Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This past day, My pc has been acting up, I belive its infected


  • Please log in to reply
14 replies to this topic

#1 speedy101

speedy101

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 September 2016 - 12:05 AM

 Hey guys, How is it going. My PC( Windows 7 Professional )has been infected by some sort of malware or virus, This leads me to these reasons are based on the way the pc has been acting. The firefox has been crashing consistently, While, the malwarebyte Paid verison Is not working, its giving me an error message. This is the first time I am seeing malwarebyte not launching the app. I have tried to scan the whole computer with the antivirus Avast, This some how lead to a bluescreen when  I was away from the PC. Right now, I have it in Safe Mood where the avast is performing the scaning. I am certain there is some type to virus or hijack or malware because its strange to see everything crashing. I always keep my malwarebyte and antivirus, firewall all updated, and clean to prevent from getting infected. I Believe there must be steps to follow on how to remove or detect these. 

I greatly appreciate in advance for the time and resource to help out. thank you again.


Edited by speedy101, 27 September 2016 - 01:06 AM.


BC AdBot (Login to Remove)

 


#2 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:07:21 PM

Posted 27 September 2016 - 01:07 AM

Hello! My name is The Codesee, nice to meet you  :)
 
Please follow the steps below:
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox
  • Select the items below and press go
  • Post the log in your next reply
    • List Installed Programs
    • List Restore Points
    • List last 10 Event Viewer log
    • Flush DNS

:step2: Please download Security Check to your desktop


  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open called checkup.txt.
  • Post the log in your next reply

:step3: Please download TFC (Temp File Cleaner) to your desktop


  • Close all open applications
  • Double click TFC
  • Click the start button and the program will run
  • When done, press OK to restart your computer

Logs I expect in your next reply:

  • MiniToolBox Log
  • Security Check Log


#3 speedy101

speedy101
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 September 2016 - 08:34 AM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by kaz (administrator) on 27-09-2016 at 09:29:44
Running from "C:\Users\kaz\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Model: EP35-DS3L Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/27/2016 12:20:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a7a8
Exception code: 0xc0000374
Fault offset: 0x000c3b03
Faulting process id: 0x11e8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/27/2016 12:12:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c672
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0d569
Exception code: 0xc0000005
Fault offset: 0x00037c70
Faulting process id: 0xf44
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
 
Error: (09/27/2016 12:12:29 AM) (Source: ESENT) (User: )
Description: Windows (3908) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.
 
Error: (09/27/2016 12:12:29 AM) (Source: ESENT) (User: )
Description: Windows (3908) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/26/2016 11:58:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: sysmain.dll, version: 6.1.7601.18933, time stamp: 0x55a69e09
Exception code: 0xc0000005
Fault offset: 0x00031266
Faulting process id: 0x1550
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
 
Error: (09/26/2016 11:49:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 53.0.2785.116, time stamp: 0x57d88ea0
Faulting module name: chrome.exe, version: 53.0.2785.116, time stamp: 0x57d88ea0
Exception code: 0xc0000005
Fault offset: 0x00059c94
Faulting process id: 0x340
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (09/26/2016 11:47:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: sysmain.dll, version: 6.1.7601.18933, time stamp: 0x55a69e09
Exception code: 0xc0000005
Fault offset: 0x0000dbac
Faulting process id: 0xca0
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
 
Error: (09/26/2016 09:54:11 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2764.  Message ID: [0x2509].
 
Error: (09/26/2016 09:44:32 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2680.  Message ID: [0x2509].
 
Error: (09/26/2016 09:42:34 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (09/27/2016 09:22:55 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASKUTIL
 
Error: (09/27/2016 09:22:46 AM) (Source: Service Control Manager) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%3 = The system cannot find the path specified.
 
 
Error: (09/27/2016 09:22:32 AM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (09/27/2016 09:17:23 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (09/27/2016 09:17:23 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (09/27/2016 09:17:23 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (09/27/2016 09:17:23 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (09/27/2016 09:17:23 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (09/27/2016 09:17:23 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (09/27/2016 09:17:23 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
Microsoft Office Sessions:
=========================
Error: (09/27/2016 12:20:26 AM) (Source: Application Error)(User: )
Description: mbam.exe2.3.173.056e065b4ntdll.dll6.1.7601.234185708a7a8c0000374000c3b0311e801d2187415f108e1C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SYSTEM32\ntdll.dllb697786e-8469-11e6-84bc-001d7d0be122
 
Error: (09/27/2016 12:12:37 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0c672TQUERY.DLL7.0.7601.176104dc0d569c000000500037c70f4401d2187169cde02eC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLL9f451e84-8468-11e6-84bc-001d7d0be122
 
Error: (09/27/2016 12:12:29 AM) (Source: ESENT)(User: )
Description: Windows3908Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032
 
Error: (09/27/2016 12:12:29 AM) (Source: ESENT)(User: )
Description: Windows3908Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (09/26/2016 11:58:45 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.1893355a69e09c000000500031266155001d21872072fc8ccC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllaf5da222-8466-11e6-84bc-001d7d0be122
 
Error: (09/26/2016 11:49:54 PM) (Source: Application Error)(User: )
Description: chrome.exe53.0.2785.11657d88ea0chrome.exe53.0.2785.11657d88ea0c000000500059c9434001d21871ed899672C:\Users\kaz\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\kaz\AppData\Local\Google\Chrome\Application\chrome.exe72f9541e-8465-11e6-84bc-001d7d0be122
 
Error: (09/26/2016 11:47:26 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.1893355a69e09c00000050000dbacca001d2187163d25599C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll1af0cff9-8465-11e6-84bc-001d7d0be122
 
Error: (09/26/2016 09:54:11 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2764.  Message ID: [0x2509].
 
Error: (09/26/2016 09:44:32 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2680.  Message ID: [0x2509].
 
Error: (09/26/2016 09:42:34 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-09-26 21:54:35.477
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\c126cda65223ce8cf0a4\mrt.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-30 10:09:45.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\c126cda65223ce8cf0a4\mrt.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-22 08:39:13.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\c126cda65223ce8cf0a4\mrt.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-12 21:56:58.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\c126cda65223ce8cf0a4\mrt.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-03-21 01:07:19.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_32.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
ABBYY FineReader 12 Professional (HKLM\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acrobat.com (HKLM\...\{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}) (Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}) (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824191728}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{A942958E-AF92-7901-861B-7F373A1B6ABA}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM\...\{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}) (Version: 2.0.4331.36041 - Advanced Micro Devices, Inc.)
ATI Catalyst Registration (HKLM\...\{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}) (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Audacity 2.1.2 (HKLM\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audacity Recovery Utility (HKLM\...\AURC_is1) (Version:  - Markus Meyer)
Autodesk MatchMover 2011 32-bit (HKLM\...\{8A864555-554E-4DE2-BB36-BC4810355525}) (Version: 13.00.0000 - Autodesk)
Autodesk Maya 2011 32-bit (HKLM\...\{E4386119-2C33-4023-9836-783F43A90E3C}) (Version: 13.00.0000 - Autodesk)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Azureus 3.0 (HKLM\...\Azureus 3.0) (Version:  - Azureus, Inc)
Battlefield: Bad Company™ 2 (HKLM\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (HKLM\...\{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (HKLM\...\{8D8B8115-40C1-A707-B7DA-599514076A81}) (Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (HKLM\...\{6F64A42C-6D93-6788-EB4F-07CC066DE194}) (Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (HKLM\...\{4E1D0591-14F7-736E-143A-62DC3E552A1A}) (Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (HKLM\...\{05CAF469-9765-8FBF-10AD-FD621091824A}) (Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.60 - Logitech) Hidden
Cool PDF Reader 3.0 (HKLM\...\Cool PDF Reader_is1) (Version:  - CoolPDF Software, Inc.)
CPUID HWMonitor 1.16 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version:  - )
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
CyberLink PowerDVD 10 (HKLM\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1714 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1714 - CyberLink Corp.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DiskAid 4.11 (HKLM\...\DiskAid_is1) (Version: 4.11 - DigiDNA)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.3 - DivX, LLC)
Dropbox (HKLM\...\Dropbox) (Version: 10.4.26 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Dynamic Energy Saver 1.0 B8.0128.1 (HKLM\...\{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}) (Version: 1.00.0000 - GIGABYTE)
erLT (HKLM\...\{A498D9EB-927B-459B-85D6-DD6EF8C2C564}) (Version: 1.20.0137 - Logitech, Inc.) Hidden
ESN Sonar (HKLM\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB)
Fraps (HKLM\...\Fraps) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Drive (HKLM\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High-Definition Video Playback 10 (HKLM\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11400.29.0 - Nero AG) Hidden
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
KhalInstallWrapper (HKLM\...\{3101CB58-3482-4D21-AF1A-7057FC935355}) (Version: 2.00.0000 - Logitech) Hidden
K-Lite Codec Pack 10.8.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Mafia II 1.0 (HKLM\...\{AAEF8588-0069-47E0-BBE5-99FE8D555FAD}_is1) (Version:  - IT NEXT)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 2.0 (HKLM\...\{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}) (Version: 2.1.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Menu TemplatePack Basic (HKLM\...\{63AA3EAB-23BB-48B2-9AD0-44F878075604}) (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (HKLM\...\{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}) (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (HKLM\...\{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}) (Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (HKLM\...\{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}) (Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (HKLM\...\{555868C6-49FB-484F-BB43-8980651A1B00}) (Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (HKLM\...\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}) (Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (HKLM\...\{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}) (Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (HKLM\...\{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}) (Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 Help (CHM) (HKLM\...\{C3273C55-E1E4-41FF-8D69-0158090DB8D8}) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG)
Nero DiscCopyGadget 10 Help (CHM) (HKLM\...\{5F548A02-80BC-404D-BAE6-F05F9BF6B449}) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (HKLM\...\{C18A0418-442A-4186-AF98-D08F5054A2FC}) (Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (HKLM\...\{C3580AC4-C827-4332-B935-9A282ED5BB97}) (Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (HKLM\...\{33643918-7957-4839-92C7-EA96CB621A98}) (Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 Help (CHM) (HKLM\...\{66049135-9659-4AAD-9169-9CCA269EBB3E}) (Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 Help (CHM) (HKLM\...\{F467862A-D9CA-47ED-8D81-B4B3C9399272}) (Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 Help (CHM) (HKLM\...\{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}) (Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (HKLM\...\{92E25238-61A3-4ACD-A407-3C480EEF47A7}) (Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 Help (CHM) (HKLM\...\{16987E99-C95C-4513-9239-7B44A0A71DB5}) (Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 Help (CHM) (HKLM\...\{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}) (Version: 1.0.10700 - Nero AG) Hidden
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 Help (CHM) (HKLM\...\{329411A0-19F3-4740-874F-17400B126F27}) (Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 Help (CHM) (HKLM\...\{7A295D8F-484B-4FFB-89AB-C1FD497591FE}) (Version: 1.0.10600 - Nero AG) Hidden
neroxml (HKLM\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
NVIDIA PhysX (HKLM\...\{F9835182-794B-4F24-902A-E2CA9D43380F}) (Version: 9.10.0512 - NVIDIA Corporation)
OBiAPP For OBiTALK version 1.1.0(1944) (HKLM\...\OBiAPP For OBiTALK_is1) (Version: 1.1.0(1944) - OBIHAI Technology, Inc.)
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pale Moon 26.4.0 (x86 en-US) (HKLM\...\Pale Moon 26.4.0 (x86 en-US)) (Version: 26.4.0 - Moonchild Productions)
PDF Settings CS6 (HKLM\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (HKLM\...\{9C126D2F-7B21-4DE4-90CA-1BC30DA6DE95}) (Version: 0.9.1107 - Plex, Inc.) Hidden
Private Internet Access Support Files (HKLM\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
qBittorrent 3.3.0 (HKLM\...\qBittorrent) (Version: 3.3.0 - The qBittorrent project)
SafeZone Stable 1.51.2220.53 (HKLM\...\SafeZone 1.51.2220.53) (Version: 1.51.2220.53 - Avast Software) Hidden
Samsung ML-1740 Series (HKLM\...\Samsung ML-1740 Series) (Version:  - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.17 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.3.1 - Helios)
Tixati (HKLM\...\tixati) (Version:  - )
Ultra Video Joiner 5.2.0104 (HKLM\...\Ultra Video Joiner_is1) (Version:  - Aone Software)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 11.0 (HKLM\...\{08718B21-269F-11E1-9550-F04DA23A5C58}) (Version: 11.0.510 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
========================= Restore Points ==================================
 
11-09-2016 04:00:01 Scheduled Checkpoint
18-09-2016 15:43:48 Scheduled Checkpoint
26-09-2016 04:00:02 Scheduled Checkpoint
 
**** End of log ****


#4 speedy101

speedy101
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 September 2016 - 08:49 AM

Hello Codesee, thanks for helping out, I am performing the Security Check, Its stuck in "Performing system Health Check"  its not reporting the log. I believe it usually takes minute or two but its taking long. 



#5 speedy101

speedy101
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 September 2016 - 08:55 AM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avast Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Adobe Flash Player 23.0.0.162  
 Mozilla Firefox (49.0.1) 
 Google Chrome (53.0.2785.113) 
 Google Chrome (53.0.2785.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 


#6 speedy101

speedy101
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 September 2016 - 09:02 AM

I am certain, The malware has taken over the antivirus, malwarebytes, and other registry of the program. I tried to start window defender " error message pops up "This program is blocked by group policy. Even the notepad is not working  


Edited by speedy101, 27 September 2016 - 09:03 AM.


#7 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:07:21 PM

Posted 27 September 2016 - 10:02 AM

Peer to Peer (P2P) Warning
 
You currently have µTorrent and qBittorrent installed - this can be a huge contributor to infecting computers. Ransomware is also known to be spread through P2P file transfers. I highly recommend you remove µTorrent and qBittorrent.

 

Error: (09/27/2016 09:17:23 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

 
a.     Click “Start.”
b.     Type “services.msc” in the Start search box and hit “Enter.”
c.     Right-click “Network Location Awareness” service and click “Properties.”
d.     Under “Startup type”, select “Manual.”
e.     Click “Start” to start the service.
f.      Click “Apply” and “OK.”

 

Note: skip the download and step 1 if you already have Malwarebytes Anti-Malware installed.

:step1: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log:

  • On the Malwarebytes Anti-Malware dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step2: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe.
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step3: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

Logs I expect in your next reply:

  • Malwarebytes Log
  • AdwCleaner Log
  • Junkware Removal Tool (JRT) Log

Please also update me on the status of the computer


Edited by The_Codesee, 27 September 2016 - 10:03 AM.


#8 speedy101

speedy101
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 September 2016 - 05:41 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/27/2016
Scan Time: 6:15 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.27.12
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: kaz
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346511
Time Elapsed: 16 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
2.         


#9 speedy101

speedy101
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 September 2016 - 05:49 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 7 Professional x86 
Ran by kaz (Administrator) on Tue 09/27/2016 at 18:45:22.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 100 
 
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\Users\kaz\AppData\Local\{01A2D47A-5F0D-4F4A-A43C-1F35D630811F} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{04A6C503-21DB-4DD6-98B6-8B6BC071C09A} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{05D0270B-2974-4F41-95CD-1652CF9A6F2F} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{0E09570E-BE96-4351-AFCD-9679D532E56B} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{0F699A87-06AF-469C-96F9-576F546843CE} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{12311F84-C49C-4337-A67F-2223917A5368} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{1740B368-560D-47F5-AABA-842EDB619D57} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{1C29FC10-2648-432A-B9E9-BE2E8B1199B1} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{1CD3F7DD-B6FA-4662-8168-8A72C9C4C63E} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{1F59C382-DC90-4795-95A7-34A82F21895A} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{25DC3B26-C3F3-4D68-9E49-C3FF20BEDCD8} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{287E820D-B09E-491A-8E34-C2BEFAC2A62B} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{2A0B9214-45E7-4BBF-90F3-ABBAC20302B3} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{2AD04F4B-4BFF-4853-A5B1-A0474630CDA2} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{2B6F56B1-A481-4F70-8A1A-1401523F1DB9} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{2C76600B-5A0F-4605-B98C-0BC008CA805D} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{2F377BC7-B267-4DAB-B1B0-797F507D2DAB} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{315D5F93-CC90-4B53-882E-D8DCF87F7F03} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{38E2D39B-E07F-46C4-B72A-33A4D3DB27CB} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{3976C2DE-AAD7-45AE-A673-B1E376B54475} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{3A755DCB-C7CE-451C-885E-380022C9AE35} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{45C00975-C135-45CD-9955-4582CB33C639} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{46ACFCEB-9A84-4752-96B2-6F4ED80AA311} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{47015B26-1010-41DF-A4AA-AA03B845A97A} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{498C2606-E356-48CD-89B2-987E13C7B606} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{4A1B1495-B4EF-4C0F-84C4-4A8F62F3A367} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{4BFB0641-1DF8-44BA-8060-3E3BDEC89430} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{4C704473-27EA-402A-9AD9-E4103FB4D497} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{4E0BAA38-AC4C-469E-8D33-C123DC52DCE1} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{52BC8F23-773D-43BB-A0B5-208F10EACF59} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{548D46CC-4459-48E2-8265-97E3FC575902} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{588AD8CC-2B83-4473-B6E6-DAD5A74C3502} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{592413B9-12A5-498A-A48E-366A3DAC1D72} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{5C855BB6-EA5F-4DC6-B846-9965D5A4F0D9} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{5F744924-8B52-4517-83C6-D9624B2C7DBC} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{6093B9F5-3003-44AE-A2C0-B76932F5765F} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{6343A16E-7D38-4FA7-93C9-3EFA92F08FAB} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{645A21B6-43B0-48F1-B7D7-A577EF1A6DE1} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{67FFF9F3-BF32-4C08-A80B-62513D2F8BCE} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{70EF6BA0-3670-4C1F-A016-984391912844} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{720DE37A-AB0B-451F-A1D2-EC79E0AF6D16} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{742CDB9A-750C-44A9-ACD4-12FE1F04CBB3} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{79758D14-635B-46F7-8B19-29C4E9032F19} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{7E4681F1-A912-424D-A6BF-741F2EC2D525} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{7ECED9C3-E1C7-43B4-81EB-3CACC9CBE385} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{7F65DC13-2334-4155-AF68-2875C6C94860} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{804510AC-DD46-4215-82C1-1A5892C4E793} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{80EF2F0C-386D-4CAE-8F29-53D38E4535CF} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{816474F4-6F22-48C1-85F5-2007D1695455} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{8313FA84-863E-4EA1-B3EC-B785B3848F39} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{8BA6CCB4-3C18-4C4F-8107-4230697FF100} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{90CA0803-8BC8-489B-8FC3-6E2E87EE3E06} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{92D42E70-2B87-4D00-BFEC-43BA8E194BD7} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{92F23C4D-4C3D-42EF-8FA1-820F95044159} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{93080069-7FCF-42E2-8408-9C4642D13B31} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{9EF7B4BF-E104-476E-A2DB-46A6B1DED033} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{A4DA2FD6-4CB6-4917-A921-7FBE7AFAC078} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{A89DF056-2646-4E51-859B-E264B9937822} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{AB9A081A-CC54-434F-A3DD-58832256C7C5} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{AD19C3F1-0C0D-4AEE-BC51-7A38FAD35666} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{AE53A3F5-48C6-493C-A303-FB1731D49676} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{AE64FC21-AFCB-4525-85CD-C4F3D9FF37C5} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{AE7FE10D-FA2B-4FD3-BE51-7E926B12501F} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{AF36DF26-D9A7-43CA-B26D-DED4739821AD} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{B095B670-E5D7-4CEA-AB3A-29747E671279} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{B14E5F7E-90D9-4A3B-B45C-C13D43512A49} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{B529DA2D-6E0D-4969-BB17-BA07460C5612} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{BCD200B9-62A0-4AB5-8C0D-550BC08E589E} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{C2F82F00-50AC-4DC3-8038-0B028E44B8C2} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{C38F2287-5091-4123-B569-5F914B900180} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{C544FA83-DEDD-4DCE-957E-9F35F84AF583} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{C5E2E734-8154-4BD6-8F66-F66F0B2E1EF0} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{C5F11416-CA0F-4217-A456-E3CE91D334EE} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{C7EC2504-B081-4CD3-9817-5F0A761E1F37} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{C9C14333-A4A0-4AEF-83A4-C9E9605FF4A7} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{CA99393E-A6F5-4FBA-BCEE-B4492E1EA7AA} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{CCCAFCD7-20C1-4B13-A53B-27B3D60B98E5} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{D32984C1-CBDB-4F8B-8F5F-D5D2FCEE463F} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{D6A2803F-722B-4D70-AE65-46518D1B978C} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{DCC18DC1-807A-4BC1-8958-0482A02A3AFD} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{E1A005A6-B2F3-4931-9B87-9649770F9AA6} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{E252163F-36D4-4A9F-BBD5-6C254F894E99} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{E31C1EF9-CEAF-4DFC-A3B1-4A5D9F4E03F6} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{E4838064-1B44-4B19-BE10-9BA2448B987A} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{E5F29686-F566-4733-B2DA-D6F3ADD47621} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{EBF3DB9F-D3B7-4844-BDDD-69BA6168F0A1} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{EBFD3DF1-7767-415E-8803-B2AA092AD0A6} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{F0C71B68-C98D-4355-BBF5-0F1D72BA44C8} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{F3ADE9A5-F0DF-4473-8488-1D42DBCA790B} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Local\{F810D57C-1055-4BF1-BF23-D01547574D08} (Empty Folder)
Successfully deleted: C:\Users\kaz\AppData\Roaming\Mozilla\Firefox\Profiles\bff9fyp5.default\user.js (File) 
Successfully deleted: C:\Users\kaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY6LK1I7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\kaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDTMAHW6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\kaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSS4WMWZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\kaz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEDH4AQB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY6LK1I7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDTMAHW6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSS4WMWZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEDH4AQB (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/27/2016 at 18:47:57.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 speedy101

speedy101
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 September 2016 - 05:50 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/27/2016
Scan Time: 6:15 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.27.12
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: kaz
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346511
Time Elapsed: 16 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:07:21 PM

Posted 28 September 2016 - 01:18 AM

Did you run AdwCleaner?



#12 speedy101

speedy101
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 28 September 2016 - 09:14 AM

              # AdwCleaner v6.020 - Logfile created 27/09/2016 at 18:33:18

# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-27.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X86)
# Username : kaz - MKPC
# Running from : C:\Users\kaz\Downloads\adwcleaner_6.020.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Update service
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\kaz\AppData\Local\apn
[-] Folder deleted: C:\Users\kaz\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\kaz\AppData\Roaming\AdvertismentImages
[-] Folder deleted: C:\Users\kaz\AppData\Roaming\download Manager
[-] Folder deleted: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[-] Folder deleted: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\kaz\AppData\Roaming\Mozilla\Firefox\Profiles\bff9fyp5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-566850220-484770867-791964827-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-566850220-484770867-791964827-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-566850220-484770867-791964827-1001\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-566850220-484770867-791964827-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-21-566850220-484770867-791964827-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-21-566850220-484770867-791964827-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKU\S-1-5-21-566850220-484770867-791964827-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKU\S-1-5-21-566850220-484770867-791964827-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3725 Bytes] - [27/09/2016 18:33:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [3760 Bytes] - [27/09/2016 18:18:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3871 Bytes] ##########


#13 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:07:21 PM

Posted 28 September 2016 - 09:31 AM

How is the PC now?



#14 speedy101

speedy101
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 28 September 2016 - 09:42 AM

 Thank you, I appreciate your quick help. Its working better now, there are no more crashes or bluescreen that comes up, I am still vigilant with what I am running and observing the application. I still yet to find any problem. In this case, what kind of program should I run to test whether the adware and malware are fully quarantined



#15 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:07:21 PM

Posted 28 September 2016 - 10:05 AM

Glad your issue is now resolved :)
 
For one last final step, please download Delfix from here and save it to your desktop. Right-click it and select run as administrator. Select the following and press run:

  • Remove disinfection tools
  • Purge system restore

what kind of program should I run to test whether the adware and malware are fully quarantined

 

I would recommend every week or so running the programs I gave you in my second reply.


Edited by The_Codesee, 28 September 2016 - 10:05 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users