Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deleting virus causes my pc to not connect to the internet/other issues


  • Please log in to reply
21 replies to this topic

#1 JackX

JackX

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 12:35 AM

hey can i ask you a question, i am having a problem with windows 10..windows defender says i have like 6 virus and when i delete them it messes up my pc. when it deletes it wont connect to the internet anymore.. it says somthing like domain unavailable or somthing to that effect.. i did a system restore and have allowed the viruses but i dont want that.. it would also say that somthing was missing when i would log into my account on windows 10, chrome wouldnt connect, and one drive just said error cant connect.. here are the viruses it says i have, please help, thanks

Trojan: Win32/Patched.AZ.gen!dll
Win32/Peals.F!plock

 

Trojan: Win64/Patched.AZ.gen!dll

 

SoftwareBundler: Win32/Pokavampo

can removing any of these have an affect on my pc? 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 04 March 2016 - 07:53 AM

Hi JackX :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Q9GdiYj.pngFarbar Service Scanner (FSS)
Follow the instructions below to run Farbar Service Scanner and provide a log.
  • Download Farbar Service Scanner and move the executable to your Desktop;
  • Right-click on FSS.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check every options:
    • Internet Services;
    • Windows Firewall;
    • System Restore;
    • Security Center/Action Center;
    • Windows Update;
    • Windows Defender;
    • Other Services;
    KUTc3I2.png
  • Once done, click on the Scan button to launch a scan;
  • On completion, a Notepad file called FSS.txt (saved where FSS.exe was ran) will open. Copy and paste the content of this file in your next reply and post it;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 JackX

JackX
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 10:22 AM

Thank you so much for trying to help.. here is the first test results, i am running late for work but im going to try and do the second test and post it now before i go.. 2 things i was wondering was 1 i have weird stuff that i need on my pc, not microsoft approved or suggested,could defender be veiwing those as viruses? and can viruses attach to important files, then when defender trys to delete the virus it deletes the important files to? just thinking, thank u alot again..

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Tommy (administrator) on 04-03-2016 at 10:17:59
Running from "C:\Users\Tommy\Desktop"
Microsoft Windows 10 Enterprise  (X64)
Model: To be filled by O.E.M. Manufacturer: To be filled by O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
107.178.255.88 s ssl.goo.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.255.88 s ssl.goo.88 partner.googleadservices.com
107.178.255.88 google-analytics.com127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
========================= IP Configuration: ================================
 
ASUS USB-N53 802.11a/b/g/n Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global taskoffload=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : tommy-desktop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 30-85-A9-92-0A-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 60-A4-4C-EC-2E-53
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : hsd1.ma.comcast.net
   Description . . . . . . . . . . . : ASUS USB-N53 802.11a/b/g/n Network Adapter
   Physical Address. . . . . . . . . : 60-A4-4C-EC-2E-51
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:192:8301:19c2:29c6:c88a:8418:5b2e(Preferred) 
   Temporary IPv6 Address. . . . . . : 2601:192:8301:19c2:bdda:614e:9385:9aa7(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::29c6:c88a:8418:5b2e%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.7(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, March 4, 2016 10:14:18 AM
   Lease Expires . . . . . . . . . . : Friday, March 11, 2016 10:14:17 AM
   Default Gateway . . . . . . . . . : fe80::1286:8cff:fec3:33d6%5
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 90219596
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-67-F1-5C-30-85-A9-92-0A-FD
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Name:    google.com
Addresses:  2607:f8b0:400d:c0c::64
 173.194.205.101
 173.194.205.102
 173.194.205.113
 173.194.205.100
 173.194.205.139
 173.194.205.138
 
 
Pinging google.com [2607:f8b0:400d:c0c::64] with 32 bytes of data:
Reply from 2607:f8b0:400d:c0c::64: time=63ms 
Reply from 2607:f8b0:400d:c0c::64: time=42ms 
 
Ping statistics for 2607:f8b0:400d:c0c::64:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 63ms, Average = 52ms
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=58ms 
Reply from 2001:4998:58:c02::a9: time=61ms 
 
Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 58ms, Maximum = 61ms, Average = 59ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...30 85 a9 92 0a fd ......Realtek PCIe GBE Family Controller
  4...60 a4 4c ec 2e 53 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...60 a4 4c ec 2e 51 ......ASUS USB-N53 802.11a/b/g/n Network Adapter
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.7     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.7    281
         10.0.0.7  255.255.255.255         On-link          10.0.0.7    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.7    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.7    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.7    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    281 ::/0                     fe80::1286:8cff:fec3:33d6
  1    306 ::1/128                  On-link
  5    281 2601:192:8301:19c2::/64  On-link
  5    281 2601:192:8301:19c2:29c6:c88a:8418:5b2e/128
                                    On-link
  5    281 2601:192:8301:19c2:bdda:614e:9385:9aa7/128
                                    On-link
  5    281 fe80::/64                On-link
  5    281 fe80::29c6:c88a:8418:5b2e/128
                                    On-link
  1    306 ff00::/8                 On-link
  5    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/04/2016 12:50:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16603, time stamp: 0x56553644
Faulting module name: EMODEL.dll, version: 11.0.10240.16683, time stamp: 0x56ad982b
Exception code: 0xc0000409
Fault offset: 0x0000000000112343
Faulting process id: 0x15a4
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (03/04/2016 12:50:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16603, time stamp: 0x56553644
Faulting module name: EMODEL.dll, version: 11.0.10240.16683, time stamp: 0x56ad982b
Exception code: 0xc0000409
Fault offset: 0x0000000000112343
Faulting process id: 0xbc0
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (03/03/2016 11:12:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: TOMMY-DESKTOP)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/03/2016 11:04:58 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The process cannot access the file because it is being used by another process.
 
Error: (03/03/2016 11:04:58 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\Tommy\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (03/03/2016 11:04:58 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The process cannot access the file because it is being used by another process.
 
Error: (03/03/2016 11:04:58 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\Tommy\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (03/03/2016 11:02:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: DeSmuME_0.9.11_x64.exe, version: 0.0.0.0, time stamp: 0x552b6552
Faulting module name: ntdll.dll, version: 10.0.10240.16683, time stamp: 0x56ad9704
Exception code: 0xc0000374
Fault offset: 0x00000000000eaa0c
Faulting process id: 0x8d8
Faulting application start time: 0xDeSmuME_0.9.11_x64.exe0
Faulting application path: DeSmuME_0.9.11_x64.exe1
Faulting module path: DeSmuME_0.9.11_x64.exe2
Report Id: DeSmuME_0.9.11_x64.exe3
Faulting package full name: DeSmuME_0.9.11_x64.exe4
Faulting package-relative application ID: DeSmuME_0.9.11_x64.exe5
 
Error: (03/03/2016 10:41:19 PM) (Source: ESENT) (User: )
Description: svchost (1524) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00028.log.
 
Error: (03/03/2016 10:23:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16603, time stamp: 0x56553644
Faulting module name: EMODEL.dll, version: 11.0.10240.16683, time stamp: 0x56ad982b
Exception code: 0xc0000409
Fault offset: 0x0000000000112343
Faulting process id: 0xdfc
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
 
System errors:
=============
Error: (03/04/2016 10:18:01 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/04/2016 10:14:18 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/04/2016 10:14:09 AM) (Source: Service Control Manager) (User: )
Description: The Voeploj service failed to start due to the following error: 
%%2
 
Error: (03/04/2016 10:14:09 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/04/2016 10:13:49 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256844755559589930160
 
Error: (03/04/2016 10:14:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:12:18 AM on ‎3/‎4/‎2016 was unexpected.
 
Error: (03/04/2016 12:12:31 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/04/2016 12:12:21 AM) (Source: Service Control Manager) (User: )
Description: The Voeploj service failed to start due to the following error: 
%%2
 
Error: (03/04/2016 12:12:21 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/04/2016 12:11:37 AM) (Source: Service Control Manager) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/04/2016 12:50:19 AM) (Source: Application Error)(User: )
Description: microsoftedgecp.exe11.0.10240.1660356553644EMODEL.dll11.0.10240.1668356ad982bc0000409000000000011234315a401d175d9bbd917f3C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dlle5671ca1-94e3-44e3-a680-6eab09527c34Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (03/04/2016 12:50:01 AM) (Source: Application Error)(User: )
Description: microsoftedgecp.exe11.0.10240.1660356553644EMODEL.dll11.0.10240.1668356ad982bc00004090000000000112343bc001d175d9b10b5078C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll05851fab-3857-4122-86c3-3060196d274aMicrosoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (03/03/2016 11:12:37 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: TOMMY-DESKTOP)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142
 
Error: (03/03/2016 11:04:58 PM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
 
Error: (03/03/2016 11:04:58 PM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
C:\Users\Tommy\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (03/03/2016 11:04:58 PM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
 
Error: (03/03/2016 11:04:58 PM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
C:\Users\Tommy\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (03/03/2016 11:02:21 PM) (Source: Application Error)(User: )
Description: DeSmuME_0.9.11_x64.exe0.0.0.0552b6552ntdll.dll10.0.10240.1668356ad9704c000037400000000000eaa0c8d801d175ca9d05afd8C:\Users\Tommy\Desktop\DeSmuME_0.9.11_x64.exeC:\Windows\SYSTEM32\ntdll.dlld7c74a70-048e-4cb4-99f3-e90a1e329ab8
 
Error: (03/03/2016 10:41:19 PM) (Source: ESENT)(User: )
Description: svchost1524SRUJet: C:\Windows\system32\SRU\SRU00028.log-1811 (0xfffff8ed)
 
Error: (03/03/2016 10:23:47 PM) (Source: Application Error)(User: )
Description: microsoftedgecp.exe11.0.10240.1660356553644EMODEL.dll11.0.10240.1668356ad982bc00004090000000000112343dfc01d175c5436084ebC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll49356546-4486-4f5a-925f-3de92db50688Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-03-04 10:16:16.674
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-04 10:16:08.007
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-03 23:54:58.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-03 23:54:58.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-03 23:54:49.011
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-03 23:54:48.952
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-03 23:50:28.537
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-03 23:50:27.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-03 23:49:51.476
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-03 23:49:47.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{4DDBF94C-619F-48C5-F494-B1E1C6A5807E}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{F5D9E3FF-C28C-DE1D-4A5D-EC9DA146CF63}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{9A7FD1DD-C15D-3B29-D562-F87C913538AC}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{7BDBD299-BEB8-7D59-2F10-1D5B58D3F3AF}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{FB5FC08D-B921-2167-8908-A55560AC7171}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E19ED46A-C545-57A0-B807-DEBD889A086C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{05ABC717-576C-620D-2DBB-314BE75453C4}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{E5056781-CA36-8696-D804-4A70DF79E329}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{25BF9176-A7BD-3EC9-2043-4261BD9A74EF}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{AF397C50-30C8-3592-6561-B7B7E8612AB7}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1BB3FF06-B328-7085-DF73-7657A7E02BD7}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{8A6F66FD-4D30-7941-4DA5-D05BCF9D293B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D0A4C57D-4A58-AF0F-2E0B-F8CA3A23CEBA}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{3F486E45-FA35-5FFE-AEC5-B9AD4350FB37}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{039671DA-52EF-738B-FC04-34012F894425}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{71F84236-0A5C-46F7-B631-1ABDFA7166B5}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{A4BACDA9-0347-017C-77F6-6BEBC1270196}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3FF9CDB9-689C-1A5A-F282-B007ACF898CD}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{6E17D741-D124-2DB8-83F9-5EC3535A0071}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{8D8C227E-E35E-0276-E04B-1FA914B2AAF1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{9A5248B3-8FCB-9513-0286-56BA87CCF7AD}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tixati (HKLM-x32\...\tixati) (Version:  - )
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 15%
Total physical RAM: 12187.51 MB
Available physical RAM: 10327.98 MB
Total Virtual: 14619.51 MB
Available Virtual: 12717.09 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931.02 GB) (Free:895.5 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\TOMMY-DESKTOP
 
Administrator            DefaultAccount           Guest                    
Tommy                    
 
 
**** End of log ****


#4 JackX

JackX
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 10:25 AM

here is the second thing you requested. thanks

 

Farbar Service Scanner Version: 27-01-2016
Ran by Tommy (administrator) on 04-03-2016 at 10:23:50
Running from "C:\Users\Tommy\Desktop"
Microsoft Windows 10 Enterprise  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll
[2015-07-10 06:00] - [2015-07-10 06:00] - 0680256 ____A (Microsoft Corporation) 3C62ED28C5D23176ED1292F9242B369A
 
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 04 March 2016 - 10:28 AM

i have weird stuff that i need on my pc, not microsoft approved or suggested,could defender be veiwing those as viruses?


Yes it can. In fact, you're currently using KMSpico on your system, most likely to illegally activate Windows or another Microsoft product. I'll ask you to uninstall it, since BleepingComputer doesn't condone piracy and personally, I won't be assisting you if you use such programs.

and can viruses attach to important files, then when defender trys to delete the virus it deletes the important files to? just thinking, thank u alot again..


And yes it can. Viruses can add malicious code to a file, and if a security software fails to "clean" it (which means, removing that malicious piece of code), it can resort to quarantine or deletion methods instead.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 04 March 2016 - 10:28 AM

Looks to me like you are infected with ShopperZ (since your dnsapi.dll file is patched). Follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 JackX

JackX
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 10:38 AM

im going to give you the full story maybe this will help...

 

ive also had some other issues with this pc since i bought it. it was built by someone. it has a amd fx-4170 cpu, 12gb dd3 dual channel ram, asustekM5A99X EVO R2.0 MOBO, and amd radeon hd 7800 series 1gb gpu.. first it was the sound.. my emulators wouldnt play sound only on newer nintendo ds games, the gameboy advance ones worked.. went into sound and it fixed it self automatically... second issue was a screen flicker.. on certain websites on chrome, and certain apps like phtotoshop and my emulators, it would flicker the program and say " not respoding" for a split second, and also near the start menu it would look like it was trying to reopen itself.. and then it would even freeze flashing like that.. so i found on youtube a fix that worked for hundreads of people, a registry file, and it worked for me to. ( the guy said it could be caused by a number of different things from ram to bad wires to viruses)

 

 but i wanted to know why it was even doing that so i tried to run windows defender... it wouldnt work, sooo i figured out it was a group policy disableing windows defender, so i got rid of that and it worked... ( origionally i got malware on the first day i had the PC and had to download and use malwarebytes because i didnt know windows defender, never used anything above windows 7) 

 

 

so then after i ran the scan with defender it said 5 viruses and 2 malware found, so i deleted them and restarted (foolish without checking them) but then one drive would not even attemt to connect and google chrome would not connect to the internet, saying somthing about a dns probe..  but microsoft edge would work with the internet, it was so strange.. 

 

and at some point i kept getting a bad pool header error that turned my pc off.. i fixed it somehow i forget though, basic fix i found online... just wanted to give you the full info im off to work for the next 4 hours sorry this was so long. thanks



#8 JackX

JackX
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 10:41 AM

i got the pc a few days ago and only did what i listed above... what is it??? 



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 04 March 2016 - 11:06 AM

Were you the one that installed Windows on it, or was it the person that built the computer for you?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 JackX

JackX
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 01:06 PM

I bought it off craigslist and it came how it is already with windows. I only did what I said before.. I'm pretty much a beginner at this.. it was a good deal he said he built it for someone a whole ago that didn't ever come for it.. and he showed me some proof that he bought some of the stuff and it all worked so I thought it was good.. idk if it was the malare idk

#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 04 March 2016 - 01:11 PM

It's possible that this person installed a pirated copy of Windows (it is indeed pirated), but that was bundled with malware or he somehow ended up infecting the system before selling it to you. In that situation, the best way to proceed is to do a clean install of the system (or at most, a "Reset") to make sure that everything gets erased and you start fresh.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 JackX

JackX
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 01:20 PM

So u r saying it is deff pirated? I don't know how I would go about doing that.. and it was working fine until I got the malate from downloading something off a bad website.. thank u again

#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 04 March 2016 - 01:28 PM

It is for me. And downloading stuff online from untrusted sources (and torrenting) is one of the best way to get infected, so I would drop that habit.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 JackX

JackX
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 02:13 PM

So your saying you think it might be pirated so u can't help? Or are you sayin having that program is causing this.. I mean I guess you already answered me, if you say remoVing a virus can cause a pc to act up.. because that was what I wanted to really know.. because that's the main thing I remove all viruses and the pcwon't connect to the internet on most apps.. I guess I'm gonna ask around and try to find a fix.. because I don't know how to do what your saying.. I know I'd probably have to go buy it witch is fine but Idk how to install it.. unless it's really simple and I just think I wouldn't know how...

#15 JackX

JackX
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 02:33 PM

And also what if I just get rid of that program




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users