Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have an issue


  • Please log in to reply
21 replies to this topic

#1 desidenceofsin

desidenceofsin

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 07 May 2015 - 07:00 PM

Running winows 7 64 bit... I have issues with lag..... some videos lag constantly and when loading new pages it takes like 45 seconds to minutes... When I am typing it lags sometimes too... I got adware I removed some of it with malwarebytes premium edition but for some reason i still have mal/spyware.... if there is anything anyone can do please let me know... This really sucks and wish I could resolve it before my computer blows up or something lol



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 07 May 2015 - 07:03 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 desidenceofsin

desidenceofsin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 07 May 2015 - 07:20 PM

All of these programs need to be downloaded?



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 07 May 2015 - 07:44 PM

Yes, that is the idea. :)



#5 desidenceofsin

desidenceofsin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 07 May 2015 - 08:35 PM

The MWAV Escan Log

 

07 May 2015 20:49:40 [00c0] - **********************************************************
07 May 2015 20:49:40 [00c0] - MWAV - eScanAV AntiVirus Toolkit.
07 May 2015 20:49:40 [00c0] - Copyright © MicroWorld Technologies
07 May 2015 20:49:40 [00c0] - **********************************************************
07 May 2015 20:49:40 [00c0] - Source: C:\Users\Michael\Downloads\mwav.exe
07 May 2015 20:49:40 [00c0] - Version 14.0.178 (C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\MEXE.COM)
07 May 2015 20:49:40 [00c0] - Log File: C:\Users\Michael\AppData\Local\Temp\MWAV.LOG
07 May 2015 20:49:40 [00c0] - MWAV Registered: TRUE
07 May 2015 20:49:40 [00c0] - User Account: Michael (Administrator Mode)
07 May 2015 20:49:40 [00c0] - OS Type: Windows Workstation [InstallType: Client]
07 May 2015 20:49:40 [00c0] - OS: Windows 7 64-Bit [OS Install Date: 28 Dec 2014 16:39:02]
07 May 2015 20:49:40 [00c0] - Ver: Personal Service Pack 1 (Build 7601)
07 May 2015 20:49:40 [00c0] - System Up Time: 8 Minutes, 18 Seconds
 
 
07 May 2015 20:49:40 [00c0] - Parent Process Name : C:\Users\Michael\Downloads\mwav.exe
07 May 2015 20:49:40 [00c0] - Windows Root  Folder: C:\Windows
07 May 2015 20:49:40 [00c0] - Windows Sys32 Folder: C:\Windows\system32
07 May 2015 20:49:40 [00c0] - DHCP NameServer: 192.168.1.254
07 May 2015 20:49:40 [00c0] - Interface0 DHCPNameServer: 192.168.1.254
07 May 2015 20:49:40 [00c0] - ProxyServer: 127.0.0.1:8118
07 May 2015 20:49:40 [00c0] - ProxyOverride: 
07 May 2015 20:49:40 [00c0] - Proxy Connection: ENABLED
07 May 2015 20:49:40 [00c0] - Local Fixed Drives: c:\
07 May 2015 20:49:40 [00c0] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
07 May 2015 20:49:40 [00c0] - [CREATED ZIP FILE: C:\Users\Michael\AppData\Local\Temp\pinfect.zip]
07 May 2015 20:49:40 [00c0] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
07 May 2015 20:49:43 [00c0] - ** Deleted Value "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings/ProxyServer". Its value was: "127.0.0.1:8118"
07 May 2015 20:49:43 [00c0] - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "ChromeHTML" to "htmlfile"
07 May 2015 20:49:43 [00c0] - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "ChromeHTML" to "htmlfile"
07 May 2015 20:49:43 [00c0] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Michael\AppData\Local\Temp\ESCANDB.LOG]
07 May 2015 20:49:44 [00c0] - Loaded/Created FileScan Cache Database...
07 May 2015 20:49:44 [00c0] - Loading AV Library [DB]...
07 May 2015 20:50:33 [00c0] - ArchiveScan: DISABLED
07 May 2015 20:50:34 [00c0] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
07 May 2015 20:50:34 [00c0] - MWAV doing self scanning...
07 May 2015 20:50:34 [00c0] - MWAV files are clean.
07 May 2015 20:50:38 [00c0] - ArchiveScan: DISABLED
07 May 2015 20:50:38 [00c0] - Virus Database Date: 02 Mar 2015
07 May 2015 20:50:38 [00c0] - Virus Database Count: 6701505
07 May 2015 20:50:38 [00c0] - Sign Version: 7.59505 [518257]
07 May 2015 20:50:46 [00c0] - Downloading AntiVirus and Anti-Spyware Databases...
07 May 2015 20:58:00 [00c0] - Update Successful...
07 May 2015 20:58:08 [00c0] - Indexed Spyware Databases Successfully Created...
07 May 2015 20:58:08 [00c0] - Old Sign Version: 7.59505 New Sign Version: 7.60465
07 May 2015 20:58:23 [00c0] - Reload of AntiVirus Signatures successfully done.
07 May 2015 20:58:23 [00c0] - Virus Database Date: 07 May 2015
07 May 2015 20:58:23 [00c0] - Virus Database Count: 6055120
07 May 2015 20:58:23 [00c0] - Sign Version: 7.60465 [519217]
 
07 May 2015 21:00:23 [00c0] - **********************************************************
07 May 2015 21:00:23 [00c0] - MWAV - eScanAV AntiVirus Toolkit.
07 May 2015 21:00:23 [00c0] - Copyright © MicroWorld Technologies
07 May 2015 21:00:23 [00c0] - 
07 May 2015 21:00:23 [00c0] - Support: support@escanav.com
07 May 2015 21:00:23 [00c0] - Web: http://www.escanav.com
07 May 2015 21:00:23 [00c0] - **********************************************************
07 May 2015 21:00:23 [00c0] - Version 14.0.178[DB] (C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\MEXE.COM)
07 May 2015 21:00:23 [00c0] - Log File: C:\Users\Michael\AppData\Local\Temp\MWAV.LOG
07 May 2015 21:00:23 [00c0] - User Account: Michael (Administrator Mode)
07 May 2015 21:00:23 [00c0] - Parent Process Name : C:\Users\Michael\Downloads\mwav.exe
07 May 2015 21:00:23 [00c0] - Windows Root  Folder: C:\Windows
07 May 2015 21:00:23 [00c0] - Windows Sys32 Folder: C:\Windows\system32
07 May 2015 21:00:23 [00c0] - OS: Windows 7 64-Bit [OS Install Date: 28 Dec 2014 16:39:02]
07 May 2015 21:00:23 [00c0] - Ver: Personal Service Pack 1 (Build 7601)
07 May 2015 21:00:23 [00c0] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
07 May 2015 21:00:23 [0d10] - Options Selected by User:
07 May 2015 21:00:23 [0d10] - Memory Check: Enabled
07 May 2015 21:00:23 [0d10] - Registry Check: Enabled
07 May 2015 21:00:23 [0d10] - StartUp Folder Check: Enabled
07 May 2015 21:00:23 [0d10] - System Folder Check: Enabled
07 May 2015 21:00:23 [0d10] - Services Check: Enabled
07 May 2015 21:00:23 [0d10] - Scan Spyware: Enabled
07 May 2015 21:00:23 [0d10] - Scan Archives: Disabled
07 May 2015 21:00:23 [0d10] - Drive Check: Enabled
07 May 2015 21:00:23 [0d10] - All Drive Check :Disabled
07 May 2015 21:00:23 [0d10] - Drive Selected = C:\
07 May 2015 21:00:23 [0d10] - Folder Check: Disabled
07 May 2015 21:00:23 [0d10] - SCAN: All_Files [ANSI]
07 May 2015 21:00:23 [0d10] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
07 May 2015 21:00:23 [0d10] - Scanning DNS Records...
07 May 2015 21:00:23 [0d10] - Scanning Master Boot Record (User)...
07 May 2015 21:00:23 [0d10] - Scanning Logical Boot Records...
07 May 2015 21:00:24 [0d10] - ***** Scanning For Hidden Rootkit Processes *****
07 May 2015 21:00:24 [0d10] - ***** Scanning For Hidden Rootkit Services *****
 
07 May 2015 21:00:30 [0d10] - ***** Scanning Memory Files *****
07 May 2015 21:00:30 [0d10] - Scanning File C:\Program Files (x86)\Softcomp Software\swnet.dll
07 May 2015 21:00:30 [0d10] - Module C:\Program Files (x86)\Softcomp Software\swnet.dll found loaded in Memory...
07 May 2015 21:00:30 [0d10] - Parent Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07 May 2015 21:00:30 [0d10] - Parent Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07 May 2015 21:00:30 [0d10] - Parent Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07 May 2015 21:00:30 [0d10] - Parent Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07 May 2015 21:00:30 [0d10] - Parent Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07 May 2015 21:00:30 [0d10] - Parent Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07 May 2015 21:00:30 [0d10] - List of all Processes Sharing [swnet.dll] : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07 May 2015 21:00:30 [0d10] - *** Terminating Infected Process C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
07 May 2015 21:00:33 [0d10] - *** Termination Successful.
07 May 2015 21:00:33 [0d10] - File C:\Program Files (x86)\Softcomp Software\swnet.dll infected by "Trojan.GenericKD.2357767 (DB)" Virus! Action Taken: File Renamed.
 
07 May 2015 21:00:33 [0d10] - Dummy folder [C:\Program Files (x86)\Softcomp Software\swnet.dll] made to prevent virus recreation(3).
 
07 May 2015 21:00:36 [0d10] - ***** Scanning Registry Files *****
 
07 May 2015 21:00:39 [0d10] - ***** Scanning StartUp Folders *****
07 May 2015 21:00:39 [084c] - C:\Users\Michael\AppData\Roaming\Arc\gameinfo.xml not Scanned. Possibly password protected...
07 May 2015 21:00:39 [0f28] - C:\Users\Michael\AppData\Roaming\Arc\gameinfo.xml.bak not Scanned. Possibly password protected...
 
07 May 2015 21:00:55 [0d10] - ***** Scanning Service Files *****
07 May 2015 21:01:05 [0d10] - ERROR(2)!!! Invalid Entry C:\Windows\system32\GameMon.des -service. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\npggsvc.
07 May 2015 21:01:09 [0d10] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
07 May 2015 21:01:13 [0d10] - ***** Scanning Registry and File system for Adware/Spyware *****
07 May 2015 21:01:13 [0d10] - Loading Spyware Signatures from new External Database [Name: C:\Users\Michael\AppData\Local\Temp\spydb.avs, Size: 464724]...
07 May 2015 21:01:13 [0d10] - Indexed Spyware Databases Successfully Created...
 
 
07 May 2015 21:01:17 [0d10] - ***** Scanning Registry Files *****
07 May 2015 21:01:18 [0d10] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
07 May 2015 21:01:18 [0d10] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
07 May 2015 21:01:18 [0d10] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
07 May 2015 21:01:18 [0d10] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
07 May 2015 21:01:18 [0d10] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
07 May 2015 21:01:18 [0d10] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
07 May 2015 21:01:18 [0d10] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
07 May 2015 21:01:18 [0d10] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 
07 May 2015 21:01:18 [0d10] - ***** Scanning System32 Folders *****
 
07 May 2015 21:02:12 [0454] - Scanning File C:\Users\Michael\AppData\Local\Temp\MWZ10F1.tmp
 
07 May 2015 21:02:38 [0d10] - ***** Scanning Drive C:\ *****
07 May 2015 21:05:28 [061c] - ScanFile (C:\Nexon\Library\vindictus\appdata\en-US\hfs\8751D16CDBBC536C2326EFDA3EFCA2621E8C2530.hfs) took 5242 ms
07 May 2015 21:06:27 [061c] - C:\Program Files (x86)\Arc\gameinfo_scan.xml not Scanned. Possibly password protected...
07 May 2015 21:06:27 [0454] - C:\Program Files (x86)\Arc\gameinfo.xml not Scanned. Possibly password protected...
07 May 2015 21:06:32 [090c] - ScanFile (C:\Program Files (x86)\Arc\libcef.dll) took 5180 ms
07 May 2015 21:07:11 [0454] - ScanFile (C:\Program Files (x86)\Heroes of the Storm\Versions\Base34846\HeroesOfTheStorm.exe) took 6240 ms
07 May 2015 21:07:26 [084c] - ScanFile (C:\Program Files (x86)\Neverwinter_en\Neverwinter\Live\GameClient.exe) took 5725 ms
07 May 2015 21:07:39 [0f28] - Scanning File C:\Program Files (x86)\Softcomp Software\swjob.exe
07 May 2015 21:07:39 [0f28] - File C:\Program Files (x86)\Softcomp Software\swjob.exe infected by "Trojan.GenericKD.2357643 (DB)" Virus! Action Taken: File Renamed.
 
07 May 2015 21:07:40 [0f58] - Scanning File C:\Program Files (x86)\Softcomp Software\swff.exe
07 May 2015 21:07:40 [0f58] - File C:\Program Files (x86)\Softcomp Software\swff.exe infected by "Trojan.GenericKD.2358114 (DB)" Virus! Action Taken: File Renamed.
 
07 May 2015 21:07:44 [084c] - ScanFile (C:\Program Files (x86)\Nexon\Nexon Launcher\bin\modules\mclient\nexon_client.exe) took 13244 ms
07 May 2015 21:07:46 [061c] - Scanning File C:\System Volume Information\{46edd83a-f36b-11e4-a081-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0500] - Scanning File C:\System Volume Information\{127bc952-da3d-11e4-81d9-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0f28] - Scanning File C:\System Volume Information\{5caa4845-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [090c] - Scanning File C:\System Volume Information\{0a114f90-d4c2-11e4-98d6-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0500] - Scanning File C:\System Volume Information\{5caa49ea-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0454] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [084c] - Scanning File C:\System Volume Information\{46edd836-f36b-11e4-a081-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [090c] - Scanning File C:\System Volume Information\{5caa4c11-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0454] - Scanning File C:\System Volume Information\{6110b295-f2a4-11e4-b7b7-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0f28] - Scanning File C:\System Volume Information\{5caa4b5c-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0f58] - Scanning File C:\System Volume Information\{237ec29e-e2c2-11e4-be3e-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [084c] - Scanning File C:\System Volume Information\{6110b32a-f2a4-11e4-b7b7-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0500] - Scanning File C:\System Volume Information\{6110b28d-f2a4-11e4-b7b7-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0f28] - Scanning File C:\System Volume Information\{6ae01316-d4bb-11e4-8ae4-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [090c] - Scanning File C:\System Volume Information\{612fef47-e0f8-11e4-a036-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0f28] - Scanning File C:\System Volume Information\{bf7ead50-d5e3-11e4-9a05-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0f58] - Scanning File C:\System Volume Information\{79bbca8b-d4a5-11e4-a9b6-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [090c] - Scanning File C:\System Volume Information\{d5ecc08a-d4c2-11e4-8cb6-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:46 [0454] - Scanning File C:\System Volume Information\{6ae01293-d4bb-11e4-8ae4-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:47 [061c] - Scanning File C:\System Volume Information\{5caa49b6-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:47 [0500] - Scanning File C:\System Volume Information\{bab28df2-dbcd-11e4-b365-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:07:47 [084c] - Scanning File C:\System Volume Information\{a0200800-dce6-11e4-a056-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:09:10 [090c] - Scanning File C:\Users\Michael\Downloads\d2 hacks\d2me\d2me.exe
07 May 2015 21:09:10 [090c] - File C:\Users\Michael\Downloads\d2 hacks\d2me\d2me.exe infected by "Trojan.Generic.14491197 (DB)" Virus! Action Taken: File Renamed.
 
07 May 2015 21:09:25 [0f58] - ScanFile (C:\Users\Michael\Downloads\NexonLauncherSetup.exe) took 10951 ms
07 May 2015 21:10:12 [0f28] - ScanFile (C:\Users\Michael\Downloads\Malwarebytes Anti-Malware Premium 2.0.2.1012 Final + Keys [ATOM]\mbam-setup-2.0.2.1012.exe) took 19999 ms
07 May 2015 21:10:17 [090c] - ScanFile (C:\Users\Michael\Downloads\Unconfirmed 795410.crdownload) took 31075 ms
07 May 2015 21:10:17 [090c] - Scanning of C:\Users\Michael\Downloads\Unconfirmed 795410.crdownload Timed out!!!
07 May 2015 21:18:08 [0454] - ScanFile (C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-sysinfo-l1-1-0.dll) took 5648 ms
07 May 2015 21:20:31 [061c] - ScanFile (C:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.22733_none_b8ec27b2df488ae0\Microsoft.VisualBasic.dll) took 7301 ms
07 May 2015 21:20:31 [0500] - ScanFile (C:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.18523_none_cfb8ce4cc5a21132\Microsoft.VisualBasic.dll) took 7597 ms
 
07 May 2015 21:27:32 [0d10] - ***** Checking for specific ITW Viruses *****
 
07 May 2015 21:27:33 [0d10] - ***** Scanning complete. *****
 
07 May 2015 21:27:33 [0d10] - *** Terminating Process EXPLORER.EXE as one of its child processes libraries was infected...
07 May 2015 21:27:33 [0d10] - Memory/System Found Infected!!! Rescanning all objects to ensure that system is clean...
 
07 May 2015 21:27:33 [0d10] - Options Selected by User:
07 May 2015 21:27:33 [0d10] - Memory Check: Enabled
07 May 2015 21:27:33 [0d10] - Registry Check: Enabled
07 May 2015 21:27:33 [0d10] - StartUp Folder Check: Enabled
07 May 2015 21:27:33 [0d10] - System Folder Check: Enabled
07 May 2015 21:27:33 [0d10] - Services Check: Enabled
07 May 2015 21:27:33 [0d10] - Scan Spyware: Enabled
07 May 2015 21:27:33 [0d10] - Scan Archives: Disabled
07 May 2015 21:27:33 [0d10] - Drive Check: Enabled
07 May 2015 21:27:33 [0d10] - All Drive Check :Disabled
07 May 2015 21:27:33 [0d10] - Drive Selected = C:\
07 May 2015 21:27:33 [0d10] - Folder Check: Disabled
07 May 2015 21:27:33 [0d10] - SCAN: All_Files [ANSI]
07 May 2015 21:27:33 [0d10] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
07 May 2015 21:27:33 [0d10] - Scanning Master Boot Record (User)...
07 May 2015 21:27:33 [0d10] - Scanning Logical Boot Records...
07 May 2015 21:27:35 [0d10] - ***** Scanning For Hidden Rootkit Processes *****
07 May 2015 21:27:35 [0d10] - ***** Scanning For Hidden Rootkit Services *****
 
07 May 2015 21:27:41 [0d10] - ***** Scanning Memory Files *****
 
07 May 2015 21:27:41 [0d10] - ***** Scanning Registry Files *****
 
07 May 2015 21:27:44 [0d10] - ***** Scanning StartUp Folders *****
 
07 May 2015 21:27:47 [0d10] - ***** Scanning Service Files *****
 
07 May 2015 21:27:56 [0d10] - ***** Scanning Registry and File system for Adware/Spyware *****
07 May 2015 21:27:56 [0d10] - Loading Spyware Signatures from new External Database [Name: C:\Users\Michael\AppData\Local\Temp\spydb.avs, Size: 464724]...
07 May 2015 21:27:56 [0d10] - Indexed Spyware Databases Successfully Created...
 
 
07 May 2015 21:28:01 [0d10] - ***** Scanning Registry Files *****
07 May 2015 21:28:01 [0d10] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
07 May 2015 21:28:01 [0d10] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
07 May 2015 21:28:01 [0d10] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
07 May 2015 21:28:01 [0d10] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 
07 May 2015 21:28:01 [0d10] - ***** Scanning System32 Folders *****
 
 
07 May 2015 21:28:15 [0d10] - ***** Scanning Drive C:\ *****
07 May 2015 21:28:47 [0f28] - Scanning File C:\System Volume Information\{237ec29e-e2c2-11e4-be3e-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [084c] - Scanning File C:\System Volume Information\{46edd836-f36b-11e4-a081-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0f28] - Scanning File C:\System Volume Information\{5caa49ea-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [090c] - Scanning File C:\System Volume Information\{127bc952-da3d-11e4-81d9-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0be4] - Scanning File C:\System Volume Information\{5caa49b6-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0454] - Scanning File C:\System Volume Information\{5caa4845-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0f58] - Scanning File C:\System Volume Information\{0a114f90-d4c2-11e4-98d6-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0500] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [084c] - Scanning File C:\System Volume Information\{5caa4b5c-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [090c] - Scanning File C:\System Volume Information\{6110b28d-f2a4-11e4-b7b7-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0454] - Scanning File C:\System Volume Information\{6110b32a-f2a4-11e4-b7b7-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0be4] - Scanning File C:\System Volume Information\{6110b295-f2a4-11e4-b7b7-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0f28] - Scanning File C:\System Volume Information\{5caa4c11-e341-11e4-9bf5-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0f58] - Scanning File C:\System Volume Information\{612fef47-e0f8-11e4-a036-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0500] - Scanning File C:\System Volume Information\{6ae01293-d4bb-11e4-8ae4-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [084c] - Scanning File C:\System Volume Information\{79bbca8b-d4a5-11e4-a9b6-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0be4] - Scanning File C:\System Volume Information\{bab28df2-dbcd-11e4-b365-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [090c] - Scanning File C:\System Volume Information\{6ae01316-d4bb-11e4-8ae4-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0f58] - Scanning File C:\System Volume Information\{d5ecc08a-d4c2-11e4-8cb6-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:47 [0f28] - Scanning File C:\System Volume Information\{bf7ead50-d5e3-11e4-9a05-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:48 [0454] - Scanning File C:\System Volume Information\{a0200800-dce6-11e4-a056-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
07 May 2015 21:28:48 [061c] - Scanning File C:\System Volume Information\{46edd83a-f36b-11e4-a081-e840f2017d07}{3808876b-c176-4e48-b7ae-04046e6cc752}
 
07 May 2015 21:33:14 [0d10] - ***** Checking for specific ITW Viruses *****
 
07 May 2015 21:33:14 [0d10] - ***** Scanning complete. *****
 
07 May 2015 21:33:14 [0d10] - Total Objects Scanned: 364926
07 May 2015 21:33:14 [0d10] - Total Critical Objects: 4
07 May 2015 21:33:14 [0d10] - Total Disinfected Objects: 0
07 May 2015 21:33:14 [0d10] - Total Objects Renamed: 4
07 May 2015 21:33:14 [0d10] - Total Deleted Objects: 0
07 May 2015 21:33:14 [0d10] - Total Errors: 1
07 May 2015 21:33:14 [0d10] - Time Elapsed: 00:32:23
07 May 2015 21:33:14 [0d10] - Virus Database Date: 07 May 2015
07 May 2015 21:33:14 [0d10] - Virus Database Count: 6055120
07 May 2015 21:33:14 [0d10] - Sign Version: 7.60465 [519217]
 
07 May 2015 21:33:14 [0d10] - Scan Completed.
 


#6 desidenceofsin

desidenceofsin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 07 May 2015 - 08:54 PM

Zemana Log Only detection was System Ninja Setup here's the log though

 

Zemana AntiMalware 2.11.2.62 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/7
Operating System      : Windows 7 64-bit
Processor             : 4X Intel® Core™ i3-2350M CPU @ 2.30GHz
BIOS Mode             : Legacy
CUID                  : 00C4B8800BB98245E07D51
Scan Type             : Deep Scan
Duration              : 8m 0s
Scanned Objects       : 30123
Detected Objects      : 1
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky
Domain Info           : WORKGROUP,1,2
 
 
Detected Objects
-------------------------------------------------------
ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detections         : Eset: Win32/OpenCandy potentially unsafe application
   Cleaning Action    : Delete
   Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0


#7 desidenceofsin

desidenceofsin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 07 May 2015 - 08:58 PM

This is the JRT Log I no longer see the random lettering being highlighted anymore awesome lol

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.8 (05.06.2015:1)
OS: Windows 7 Home Premium x64
Ran by Michael on Thu 05/07/2015 at 21:54:50.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] privoxyservice
Successfully deleted: [Service] privoxyservice
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Malware Cleaner
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/07/2015 at 21:57:24.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 07 May 2015 - 09:08 PM

After the adware cleaner scan. :)

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
http://www.eset.com/us/online-scanner/

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#9 desidenceofsin

desidenceofsin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 07 May 2015 - 09:24 PM

Well guess what I'm on my phone now cause add cleaner just destroyed my hard drive and it won't work no thanks alot..

#10 desidenceofsin

desidenceofsin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 07 May 2015 - 09:25 PM

Adware cleaner *

#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 07 May 2015 - 09:26 PM

Adware cleaner is not going to destroy anything, that program is used on these forums everyday. Are you able to boot into safemode?



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 07 May 2015 - 09:27 PM

There is no need to say........ 

thanks alot..

 

 

Being rude will not help at all.



#13 desidenceofsin

desidenceofsin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 07 May 2015 - 09:29 PM

I can't boot anything it is stuck at leading innovation after I ran adwcleaner it restarted computer now it can't pick my hard drive up.

#14 desidenceofsin

desidenceofsin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 07 May 2015 - 09:31 PM

F2 nor f12 on boot won't work at all nothing it just freezes instantly

#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 07 May 2015 - 09:33 PM

I have heard of adware cleaner killing an internet connection but not making a mahcine unbootable, in your case this is unfortunate.....

 

 

We can try a system restore from recovery console....

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


[*]On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select System Restore






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users