Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! ISCSICLI


  • This topic is locked This topic is locked
14 replies to this topic

#1 Valkyrie88

Valkyrie88

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 24 November 2015 - 04:20 PM

I got a new computer and I didn't have install security before my boyfriend decided to use it. I noticed my computer acting up and it wouldn't let me install Norton Security at all . Then my internet provider emailed me telling me there was suspicious behavior coming from my internet. Tech support couldn't help me. I don't know what the problem is still. I downloaded hitman pro and scanned my computer an 7 different Trojans came up, and now I am noticing a program in my control panel coming up as ISCSICLI that i cannot remove. I looked it up and from what im seeing it is due to a Trojan. Does anyone know how to fix this please.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 26 November 2015 - 08:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


How is the computer running now?
Wait for further instructions.

#3 Valkyrie88

Valkyrie88
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 28 November 2015 - 09:14 PM

I'm still trying to goes through these steps. It's hard with my computer acting up as bad. Please be pacient. I will post tomarrow

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 29 November 2015 - 09:20 AM

I'll be here

#5 Valkyrie88

Valkyrie88
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 22 December 2015 - 10:48 PM

I keep getting a stopped working message as soon as malware bytes gets to the end of the scan.



#6 Valkyrie88

Valkyrie88
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 22 December 2015 - 11:10 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Owner (administrator) on LAPTOP (22-12-2015 21:09:53)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
Attached File  FRST.txt   24.48KB   2 downloads


#7 Valkyrie88

Valkyrie88
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 23 December 2015 - 12:19 AM

# AdwCleaner v5.026 - Logfile created 22/12/2015 at 22:14:55
# Updated 21/12/2015 by Xplode
# Database : 2015-12-21.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Owner - LAPTOP
# Running from : C:\Users\Owner\Downloads\adwcleaner_5.026.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****


#8 Valkyrie88

Valkyrie88
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 23 December 2015 - 12:30 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by Owner (2015-11-24 14:13:00)
Running from C:\Users\Owner\Downloads
Windows 8.1 (Update 1) (X64) (2014-03-25 20:23:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2482631759-1556073610-3451039342-500 - Administrator - Disabled)
Guest (S-1-5-21-2482631759-1556073610-3451039342-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2482631759-1556073610-3451039342-1003 - Limited - Enabled)
Owner (S-1-5-21-2482631759-1556073610-3451039342-1001 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2482631759-1556073610-3451039342-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}) (Version: 0.9.1115.0 - Dell Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.143 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version:  - )
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3.2 - MP3 Rocket Inc)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.8.5.305531 - Linden Research, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2482631759-1556073610-3451039342-1001_Classes\CLSID\{4068F258-7B66-46E9-9C6B-78E928C90136}\InprocServer32 -> C:\ProgramData\{65234EFD-0BEE-467C-88A1-5BBD278C1FD7}\scksp.dll => No File
CustomCLSID: HKU\S-1-5-21-2482631759-1556073610-3451039342-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
10-11-2015 15:48:21 F-Secure malware removal
14-11-2015 16:42:59 Windows Update
16-11-2015 11:38:23 Checkpoint by HitmanPro
17-11-2015 18:12:04 Checkpoint by HitmanPro
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01EB8C1C-A75D-48D7-8D00-0BBE35F94A21} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {19F27221-74C6-47B2-AE1F-852B68E9B245} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {3A81DFEB-940B-4377-A999-F1D8CBEE3C9E} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {40837872-96D6-4C27-ADFD-4D16DFF48013} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {42CD38D9-FEE3-4246-8169-20282173AC3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)
Task: {62A8F4C4-935D-4D1A-AE77-D073ABF855E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-27] (Microsoft Corporation)
Task: {6ABCEFCD-4F03-41E5-A811-B53AA6BBF09A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-13] (Synaptics Incorporated)
Task: {7A7E8BCF-DC2E-418E-9236-97E91E544D2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)
Task: {969CDF08-B5D3-4831-BDD4-916CDDE858E0} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {B1B7C2E8-B4D1-4142-A4E1-A83BD3D9A3F8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {B32A98C5-9480-4043-870E-991EFB9C6435} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2014-03-13] (CyberLink Corp.)
Task: {DF2DAD22-858C-453C-8835-571A1E6CE960} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2014-03-13] (CyberLink)
Task: {EE69B5F8-D423-466A-ABFD-C368026FC23B} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {F97AFECA-F44A-44FD-B964-E89F2FF1038A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-13 04:45 - 2015-10-13 04:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-13 11:21 - 2014-03-13 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-03-13 11:21 - 2014-03-13 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-09-05 00:13 - 2013-09-05 00:13 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-08-22 15:40 - 2013-08-22 15:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 15:40 - 2013-08-22 15:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 15:40 - 2013-08-22 15:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-03-13 10:54 - 2014-03-13 10:54 - 00457616 _____ () C:\Windows\system32\igfxTray.exe
2015-11-24 13:35 - 2015-11-24 13:16 - 00243340 _____ () C:\Users\Owner\AppData\Local\Temp\~nsu.tmp\Au_.exe
2014-03-13 11:12 - 2014-03-13 11:12 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-11-10 15:37 - 2015-11-06 21:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-10 15:37 - 2015-11-06 21:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2014-03-13 11:06 - 2014-03-13 11:06 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-03-13 11:21 - 2014-03-13 11:21 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-03-13 11:21 - 2014-03-13 11:21 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-03-13 11:21 - 2014-03-13 11:21 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-11-10 15:37 - 2015-11-06 21:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2482631759-1556073610-3451039342-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Downloads\big_thumb_2c71bde56aabb1eedaba7419ae67d81a.jpg
DNS Servers: 192.168.1.254 - 75.153.176.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{00DCA591-8626-469E-A889-B1A518921534}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{8C08927B-CAC2-4CA0-974E-2F62DE2B401A}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{02BA356B-1F0C-490E-B6BF-6D29D869DEA9}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{A6B78341-2E5A-4FA4-B98A-B88F612BBEB3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8C6DE775-32E7-4480-81E6-C7D3F9B71D2D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{0FBEF860-E282-46E1-A378-8942DD47D11D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{227FE592-099D-4CCE-98F3-D3B903AB2F3C}] => (Allow) LPort=2869
FirewallRules: [{A723F945-53E9-411D-9821-D2598CDF4C2C}] => (Allow) LPort=1900
FirewallRules: [{FA836137-9C0D-46E8-B677-33494A613AA3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C2E05D20-96AB-4163-9496-6E7C08E01488}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A4451958-0534-4DE8-BDC8-D38761103D86}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF674860-70AC-4F4B-A909-BB230CAA473C}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{345815C9-E209-4496-B63F-DC3BEDB0AE26}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{03D45C5D-30F5-4AF5-A160-9596338A941D}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B125F838-0E67-4831-946F-D2F2A4369790}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36F6EC3E-440C-461B-A4D7-383064B4CFE2}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{13A4F4F2-87A8-4DF9-8DE5-5B3C5E9B8BEA}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{98EC595F-568A-438E-81E8-CB926236E229}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{F4D64900-82CE-443B-9B7A-A476BBE4A8B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{CD420F07-FB19-4A27-8C04-77A7B0613FCF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8FAFCCDD-BC50-47D5-8608-C10EA92305D0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8B65C909-2AC6-420C-B6D6-B6BDF540D1F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6AE7936-93D9-41FE-A5EA-C526844D045B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19FB93DC-6265-4F4A-9566-FD07B62C6937}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{329A1AD3-F0FB-474C-9BAE-71572D760CB9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5F920C50-90F2-4537-ABC5-8E603EB33D16}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{52FFFCB9-AB77-442D-A3D5-7DCB77DD9165}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{210226B1-6003-44A3-AFFD-D84FE8228FB8}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/24/2015 01:34:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 178c
 
Start Time: 01d126f781846bd2
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: ca17b24b-92ea-11e5-8279-342387ddccf0
 
Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (11/24/2015 01:34:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LAPTOP)
Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
 
Error: (11/17/2015 06:15:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f0,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000A6AB42F0D0.72).  hr = 0x80070005, Access is denied.
.
 
Error: (11/17/2015 06:15:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003ec,(null),0,REG_BINARY,000000EDC9B1DF50.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6fd2207a-ccf2-4445-9e18-6f5fe4585728}
 
Error: (11/17/2015 06:15:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000EF6830E010.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {9dbb261e-0fbc-4883-9dcb-b82727079d12}
 
Error: (11/17/2015 06:15:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008a4,(null),0,REG_BINARY,000000E99579DDD0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {2f996ea7-9a79-4e00-9d8d-86b6f4b26ca8}
 
Error: (11/17/2015 06:15:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e4,(null),0,REG_BINARY,000000A6AC7CEFE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {5216f9cc-ff58-491b-bf0d-d6ef1886319f}
 
Error: (11/17/2015 06:15:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001a4,(null),0,REG_BINARY,000000A6AC6CE770.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {3aeb3c81-d1cb-4031-98e4-26247a191e4f}
 
Error: (11/17/2015 06:15:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e4,(null),0,REG_BINARY,000000A6AC7CEFE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {5216f9cc-ff58-491b-bf0d-d6ef1886319f}
 
Error: (11/17/2015 06:15:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000214,(null),0,REG_BINARY,000000A6AC74EB40.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {38962f5a-478b-4beb-9452-f54860716a3b}
 
 
System errors:
=============
Error: (11/24/2015 01:02:48 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: 
%%0
 
Error: (11/24/2015 01:02:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WajaIntEn Monitor service failed to start due to the following error: 
%%1053
 
Error: (11/24/2015 01:02:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WajaIntEn Monitor service to connect.
 
Error: (11/24/2015 01:02:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%1275
 
Error: (11/17/2015 04:59:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WajaIntEn Monitor service failed to start due to the following error: 
%%1053
 
Error: (11/17/2015 04:59:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WajaIntEn Monitor service to connect.
 
Error: (11/17/2015 04:59:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%1275
 
Error: (11/17/2015 04:58:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%1747
 
Error: (11/17/2015 04:58:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSDP Discovery service failed to start due to the following error: 
%%1069
 
Error: (11/17/2015 04:58:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
 
CodeIntegrity:
===================================
  Date: 2015-11-08 03:00:55.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{65234EFD-0BEE-467C-88A1-5BBD278C1FD7}\scksp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-08 02:33:58.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{65234EFD-0BEE-467C-88A1-5BBD278C1FD7}\scksp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-08 02:25:55.450
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{65234EFD-0BEE-467C-88A1-5BBD278C1FD7}\scksp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-11-07 21:59:02.360
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{65234EFD-0BEE-467C-88A1-5BBD278C1FD7}\scksp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-07 21:47:26.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{65234EFD-0BEE-467C-88A1-5BBD278C1FD7}\scksp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 33%
Total physical RAM: 6024.96 MB
Available physical RAM: 3991.96 MB
Total Virtual: 12168.96 MB
Available Virtual: 9907.79 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:456.83 GB) (Free:387.5 GB) NTFS
Drive f: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.79 GB) (Free:0.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 997DBAB5)
 
Partition: GPT.
Partition 2: (Not Active) - (Size=423 MB) - (Type=00)
 
==================== End of Addition.txt ============================


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 23 December 2015 - 10:41 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
SearchScopes: HKLM -> DefaultScope {4E40DAC7-77E1-45A6-8C7D-68D05EA784DA} URL =
SearchScopes: HKU\S-1-5-21-2482631759-1556073610-3451039342-1001 -> DefaultScope {4E40DAC7-77E1-45A6-8C7D-68D05EA784DA} URL =
SearchScopes: HKU\S-1-5-21-2482631759-1556073610-3451039342-1001 -> OldSearch URL =
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggadQ1dAw1CFhgQIQhbTA0VEgEOeQ4PVRRFE1FBdAhdVlsXE1AFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg=="
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=ME04A72E4-4D6A-45CD-9212-EA8BDE888A3E&SearchSource=55&CUI=&UM=6&UP=SP79C6A9B6-B812-4160-8356-B85DD91C77BA&SSPV=&TID=1823","hxxp://www.istart123.com/?type=hp&ts=1408149647&from=adks&uid=ST500LM012XHN-M500MBB_S2X1J90CA12327A12327","hxxp://www.trovi.com/?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=ME04A72E4-4D6A-45CD-9212-EA8BDE888A3E&SearchSource=55&CUI=&UM=6&UP=SP79C6A9B6-B812-... (long line)
iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version:  - )
CustomCLSID: HKU\S-1-5-21-2482631759-1556073610-3451039342-1001_Classes\CLSID\{4068F258-7B66-46E9-9C6B-78E928C90136}\InprocServer32 -> C:\ProgramData\{65234EFD-0BEE-467C-88A1-5BBD278C1FD7}\scksp.dll => No File
2015-11-24 13:35 - 2015-11-24 13:16 - 00243340 _____ () C:\Users\Owner\AppData\Local\Temp\~nsu.tmp\Au_.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

===

How is the computer working now?

#10 Valkyrie88

Valkyrie88
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 23 December 2015 - 09:54 PM

Attached File  Fixlog.txt   2.89KB   0 downloads

 

 

okayafter the farbar instructions were finished I was unable to open google chrome, it told me I had to close all windows before uninstalling, they are all closd and I even check the task manager to make sure. here is the txt tho.

 

Attached File  Capture.PNG   15.28KB   0 downloads <<<< and do you know what this is about?

 

 



#11 Valkyrie88

Valkyrie88
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 23 December 2015 - 09:59 PM

I uninstalled Java now it wont install from the link you provided, I think this is making it worse.



#12 Valkyrie88

Valkyrie88
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 23 December 2015 - 10:08 PM

I figured out Java But the Virus is still the third one down on list in provided photo.

Attached File  Capture.PNG   10.35KB   0 downloads

 

 



#13 Valkyrie88

Valkyrie88
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 23 December 2015 - 10:10 PM

Also I am trying to get Norton Downloaded onto my computer for safety, A windows commando window pops up unallowing the Norton program to download. And Chrome will not uninstall now.

 

I need iscsicli problem fixed because my internet provider is sending me abuse reports due to this, sending mass mail from my computer. Their tech couldn't figure it out.


Edited by Valkyrie88, 23 December 2015 - 10:12 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 24 December 2015 - 09:48 AM

Run these tool. Post the logs and let me know if the problem persists.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Tutorial.
http://www.adlice.com/softwares/roguekiller/roguekiller-official-tutorial/

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 30 December 2015 - 10:19 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users