Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJAN after eset scan; computer slow


  • This topic is locked This topic is locked
36 replies to this topic

#1 Badass1999

Badass1999

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 24 February 2016 - 04:39 PM

I have been trying to fix my computer and would like help with what i found. I am running windows 7 and this computer is a mess. I have attached eset log!

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

Attached Files


Edited by Chris Cosgrove, 24 February 2016 - 06:02 PM.
Moved back to Virus, trojan etc. logs after log supplied


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 24 February 2016 - 05:11 PM

Hello Badass1999 and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Badass1999

Badass1999
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 25 February 2016 - 04:49 PM

Ok now computer is locking up and freezing so I actually have to unplug CPU But I did as you asked and here are the results! Thank you for your time

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 25 February 2016 - 05:15 PM

Which do you use antivirus software ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Badass1999

Badass1999
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 25 February 2016 - 05:35 PM

I used avast a few days ago for years..Switch to panda cloud cleaner..yesterday

 



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 25 February 2016 - 06:11 PM

Hi

 

You can uninstall them via Programs and Features in your Control Panel.
If you decide to uninstall them, please delete the following Folder if it still exists:

 

Extended Update
Gameo
IObit
C:\Program Files (x86)\IObit

=========================================

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   22.36KB   8 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 5:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Badass1999

Badass1999
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 25 February 2016 - 08:30 PM

Ok did as you requested ran last series of programs

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/25/2016
Scan Time: 5:49 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.25.06
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 414577
Time Elapsed: 20 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 20
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MapsGalaxy_39, Quarantined, [19d170f4cfca270f7ce1877927ddfb05],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\UtilityChest_49, Quarantined, [15d5580c8b0ee2548d2f867aca3a837d],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0C1C3D4A-DCFF-443D-A49F-4ABB6AF151AF}, Quarantined, [7872d68e782103331a4708f827dd8f71],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868A-1B3D-4E35-A561-FA964A96CD3B}, Quarantined, [8367afb5cacf89ad520fcb350cf845bb],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79E57AFA-BC05-4636-9457-FBC0ABB3576B}, Quarantined, [c4265311abee280e3a279f61b450a65a],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9193E23B-4182-493F-A38E-682307A7C463}, Quarantined, [effbfe6644550c2a85dc8080cf358a76],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE0F4663-EAE3-437F-BE60-9EC9B745DBFA}, Quarantined, [a04a184c74254aec055cf01022e225db],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E1F80EB5-8AF4-410D-87C1-4F3E2776822A}, Quarantined, [2ebc79ebbddc42f4e57c857b8d777888],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}, Quarantined, [d7132f356f2a40f64c1552ae12f28f71],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ECD011BE-BC4C-45DD-85BC-70E5F36806D9}, Quarantined, [89617de7b9e07fb7a2bfb8481be927d9],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update AdvanceElite, Quarantined, [2bbfda8aafeaf24498c11348c63ea15f],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util AdvanceElite, Quarantined, [91596301bedb290ddd7c7fdc1be949b7],
PUP.Optional.MindSpark, HKU\S-1-5-21-2758625656-3868728874-2016189326-1000\SOFTWARE\MapsGalaxy_39, Quarantined, [0bdf67fd8415c86e4932eb140df6aa56],
PUP.Optional.MindSpark, HKU\S-1-5-21-2758625656-3868728874-2016189326-1000\SOFTWARE\UtilityChest_49, Quarantined, [8a60ec787f1a5cdae118ab548083f010],
PUP.Optional.MindSpark, HKU\S-1-5-21-2758625656-3868728874-2016189326-1000\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [dc0e164e3c5d54e2e4f601fd6b982dd3],
PUP.Optional.MindSpark, HKU\S-1-5-21-2758625656-3868728874-2016189326-1000\SOFTWARE\APPDATALOW\SOFTWARE\UtilityChest_49, Quarantined, [bc2e9ec62e6ba98d081254ab4bb80bf5],
PUP.Optional.Gameo, HKU\S-1-5-21-2758625656-3868728874-2016189326-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\9C1D595E_0, Quarantined, [24c65311f5a46accddf7b250847f2fd1],
PUP.Optional.MindSpark, HKU\S-1-5-21-2758625656-3868728874-2016189326-501\SOFTWARE\MapsGalaxy_39, Quarantined, [787278ecb0e947efeb90fe0149bae41c],
PUP.Optional.MindSpark, HKU\S-1-5-21-2758625656-3868728874-2016189326-501\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [8e5c362e0990d95db525bf3f6f94a15f],
PUP.Optional.MindSpark, HKU\S-1-5-21-2758625656-3868728874-2016189326-501\SOFTWARE\APPDATALOW\SOFTWARE\MarineAquarium3Free_57, Quarantined, [47a332324a4f76c05d7e5ea0d42f649c],

Registry Values: 10
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [f6f44c18eaaf5dd9fec521bd748f768a]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0c1c3d4a-dcff-443d-a49f-4abb6af151af}|AppPath, C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin, Quarantined, [7872d68e782103331a4708f827dd8f71]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868a-1b3d-4e35-a561-fa964a96cd3b}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, Quarantined, [8367afb5cacf89ad520fcb350cf845bb]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79e57afa-bc05-4636-9457-fbc0abb3576b}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, Quarantined, [c4265311abee280e3a279f61b450a65a]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9193e23b-4182-493f-a38e-682307a7c463}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, Quarantined, [effbfe6644550c2a85dc8080cf358a76]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ae0f4663-eae3-437f-be60-9ec9b745dbfa}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, Quarantined, [a04a184c74254aec055cf01022e225db]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e1f80eb5-8af4-410d-87c1-4f3e2776822a}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, Quarantined, [2ebc79ebbddc42f4e57c857b8d777888]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e9e780cc-8821-4b00-b4f9-f4c4f82be2c7}|AppPath, C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin, Quarantined, [d7132f356f2a40f64c1552ae12f28f71]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ecd011be-bc4c-45dd-85bc-70e5f36806d9}|AppPath, C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin, Quarantined, [89617de7b9e07fb7a2bfb8481be927d9]
PUP.Optional.Gameo, HKU\S-1-5-21-2758625656-3868728874-2016189326-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\9c1d595e_0, {0.0.0.00000000}.{f20ab462-cb5e-40e2-9b17-4cfb88eb9993}|\Device\HarddiskVolume2\Users\owner\AppData\Roaming\Gameo\gameo.exe%b{00000000-0000-0000-0000-000000000000}, Quarantined, [24c65311f5a46accddf7b250847f2fd1]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.PCPowerSpeed, C:\Users\Guest\AppData\Roaming\PCPowerSpeed, Quarantined, [1dcdda8aaeeb5adc2ef65d6c58aa946c],
PUP.Optional.PCPowerSpeed, C:\Users\Guest\AppData\Roaming\PCPowerSpeed\News, Quarantined, [1dcdda8aaeeb5adc2ef65d6c58aa946c],
PUP.Optional.PCPowerSpeed, C:\Users\owner\AppData\Roaming\PCPowerSpeed, Quarantined, [56946400059480b6879db910c0421be5],
PUP.Optional.PCPowerSpeed, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Power Speed, Quarantined, [7a7043217c1db18531f43891fa0855ab],

Files: 5
PUP.Optional.PCPowerSpeed, C:\Users\Guest\AppData\Roaming\PCPowerSpeed\faq.htm, Quarantined, [1dcdda8aaeeb5adc2ef65d6c58aa946c],
PUP.Optional.PCPowerSpeed, C:\Users\Guest\AppData\Roaming\PCPowerSpeed\News\PCPS_NEWS_promote_app_MLM_horizontal.png, Quarantined, [1dcdda8aaeeb5adc2ef65d6c58aa946c],
PUP.Optional.PCPowerSpeed, C:\Users\Guest\AppData\Roaming\PCPowerSpeed\News\PCPS_NEWS_promote_app_SO_horizontal.png, Quarantined, [1dcdda8aaeeb5adc2ef65d6c58aa946c],
PUP.Optional.PCPowerSpeed, C:\Users\Guest\AppData\Roaming\PCPowerSpeed\News\PCPS_NEWS_trialpay_tray_ads.png, Quarantined, [1dcdda8aaeeb5adc2ef65d6c58aa946c],
PUP.Optional.PCPowerSpeed, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Power Speed\PCPowerSpeed.com.url, Quarantined, [7a7043217c1db18531f43891fa0855ab],

Physical Sectors: 0
(No malicious items detected)

(end)

Attached Files



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 26 February 2016 - 04:58 PM

Good job :thumbup2:

 

Please download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.

==============================================================

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Windows\system32\drivers\aswD46E.tmp
C:\Windows\system32\drivers\aswC1F2.tmp
C:\Windows\system32\drivers\aswCA6D.tmp
C:\Windows\system32\drivers\aswD549.tmp
C:\Windows\system32\drivers\aswD6C1.tmp
C:\Windows\system32\drivers\aswD23B.tmp
C:\Windows\system32\drivers\aswC54D.tmp
C:\Windows\system32\drivers\aswC81C.tmp
C:\Windows\system32\drivers\asw6C6C.tmp
C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe

Firefox::
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\jjq1aors.default\
FF - ExtSQL: !HIDDEN! 2013-04-02 09:53; 57ffxtbr@MarineAquarium3Free_57.com; C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-05-16 20:11; 39ffxtbr@MapsGalaxy_39.com; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin

DDS::
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=iedef

registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

=====================================================================================

Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 73
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

=======================================================================

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

========================================================================================

Please advise how the computer is running now and if there are any outstanding issues.


Edited by olgun52, 26 February 2016 - 05:01 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 Badass1999

Badass1999
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 26 February 2016 - 06:47 PM

OK machine seem good..Would like to know if that is it...lol Yhea the computer stop freezing and is much quicker

THANK YOU GUYS,

 

Attached Files



#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 26 February 2016 - 08:59 PM

:thumbup2:

 

 Avastclear run:

  1. Download avastclear.exe on your desktop
  2. Start Windows in Safe Mode
  3. Open (execute) the uninstall utility
  4. If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  5. Click REMOVE
  6. Restart your computer

if you can not, you can do the normal mode.

============================================================================

Please do the following:

Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737

 

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141

 

For Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

 

=======================================================================================

Step1:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
 
Step 2:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 Badass1999

Badass1999
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 28 February 2016 - 06:39 PM

Look I have work till Tuesday night see you then ok!!



#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 28 February 2016 - 08:38 PM

Okay. Thanks.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 Badass1999

Badass1999
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 01 March 2016 - 11:35 PM

Ok have scanned and computer crash and freezes during scanning

Attached Files



#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 02 March 2016 - 02:33 PM

computer crash and freezes during scanning

Please do the following.
 

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt
 
Step 2:

Please post a fresh FRST Log files for my check.


Edited by olgun52, 02 March 2016 - 02:37 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 Badass1999

Badass1999
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 02 March 2016 - 06:37 PM

Ok computer is still freezing...but here are your files. the dated file did not come through

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users