BC5C-3C5D8081248D}
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.comKey Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\xui.ptlogin2.qq.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.comKey Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\xui.ptlogin2.qq.com
    Value Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtect]
    Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SearchProtectAll]
    Value Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]
    Value Found: HKU\S-1-5-21-3246875568-2923908918-1514285280-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [QQ2009]
    Key Found: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXEKey Found: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
    Key Found: HKEY_CLASSES_ROOT\.qmgcKey Found: HKCU\Software\MozillaPlugins\@1.qq.com/npqqwebgame
    Key Found: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPhotoDrawExKey Found: HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
    Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckkKey Found: [x64] HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bopakagnckmlgajfccecajhnimjiiedh
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - dgpdioedihjhncjafcpgbbjdpbbkikmi
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kdfbddbdpnahdahmamlolacimfdbeckk
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN35895923612272531&UM=2
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - aol.com
    Chrome pref Found: [C:\Users\Justin Wong\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - ask.com[!] 
    
    You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. 
    Please consult this Google help: Fix problems with Chrome sync - Android - Google Chrome Help [!]
    *************************C:\AdwCleaner\AdwCleaner[S0].txt - [8445 Bytes] - [31/05/2017 00:07:28]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8518 Bytes] ##########
    Reset Chrome and turn off syncing if you have it on.
    Reset Chrome settings to default - Google Chrome Help

    Reset Edge.
    Reset Microsoft Edge to Default in Windows 10 Windows 10 Browsers Email Tutorials

    Reset Internet Explorer
    https://support.microsoft.com/en-us/...lorer-settings

    Let us know if that resolves your problems.
    Hello! Firstly, thank you so much for the prompt reply. also thank you so much for fixing the log. It was my first time posting here and i wasnt sure how to post my log.
    I do not use Tencent at all. those files must be remnants from a game I once downloaded from them. ( I have actually tried to purge all Tencent files before)

    Before I proceed, I just have a few questions!

    1) Does this mean apart from the DSSVC, all other files and folders are safe to be cleaned? As in they are not integral to my system? For example, Chrome app data and I know especially registry keys are super important. I would hate to accidentally delete a vital registry key. Or one of the .sys files (they sound important too)

    2) (Similiar to question 2)- Does this mean all the other files flagged by ADWcleaner are malware? I run windows defender regularly and it always shows up as safe.

    3) You mentioned resetting my browsers. Do I do this before or after I proceed with the cleaning?

    4) After I did the scan last night, I went to check some of the files it flagged. I realised that some of the files have a very old last modified date, e.g. 2013,2014. Does this have any bearing on the possibility of false positives? Like I have only noticed this problem recently.


    Thanks so much and I look forward to your reply!
      My Computer


  4. Posts : 16,325
    W10Prox64
       #114

    justin123 said:
    Hello! Firstly, thank you so much for the prompt reply. also thank you so much for fixing the log. It was my first time posting here and i wasnt sure how to post my log.
    I do not use Tencent at all. those files must be remnants from a game I once downloaded from them. ( I have actually tried to purge all Tencent files before)
    Quite welcome.
    justin123 said:
    Before I proceed, I just have a few questions!

    1) Does this mean apart from the DSSVC, all other files and folders are safe to be cleaned? As in they are not integral to my system? For example, Chrome app data and I know especially registry keys are super important. I would hate to accidentally delete a vital registry key. Or one of the .sys files (they sound important too)
    Yes, they all should be good to get rid of.
    justin123 said:
    2) (Similiar to question 2)- Does this mean all the other files flagged by ADWcleaner are malware? I run windows defender regularly and it always shows up as safe.
    They can be malware, adware, hijackware, etc. Defender does not get everything. No A/V gets everything. You really need a layered approach to stay safe.
    justin123 said:
    3) You mentioned resetting my browsers. Do I do this before or after I proceed with the cleaning?
    Clean with ADWCleaner, then reset.
    justin123 said:
    4) After I did the scan last night, I went to check some of the files it flagged. I realised that some of the files have a very old last modified date, e.g. 2013,2014. Does this have any bearing on the possibility of false positives? Like I have only noticed this problem recently.


    Thanks so much and I look forward to your reply!
    Some old infections have been around a long time. Some may be remnants of things you've gotten rid of in the past. A lot of that stuff are problems.

    I would make a restore point first, then make sure you have Fast Startup turned OFF, then clean, then reset.
      My Computer


  5. Posts : 6
    windows
       #115

    simrick said:
    Quite welcome.

    Yes, they all should be good to get rid of.

    They can be malware, adware, hijackware, etc. Defender does not get everything. No A/V gets everything. You really need a layered approach to stay safe.

    Clean with ADWCleaner, then reset.

    Some old infections have been around a long time. Some may be remnants of things you've gotten rid of in the past. A lot of that stuff are problems.

    I would make a restore point first, then make sure you have Fast Startup turned OFF, then clean, then reset.
    Hello! Thanks so much for your reply. Can I just ask, why is it necessary to turn off Fast Startup? And also, by reset do you mean restart the PC?

    Thanks so much and sorry for all the questions!
      My Computer


  6. Posts : 6
    windows
       #116

    justin123 said:
    Hello! Thanks so much for your reply. Can I just ask, why is it necessary to turn off Fast Startup? And also, by reset do you mean restart the PC?

    Thanks so much and sorry for all the questions!
    Hi again. Please ignore the second part of my question! i just realised you meant resetting the browsers
      My Computer


  7. Posts : 16,325
    W10Prox64
       #117

    justin123 said:
    Hello! Thanks so much for your reply. Can I just ask, why is it necessary to turn off Fast Startup? And also, by reset do you mean restart the PC?

    Thanks so much and sorry for all the questions!
    justin123 said:
    Hi again. Please ignore the second part of my question! i just realised you meant resetting the browsers
    Fast Startup is a sort of hybrid hibernation, and prevents some things from fully installing/uninstalling. I turn it off on every system I own and work on.

    To understand what this is/does (it was first introduced in Windows 8):
    “Fast Startup (aka: hybrid boot or hybrid Shutdown) is a new feature in Windows 8 to help your PC start up faster after shutting down. When turned on, Windows 8 does this by using a hybrid shutdown (a partial hibernate) method that saves only the kernel session and device drivers (system information) to the hibernate (hiberfil.sys) file on disk instead of closing it when you shut down your PC. This also makes the hiberfil.sys file to be much smaller than what hibernate would use (often 4GB or more). When you start your PC again, Windows 8 uses that saved system information to resume your system instead of having to do a cold boot to fully restart it. Using this technique with boot gives a significant advantage for boot times, since reading the hiberfile in and reinitializing drivers is much faster on most systems (30-70% faster on most systems tested). If you have a motherboard with UEFI, then fast startup will be even faster.”
      My Computer


  8. Posts : 6
    windows
       #118

    simrick said:
    Fast Startup is a sort of hybrid hibernation, and prevents some things from fully installing/uninstalling. I turn it off on every system I own and work on.
    Hi again! and thanks for the reply.
    Anyway I have gone ahead and ran the ADWcleaner scan again. However, the DSSVC file does not show up this time. Is this a cause for concern?

    I have cleaned all the other files

    Thanks
      My Computer


  9. Posts : 16,325
    W10Prox64
       #119

    justin123 said:
    Hi again! and thanks for the reply.
    Anyway I have gone ahead and ran the ADWcleaner scan again. However, the DSSVC file does not show up this time. Is this a cause for concern?

    I have cleaned all the other files

    Thanks
    It didn't show up on the second run? Interesting. Could you tell if the database updated before you ran it? I just ran it on my system (where the FP showed up about 5 days ago.....did not show up on mine either. Maybe they've updated things.

    And you reset browsers? Are things running well now, and no cmd windows flashing?
      My Computer


  10. Posts : 6
    windows
       #120

    simrick said:
    It didn't show up on the second run? Interesting. Could you tell if the database updated before you ran it? I just ran it on my system (where the FP showed up about 5 days ago.....did not show up on mine either. Maybe they've updated things.

    And you reset browsers? Are things running well now, and no cmd windows flashing?
    Which database are you referring to and how do i verify this?

    yes i have reset my browsers. I have not experienced any cmd windows flashing since
    However, even when i experienced this problem it was also happening randomly and intermittently and not really regularly. I had also read on another forum that this issue was caused by Microsoft Office task scheduler (or something like that) and i had gone ahead and implemented the fix for that before the ADWcleaner fix as well. So i am not completely sure that the ADWcleaner fix was the one that fixed the bug.

    Thanks for your reply!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:50.
Find Us




Windows 10 Forums